Professional Documents
Culture Documents
It Business Processes
It Business Processes
It Business Processes
Foundation level
Printed in Australia
©
BPP Learning Media Ltd 2013
ii
CPA Program
iii
iv
Contents
Page
Introduction
CPA Program iii
Chapter features vi
Preparing for foundation level exams viii
Chapter summary x
Learning objectives xi
Chapter
1 Organisational information infrastructure 1
2 Database concepts 51
3 ERP systems and data analysis 79
4 Systems design and development 105
5 Accounting information systems 139
6 Controls, security and privacy 179
7 Business processes 203
8 Distribution and reporting of accounting information 221
Index 303
Introduction v
Chapter features
Each chapter contains a number of helpful features to guide you through each topic.
Topic list Tells you what you will be studying in this chapter.
Chapter summary Summarises the content of the chapter, helping to set the scene so that you can
diagram gain the bigger picture.
Before you begin This is a small bank of questions to test any pre-existing knowledge that you may
have of the chapter content. If you get them all correct then you may be able to
reduce the time you need to spend on the particular chapter. There is a
commentary section at the end of the Study Manual called Before you begin: answers
and commentary.
Section overview This summarises the key content of the particular section that you are about to
start.
Learning objective This box indicates the learning objective covered by the section or paragraph to
reference which it relates.
LO
1.2
Definition Definitions of important concepts. You really need to know and understand these
before the exam.
Exam comments These highlight points that are likely to be particularly important or relevant to
the exam. (Please note that this feature does not apply in every Foundation Level
exam study manual.)
Question This is a question that enables you to practise a technique or test your
understanding. You will find the solution at the end of the chapter.
Key chapter points Review the key areas covered in the chapter.
Revision The revision questions are not a representation of the difficulty of the questions
questions which will be in the examination. The revision MCQs provide you with an
opportunity to revise and assess your knowledge of the key concepts covered in
the materials so far. Use these questions as a means to reflect on key concepts
and not as the sole revision for the examination.
Case study This is a practical example or illustration, usually involving a real world scenario.
Formula to learn These are formulae or equations that you need to learn as you may need to apply
them in the exam.
Bold text Throughout the Study Manual you will see that some of the text is in bold type.
This is to add emphasis and to help you to grasp the key elements within a
sentence and paragraph.
Introduction vii
Preparing for foundation level exams
Study plan
Review all the learning objectives thoroughly. Use the topic exam weightings listed at the end of the
learning objectives to develop a study plan to ensure you provide yourself with enough time to
revise each learning objective.
Don’t leave your study to the last minute. You may need more time to explore learning objectives in
greater detail than initially expected.
Be confident that you understand each learning objective. If you find that you are still unsure after
reading the study manual, seek additional information from other resources such as text books,
supplementary learning materials or tuition providers.
Study techniques
In addition to being able to complete the revision and self-assessment questions in the study manual,
ensure you can apply the concepts of the learning objectives rather than just memorising responses.
Some units have formulae and discount tables available to candidates throughout the exams. My
Online Learning lists the tools available for each unit under "Useful Resources".
Check My Online Learning on a weekly basis to keep track of announcements or updates to the
study manual.
Familiarise yourself with the exam environment by downloading the exam software tutorial and learn
how to navigate your way around the exam software quickly on the Pearson VUE website.
www.pearsonvue.com/athena
Step 1 Attempt every question. Read the question thoroughly. You may prefer to work out the
answer before looking at the options, or you may prefer to look at the options at the
beginning. Adopt the method that works best for you.
Step 2 Read the four options and see if one matches your own answer. Be careful with numerical
questions, as some options are designed to match answers that incorporate common errors.
Check that your calculation is correct. Have you followed the requirement exactly? Have you
included every step of the calculation?
Step 3 You may find that none of the options matches your answer.
Re-read the question to ensure that you understand it and are answering the
requirement
Eliminate any obviously wrong answers
Consider which of the remaining answers is the most likely to be correct and select
the option
Step 4 If you are still unsure, use the 'Flag for Review' feature and continue to the next question.
Some questions will take you longer to answer than others. Try to reduce the average time
per question, to allow yourself to revisit problem questions at the end of the exam.
Revisit unanswered questions. A review tool is available at the end of the exam, which allows
you to Review Incomplete or Review Flagged questions. When you come back to a question
after a break you often find you are able to answer it correctly straight away. You are not
penalised for incorrect answers, so never leave a question unanswered!
Introduction ix
Chapter summary
This summary provides a snapshot of each of the chapters, to help you to put the syllabus as a whole and
the Study Manual itself into perspective.
CPA Australia's learning objectives for this Study Manual are set out below. They are cross-referenced to
the chapter in the Study Manual where they are covered.
General overview
This exam covers a critical awareness of business processes in the context of information technology. It
requires an understanding of database concepts and data analysis tools, corporate networks and the design
and operations of business information and accounting systems. It also covers the key areas of information
controls and processes and the reporting of accounting information.
These are the topics that will be covered in the exam.
Topics
Chapter where
covered
Introduction xi
Chapter where
covered
Introduction xiii
xiv IT and Business Processes
Chapter 1
Organisational information
infrastructure
Topic list
1
Introduction
Section overview
An organisation's information infrastructure is made up of information technology (IT) devices,
IT services, data management, organisational information systems and IT staff.
Definition
An information infrastructure is defined as 'all of the people, processes, procedures, tools, facilities, and
technology which support the creation, use, transport, storage, and destruction of information'.
(Pironti, 2006)
s
m
ste
sy
n
re a t io
ct u fo
r m
s tru In Information Systems
ra
nf i
t i on e
a r
o r m uct u IT services
f str
In Data and security management
n fra
i
IT IT personnel
m
or
atf Software and hardware
pl Networks and communications
IT
1
The Information Technology (IT) infrastructure can be separated into two layers: the IT platform and
IT services and data management
IT platform – refers to the hardware architecture and software framework (including application
frameworks), that allows software to run. (The terms 'platform' and 'environment' are used
interchangeably.) Typical platforms include a computer's architecture, operating system, programming
languages and program development system.
IT services – organisations require people to run and manage their IT infrastructure, including training
employees to use the technologies. Most organisations will have an information systems department to
perform at least part of this role; others may use external agencies or consultants to help in this task.
Service management ensures IT resources are aligned with business requirements, and allows the IT
department to appropriately identify points of flexibility and adaptability within the services they provide.
This ensures that day-to day operations and service issues and change requirements are handled
economically, efficiently, effectively and securely.
The Service Desk is at the point in service management where people, process and technology blend to
deliver a business service. It provides the essential daily contact between customers, users, IT service and
any relevant third-party support organisation. The Service Desk not only handles incidents, problems and
questions, but also provides an interface for other activities such as change requests, maintenance contracts,
software licenses, configuration management, availability management and financial management.
Definition
Data management comprises all the disciplines related to managing data as a valuable resource.
Organisations record and collect data (in databases) relating to transactions, inventory, employees,
customers and suppliers. This data must be organised and managed so it can be held securely, and accessed
and analysed for operational purposes and informed management decision making.
Definition
An information system uses the resources of people, hardware, software, data, and networks to
perform input, processing, output, storage and control activities.
Control of system
Feedback Feedback
performance
Information systems
Globalisation challenge Understanding the business and system requirements of a global economic
environment and developing integrated multinational information systems to cope
with the restrictive trans-border dataflow legislation in many countries.
Information systems Can organisations measure, evaluate and foresee the business value of information
investment challenge systems? This challenge focuses on how organisations can access and realise a
return on their investment in information systems.
Responsibility and control Can organisations design systems that people can control and understand and
challenge how can they ensure that their information systems are used in an ethically and
socially responsible manner? The potential for massive fraud, error, abuse, and
destruction is enormous. Systems must be designed so that they function as
intended.
LO
1.1 2 Role of core elements of information infrastructure
Section overview
The organisation's information infrastructure consists of five major resources; people, hardware,
software, data and network resources.
An information system uses the resources of people, hardware, software, data and networks to perform
input, processing, output, storage and control activities that convert data resources into information to
support decision making and control in an organisation. Data is first collected and converted to a form that
is suitable for processing (input). Then the data is manipulated and converted into information (processing),
End users, also called users or clients, are people who use an information system or the information it
produces. Most of us are information end users and most end users in business are knowledge workers i.e. 1
people who spend most of their time communicating and collaborating in teams or workgroups and
creating, using and distributing information.
Information system specialists are people who develop and operate information systems. They include
system analysts, software developers, system operators and other managerial, technical and clerical IS
personnel.
System analysts design information systems based on the information requirements of end users.
Software developers create computer programs based on the specifications of systems analysts.
System operators monitor and operate large computer systems and networks.
Hardware resources include all the physical components (such as computers, peripherals,
telecommunications networks) and materials (such as paper, memory sticks and so forth) used in
information processing. The trend in the computer industry is to produce smaller, faster and more mobile
hardware.
Input devices include keyboards, mice, and document scanners with OCR (optical character recognition)
software. Tablet computers often use a stylus or even the user’s finger moving on the screen, and
handwriting recognition is becoming more reliable. Banks may use voice response technology to allow
consumers to access their balances and other information with spoken commands.
Processing devices include computer chips that contain the central processing unit and main memory.
Advances in chip design allow faster speeds, less power consumption and larger storage capacity. A single
chip nowadays may have the power of a 1990s era supercomputer.
Output devices include printers, plotters, and computer screens. Mobile devices such as phones and
tablets are increasingly being used as output devices for corporate information. Touchscreens displaying
data in graphic form allow the data and files to be manipulated with the user’s fingers. Data can also be
written to CDs and DVDs. The use of computer-generated voice output is growing.
Computers come in a variety of types designed for different purposes, with different capabilities and costs:
(a) Personal computers (PCs) are inexpensive general purpose computers widely used in homes and
businesses. Popular uses include word processing, surfing the web, sending and receiving e-mail,
spreadsheet calculations, database management, editing photographs and creating graphics.
(b) Workstations are more powerful computers, usually for technical or scientific applications, such as
complex graphics or intensive calculations. They are normally part of a network.
(c) Servers provide a service for many client computers (frequently PCs) over a network. They may
provide users with additional processing power, or file handling, or more specific facilities such as
ticketing or news. Generally, servers have very large storage capacity and most of the organisation’s
files are stored there so that they can be shared by many users in a network.
Software consists of the computer programs that govern the operation of the computer. These programs
are sets of instructions which cause a computer to process payroll, send bills to customers and provide
managers with information to increase profits, reduce costs and provide better customer service. The two
types of software are:
(a) System software, such as Windows 7, which controls basic computer operations including start-up
and printing, and
(b) Applications software, such as Microsoft Office, for specific tasks including word processing and
creating spreadsheets. Although most software can be installed from CDs, many of today's software
packages can be downloaded through the Internet. Sophisticated application software, such as Adobe
Creative Suite, can be used to design, develop, print and place professional-quality advertising,
brochures, posters, prints and videos on the Internet.
Question 3: Definition
An information system can be defined technically as a set of interrelated components that collect (or
retrieve), process, store and distribute information to support:
A decision making and control in an organisation.
B managers analysing the organisation's raw data.
C communications and data flow.
D the creation of new products and services.
(The answer is at the end of the chapter)
Definition
Data management is the development, execution and supervision of plans, policies, programs and
practices that control, protect, deliver and enhance the value of data and information assets.
Telecommunications networks, like the Internet, intranets and extranets, have become essential to
the successful electronic business and commerce operations of all types of organisations and their
computer-based information systems. Telecommunications networks consist of computers,
communications processors and other devices interconnected by communications media and controlled by
communications software. Network resources include:
Communications media – such as electrical wires and cables, fibre-optic cable and microwave,
cellular and satellite wireless systems.
Network support – people, hardware, software and data resources that directly support the
operation and use of a communications network.
Local area networking is dominated by Microsoft Server, but strong growth of Linux challenges this
dominance. Enterprise networking comprises almost entirely Linux or UNIX. Cisco, Lucent, Nortel and
Juniper Networks continue to dominate networking hardware.
The telecommunications services market is highly dynamic; in Australia this sector is currently dominated
by the telecommunications provider, Telstra. Other telecommunications providers include Optus (owned
by Singapore Telecommunications), AAPT and Powertel (both owned by Telecom New Zealand), Soul (SP
Telemedia), Vodaphone Hutchison 3G (3 Mobile). The sector is in a state of rapid growth and technological
development, and subject to frequent changes of participants e.g. currently there is rapid growth of non-
telephone Wi-Fi and Wi-Max services and Internet telephony.
We discuss mobile technology in more detail in Section 5.
Section overview
Organisations use a range of information systems relevant to a number of functional areas at
different levels of the organisation. When viewed collectively, this is sometimes referred to as a
hierarchy of systems.
Management Middle 1
MIS and DSS Level Managers
Operational Operational
TPS Level Managers
There are six major types of information systems to serve the needs of each of the four levels of an
organisation.
LO
1.2
Organisation level Type of information system
Strategic Executive Information Systems (EIS) or Executive Support Systems (ESS)
Middle Decision Support Systems (DSS) and Management Information Systems (MIS)
Knowledge Knowledge Work Systems (KWS) and office automation systems (OAS)
Operational Transaction Processing System (TPS)
Menus
Graphics
Communications
Local processing
EIS EIS
workstation workstation
Internal data External data
Management Information Systems generate information for monitoring performance (e.g. productivity
information) and maintaining co-ordination (e.g. between purchasing and accounts payable).
MIS extract, process and summarise data from the TPS and provide periodic (weekly, monthly, quarterly)
reports to managers.
Today MIS are becoming more flexible by providing access to information whenever needed, rather than
pre-specified reports on a periodic basis. Users can often generate more customised reports by selecting
subsets of data (such as listing the products with 2 per cent increase in sales over the past month), using
different sorting options (by sales region, by salesperson, by highest volume of sales) and different display
choices (graphical, tabular).
Definition
Decision Support Systems (DSS)combine data and analytical models or data analysis tools to support
semi-structured and unstructured decision making.
Decision Support Systems (DSS), which are sometimes called Business Intelligence Systems, serve the
middle management level. They are specifically designed to help management make decisions in situations
where there is uncertainty about the possible outcomes of those decisions. DSS comprise tools and
techniques to help gather relevant information and analyse the options and alternatives. They often use
complex spreadsheets, such as financial models, and databases to create 'what-if' scenarios.
Decision support systems are intended to provide a wide range of alternative information gathering and
analytical tools with a major emphasis upon flexibility and user-friendliness.
DSS have more analytical power than other systems enabling them to analyse and condense large volumes
of data into a form that helps managers make decisions. The objective is to allow the manager to consider a
number of alternatives and evaluate them under a variety of potential conditions.
DSS are user-friendly and highly interactive. Although they use data from the TPS and MIS, they also allow
the inclusion of new data, often from external sources, such as current share prices or prices of
competitors.
A DSS has three fundamental components:
1 Database management system (DBMS): Stores large amounts of data relevant to problems the
DSS has been designed to tackle. The data can be searched and information selectively retrieved. For
example, to report on which products had sales of more than a certain amount in the period.
2 Model-based management system (MBMS): Transforms data from the DBMS into information
that is useful in decision making.
3 Dialogue generation and management system (DGMS): Provides a user-friendly interface
between the system and the managers who do not have extensive computer training.
Knowledge Work Systems (KWS) support highly skilled knowledge workers in the creation and integration
of new knowledge into the company. Computer Aided Design (CAD) systems used by product designers
not only allow them to make modifications easily without having to redraw the entire object (just like word
processors for documents), but also enable them to test the product without having to build physical
prototypes. CAD can also be linked to systems which can be used to estimate the manufacturing cost of
OAS support the major activities performed in a typical office such as document management, facilitating
communication and managing data. Examples include:
word processing, desktop publishing, and digital filing systems.
e-mail, voice mail, videoconferencing, groupware, intranets, schedulers.
spreadsheets, desktop databases.
Office Automation Systems (OAS) support general office work for handling and managing documents
and facilitating communication. For example, many insurance companies now scan all documents received
by them. The digital images can be used and shared by employees without the need to transport physical
files around the office. Text and image processing systems evolved from word processors to desktop
publishing, enabling the creation of professional documents with graphics and special layout features.
Spreadsheets, presentation packages like PowerPoint, personal database systems and note-taking systems
(appointment book, notepad and card file) are part of OAS.
OAS create, handle and manage documents (through word processing and desktop publishing), manage
workflow and scheduling, help manage client portfolios and help with communication (through electronic
mail, electronic bulletin boards, voice mail and teleconferencing).
A failure in the TPS often causes significant problems for the organisation. For example, when the
reservation system at an airline fails all operations stop: no transactions can be carried out until the system
1
is up again. Long queues form in front of ATMs and tellers when a bank's TPS crashes.
Section overview
Topology refers to how a computer network is physically arranged.
A local area network (LAN) is a system of linked PCs and other devices such as printers.
A wide area network is a network of computers which are dispersed on a wider geographical
scale than LANs.
Centralised network architecture involves all processing being carried out on one or more
processors at a single central location.
Distributed network architectures spread the processing power throughout the organisation
at several different locations.
Client-server networks include server computers that hold and provide resources to the
network.
In a 'peer-to-peer' network each computer has equivalent capabilities and responsibilities –
devices communicate directly with each other.
A computer network is made up of a number of connected computers and other devices, for example a
number of connected PCs and printers. Networks are popular because they provide a number of users
with access to resources (e.g. data files, printers and software).
Definition
A centralised architecture can be defined as 'processing performed in one computer or in a cluster of
coupled computers in a single location'.
Centralised network architectures use a centralised file server to provide the majority of services to the
LO
4.2 workstations on the network. The workstations are often said to be clients of the file server. File and print
services are easily the most popular but may be augmented with communication, directory, backup and a
number of other services.
Centralised Network
file server hard drive
High security installations may require that the PCs used do not have any CD drives, floppy drives or USB
ports. Email access should not be allowed on the workstations as files could be attached to emails and sent
outside the organisation.
Centralised architectures could be based in a single location or spread over multiple locations. For example,
both a local area network (LAN) and a wide area network (WAN) could utilise a centralised architecture
(these terms are explained later in this section).
Advantages of centralised architectures include the following:
(a) There is one set of files on the centralised file server so that everyone uses the same data and
information.
(b) It gives better security/control over data and files and automatic back up. It is easier to enforce
standards centrally and easier to support.
(c) Head office (where the computer is usually based) is able to control computing processes and
developments.
(d) An organisation might be able to afford a very large central computer, with extensive processing
capabilities that smaller 'local' computers could not carry out.
(e) There may be economies of scale available in purchasing computer equipment and supplies.
The main disadvantages of centralised architectures include the following:
(a) This type of system is not particularly flexible. Resources must be placed on the server to be shared.
For example, a file produced by one user must be transferred to the server before it can be made
available to other users.
(b) Local offices might experience processing delays or interruptions.
(c) Reliance on head office. Local offices rely on head office to provide information they need.
(d) If the central computer or cluster breaks down, or the software develops a fault, the entire system
goes out of operation.
(e) Processing speed can deteriorate as more users log onto the system.
1
An example of a distributed architecture, with a combination of stand-alone PCs and networks spread
throughout an organisation, is shown in the following diagram:
Server
Router
Cloud User
Host
Network
Cloud
Router
Cloud Vendor’s Infrastructure
Enterprise
A cloud can be private or public. A public cloud sells services to anyone on the Internet. (Currently,
Amazon Web Services is the largest public cloud provider.) A private cloud is a proprietary network or a
data centre that supplies hosted services to a limited number of people. When a service provider uses
public cloud resources to create their private cloud, the result is called a virtual private cloud. Private or
public, the goal of cloud computing is to provide easy, scalable access to computing resources and IT
services.
PC PC PC
Shared Database and
LO
4.2
Network
Server
Switch
Shared printer
PC PC
5 Corporate networks
5.1 Definition
Definition
A corporate network is a combination of computer hardware, cabling, network devices, and computer
LO software owned by the same company and used together to allow computers to communicate with each
4.1 other. The purpose of the network is to provide easy access to information, thus increasing productivity for
users.
Many different types and locations of networks exist. You might use a network in your home or home
office to communicate via the Internet, to locate information, to place orders for merchandise, and to send
messages to friends. You might work in a small office that is set up with a network that connects other
computers and printers in the office. You might work in a large enterprise in which many computers,
printers, storage devices, and servers communicate and store information from many departments over
large geographic areas. In a corporate network, a number of locations might need to communicate with
each other:
LO
4.2
The server may also allow access to the network from the Internet. Users with an Internet terminal
anywhere in the world, once a connection has been established and passwords verified, can access
programs or data on the network just as if they were seated at one of its local workstations.
The advantages of local peer-to-peer over client-server network operating systems include:
No need for a network administrator.
The network is fast/inexpensive to setup and maintain.
Each PC can make backup copies of its data to other PCs for security.
Easiest type of network to build, peer-to-peer is perfect for both home and office use.
Client-server Peer-to-peer
(i) One PC on the network acts as the server or (i) Each PC is an equal.
controller.
(ii) The server controls network resources. (ii) PCs are not reliant on the server for access to
network resources.
(iii) Network access and security are controlled (iii) Can be set-up using standard PC operating system
centrally. software.
(iv) The server requires an operating system with (iv) Generally simpler and lower cost.
network capability.
In a fully centralised P2P system the peers interact with each other via a central server. Access to the
server may be over the Internet.
The server may just function to connect two peers together, or supply additional resources or index and
keep track of the resources that the peers make available (usually files). Also, instead of building an index,
the server may just ask each of the peers if they have a particular resource that another peer wants (again,
usually a file), and, if there is a positive response, link the two peers together so that the file can be
transferred.
Such file transferring is widespread, and may infringe copyright, particularly with music and video files. In
business it can be useful for providing and accessing user guides and manuals or for a group collaborating on
a project - although for security any use of the Internet will normally be restricted to a VPN (Virtual Private
Network).
Case study
Intel uses P2P to streamline the distribution of computer-based training materials to employees. Rather
than have employees download huge multimedia files from a central server, it developed an application on
LO every desktop to reduce the network burden. When a user requests a course, the application searches for
4.3
it on local desktops, gradually widening the search until it finds the closest source.
5.4.3.1 Security
The potential security concerns for P2P software can be categorised as follows:
Denial of Service - every user of a P2P program is soaking up network bandwidth. If enough users
are transferring large files it can cause network resources to be tied up.
Security Holes - e.g. freely available software that allows users to ‘sniff’ for open ports on a peer
machine.
Confidentiality – the P2P application is installed on a ‘trusted device’ that is allowed to communicate
through the organisation’s firewall with other P2P users. Once the connection is made from the
trusted device to the external Internet, attackers can gain remote access to the trusted device for
the purpose of stealing confidential corporate data, launching a Denial of Service attack or simply
gaining control of network resources.
Malware - just as average users can freely distribute any files they choose, malicious users can freely
distribute Trojan horse applications and viruses.
Information Gathering - disclosure of IP and MAC addresses, connection speed.
An article in the Scientific American reported that, in 2009, classified or sensitive files found on file-sharing
networks included: the Secret Service safe house location for the first lady, the Social Security numbers of
every master sergeant in the Army and the medical records of 24,000 patients of a Texas hospital.
5.4.3.2 Control
Unfortunately, because P2P networks are installed on local client machines and link directly to the Internet,
those client machines are wide open to abuse that is uncontrolled by standard information security
measures. P2P networking can circumvent an organisation’s security by using decentralised security
administration, decentralised shared data storage, and a way to get round critical perimeter defences such
as firewalls.
Although passwords can be assigned by a user to each individual shared resource whether it is a file, folder,
drive or peripheral, this solution introduces the possibility that users may have to know and remember the
passwords assigned to every resource and then re-learn them if the user of a particular machine decides to
change them. Due to this flexibility and individual discretion, security can be a major concern because users
may give passwords to other unauthorised users, allowing them to access areas of the network that the
company does not permit. Furthermore, due to lack of centralisation, it is impossible for users to know and
remember what data lives on what machine, and there are no restrictions to prevent them from over-
writing files. This of course cripples attempts to organise proper backups.
Applications such as Kazaa have been popular with music-loving Internet users for several years, and many
users take advantage of their employers’ high-speed connections to download files at work. Over and above
the potential for productivity loss and the overload of network bandwidth with unauthorised file sharing
activities, P2P networks can:
'Inter' means 'between': 'intra' means 'within'; 'extra' means 'outside'. This may be a useful reminder of some
of the inter-related terminology in this area.
The Internet is used to disseminate and exchange information among the public at large.
Definition
An intranet is an internal or private network of an organisation based on Internet technology, and
accessed using a web browser. An intranet is meant for the exclusive use of the organisation and is
protected from unauthorised access with security systems such as firewalls. Intranets provide services such
as email, data storage, and search and retrieval functions, and are employed in disseminating policy manuals
and internal directories for the employees, price and product information for the customers, and
requirements and specifications for the suppliers. Some intranets are confined to a building whereas others
span continents.
An intranet is used to disseminate and exchange information 'in-house' within an organisation. A firewall
is a security device that effectively isolates the sensitive parts of an organisation's system from those areas
available to external users. It examines all requests and messages entering and exiting the Intranet and
blocks any not conforming to specified criteria.
The idea behind an intranet is that companies set up their own mini version of the Internet. Each employee
has a browser, used to access a server computer that holds corporate information on a wide variety of
topics, and in some cases also offers access to the Internet.
Intranets are used for the following:
(a) Performance data: linked to sales, inventory, job progress and other database and reporting systems,
enabling employees to process and analyse data to fulfil their work objectives.
(b) Employment information: on-line policy and procedures manuals (health and safety, disciplinary and
grievance), training and induction material, internal contacts for help and information.
(c) Employee support/information: advice on first aid, healthy working at computer terminals, training
courses offered and resources held in the corporate library and so on.
(d) Notice boards for the posting of messages to and from employees: notice of meetings, events and
internal job vacancies.
(e) Departmental home pages: information and news about each department's personnel and activities
to aid identification and cross-functional understanding.
(f) Bulletins or newsletters: details of product launches and marketing campaigns, staff moves, changes in
company policy – or whatever might be communicated through the print equivalent, plus links to
relevant databases or departmental home pages.
(g) E-mail facilities for the exchange of messages, memos and reports between employees in different
locations.
(h) Upward communication: suggestion schemes, feedback questionnaires.
(i) Individual personnel files, to which employees can download training materials, references,
certificates and appraisals.
Extranets are web based but serve a combination of users. They are private, secure extensions of the
enterprise via the corporate Intranet. Whereas an intranet resides behind a firewall and is accessible only to
people who are members of the same company or organisation, an extranet provides various levels of
accessibility to outsiders.
Only those outsiders with a valid username and password can access an extranet, with varying levels of
access rights enabling control over what people can view. Extranets are becoming a very popular means for
business partners to exchange information. They can share data or systems to provide smoother
transaction processing and more efficient services for customers.
An extranet may be used to:
provide a pooled service which a number of business partners can access.
exchange news which is of use to partner companies and clients.
share training or development resources.
publicise loyalty schemes, sponsorships, exhibition attendance information and other promotional
tools.
exchange potentially large volumes of transaction data using Electronic Data Interchange (EDI).
provide online presentations to business partners and prospects (and not competitors).
share news of common interest exclusively with partner companies.
collaborate with other companies on joint development efforts.
The basic components of an extranet are an Internet connection via a router, an internet server to hold
intranet web pages that are to be accessed through the extranet, a firewall and the essential data and files.
An organisation could connect its browser based purchase order system to the product catalogue database
on a supplier's Intranet (see diagram below).
Vendor Intranet
LO
4.2
Firewall
Firewall Mainframe
Customer Intranet
Customer
purchase order
service
Definition
M-commerce and m-business is any e-commerce or e-business activities performed in a wireless
environment. It is not merely a variation on existing Internet services; it is a natural extension of e-business
creating new opportunities.
As well as offering voice calls, mobile phones are used for e-mail and SMS (short message service, 1
commonly known as 'texting') that lets users receive and send short text messages to other cell phones.
The characteristics include the following:
They can be accessed from anywhere.
Their users can be reached when they are not in their normal location.
It is not necessary to have access to a power supply or a fixed line connection.
They provide security – since each user can be identified by their unique identification code.
In 1999 the first of a new generation of mobile phones, known as Wireless Application Protocol or WAP
phones, was introduced that offered the opportunity to access the Internet. What these phones offer is the
facility to access information on web sites that have been specially tailored for display on the small screens
of mobile phones. WAP pages are accessed using wireless techniques from a WAP gateway that is
connected to a traditional web server where the WAP pages are hosted.
In 2001 new services became available on GPRS (General Packet Radio Service). This is approximately five
times faster than GSM and is an 'always on' service which is charged according to usage. Display is still
largely text-based and based on the WAP protocol.
In 2003 the third generation (3G) of mobile phone technology became available based on UMTS (Universal
Mobile Telephone System) with high speed data transfer enabling video calling. 3G technologies enable
network operators to offer users a wider range of more advanced services while achieving greater network
capacity through improved spectral efficiency. Many facilities available from a desktop PC are offered on a
handheld unit.
Currently, the fourth generation (4G) of mobile technology is being introduced. This technology is not
consistently available yet in all countries.
Wireless
transmission
Mobile
network Fixed telephone
infrastructure
Mobile Mobile
phone phone
(terminal)
Section overview
For a computer to operate on a network, there are a range of different components that are required.
They include the following:
This section will give you an overview of the main components of a corporate network.
The basic components of a network are the router, the firewall, and the switch. These core components
use an Intrusion Detection System (IDS) to look out for possible malicious attacks on the network, as
shown in the diagram below.
6.1 Routers
The router is the outermost security gate. It is responsible for forwarding packets of information to the
networks to which it is connected. These packets can be inbound requests from Internet clients to your
Internet
Router
Other tasks the Router can perform:
5 Exchange Protocol information across
networks (see Section 6.6 on protocols).
6 Filter traffic – useful for preventing hacker
attacks, for example.
6.2 Repeaters
All signals fade as they travel from one place to another.
Each type of network cable has a maximum useable length. If you go beyond that length, the signal will be
too weak to be useful.
Of course, computers on a real network can easily be more than 200 metres apart. Therefore, the network
LO cable is split up into segments. Each segment is less than the maximum length allowed. Joining the segments
4.1 together is a device known as a repeater. A repeater boosts the signal back to its correct level.
Smaller distorted
Clean signal signal
Repeater
6.4 Hubs
There are many network topologies available: the star and tree use a hub but the bus and ring do not use
one. To allow the Star and Tree network topologies to work properly, each computer must be able to send
data packets to any other computer on the network.
The network Hub allows computers to share data packets within a network.
Each computer will be connected to a single port on the hub. So if you purchase an 8-port hub, you will be
able to connect up to eight computers together.
You can also daisy chain hubs to allow even more computers to join the network.
Typical network (below) making use of a hub:
LO
4.2
The availability of low-priced network switches has largely rendered hubs obsolete but they are still seen in
older installations and more specialised applications.
6.5 Switches
Switches perform the same job as hubs, but with slightly more intelligence. They can examine each data
packet, and send it to just the recipient, reducing the traffic, and so increasing the network performance.
You can easily configure a switch by sending specially formatted packets to it.
Switches can be managed or unmanaged. Unmanaged switches are the least expensive and are usually found
in home or small business networks. They have no user interface for reconfiguration. Managed switches can
be smart (or intelligent) and allow basic reconfiguration of speeds and port settings, or fully managed
(the most expensive) with many options which can be changed, usually from the central control location for
the whole network. In the event of failure or overload in part of the network, managed switches can be
used to route traffic through alternative paths.
1
6.6.1 Elements of a network protocol
Some of the things that need to be considered are:
(a) speed of the network – for example, 10Mbit per second.
(b) error checks of the data packets when they arrive – how is it done?
(c) error correction of the data packets – method to be used.
(d) data packets received correctly – what method/signal will be used to tell the other machine that the
data has arrived correctly?
(e) how does the receiving machine know that the sending machine has finished sending all of the data?
What is the code to indicate this?
(f) data compression – does the protocol allow this to take place and if so, what method does it use?
Network Interface Data Link layer – supports error free organisation and transmission of data in
the network
Physical layer – provides physical access to the telecommunications media in
Physical layer the network
6.7 Gateway
There are many different network protocols in use today. For example, the large Internet company called
AOL has its own special email protocol.
A gateway converts the data passing between dissimilar networks so that each side can communicate with
each other i.e. converts data into the correct network protocol.
The gateway is a mixture of hardware components and software. This is unlike a standard 'bridge' which
simply joins two networks together that share the same protocol.
LO 1
4.2
There are files stored on each computer. One machine is linked to the scanner, whilst another is linked to a
printer. The game machine is linked to the Internet, which all three machines can use. This is fine for small
networks as the number of requests to use a resource is not going to be too high.
But now imagine there are a dozen computers on the network and each one needs to print out a document
every few minutes. The machine that is connected to the printer is going to be tied up most of the time.
In this case it makes sense to allocate a machine exclusively to service printer requests. This machine is
called a printer server.
A similar situation is likely to arise with files and the database so a dedicated file server and database server
might be required.
A server is any machine that provides a service for other users on the network. Common services include:
(a) Email server. The email server will provide all the usual facilities such as address books, spam filtering
and so on.
(b) Internet Proxy server – a proxy server is an intermediary between the clients and the server which
checks that requests and responses are from legitimate sources. It can be a physical device (such as a
PC) or software.
(c) Intranet server.
Quite often, staff want to use the same web site over and over again. The Internet Proxy server will store a
local copy of often-used web pages to speed up access and to reduce bandwidth consumption (which costs
money).
Many companies run their own private internal web services. This is called an intranet and is run from the
intranet server.
6.10 Modems
A modem converts the digital data from the computer into a continuous analogue wave form that the
telephone system is designed to deal with (MODulation). The reason for this is that the telephone system
was originally designed for the human voice i.e. continuous signals. The modem also converts the analogue
signal from the telephone network back into digital data that the computer can understand. (DEModulation).
WiFi modems – allow connection to WiFI networks.
Microwaves are just a small part of the radio spectrum, but because they are so widely used, they tend to
be called by their own name.
Data is sent out through aerials mounted on tall towers. The 'cable' is effectively the microwave link
between towers. Some large companies use microwave towers spread along hilltops to allow one office to
communicate with others in the same country. They do this because it is cheaper than renting telephone
lines for carrying the same amount of data.
On a much smaller scale, laptops can communicate with the local area network with radio links, for
example, WiFi.
Section overview
Networks that use the Internet are exposed to a wider range of possible threats.
Control issues that apply to most network configurations include:
– user error.
– unauthorised network access.
– data being intercepted or altered during transmission.
– website denial-of-service attacks.
– malicious software to disrupt the operation of websites.
– hackers altering or destroying data.
– hardware breakdown or fault.
– misuse, criminal acts, programming errors, improper installation, unauthorised software
changes, power failures, floods, fires, earthquakes and other natural disasters.
Client and server systems are normally easier to secure than peer-to-peer networks.
Without a central server, it is very difficult to secure peer-to-peer networks.
There are other control issues associated with spoofing and port addresses.
Computer networks are able to store vast amounts of data. All networks have potential for unauthorised
access and misuse at any network access point.
Generally, centralised networks are easier to control as data is held in a single location and communication
channels are more easily monitored.
Software (operating
1
system) Hardware
User errors
Unauthorised Message Hacking
access alteration Viruses and worms Altering, stealing
Theft and and copying data
Viruses and Theft and fraud
worms fraud Denial of service attacks
Hardware failure
Spyware Sniffing Vandalism
Software failure
LO
The main control issues arise from the following situations.
4.4
(a) Users may introduce errors or access systems without authorisation.
(b) Data may be accessed or altered during transmission, for example packet sniffing. Sniffing is
information gathering by capturing data packets as they pass through a particular network interface.
For this to happen, software must be placed on a computer within the target network. This will
normally be done via a virus. Sniffers examine network traffic, making a copy of the data without
redirecting or altering it. They are therefore hard to detect. Sniffers often position themselves at the
junction between networks, and so computers which have access to more than one network should
only be used by trusted and experienced staff, and extra precautions taken against rogue software.
(c) Networks which connect to the Internet may be prone to Denial of Service attacks. These occur
when a large number of computers on the Internet have become infected with a particular virus, and
through that are all made to repeatedly access the same site at the same time, blocking out any
legitimate users, and possibly causing the site to crash due to overload.
(d) Surviving such an attack is by ensuring the site software is robust enough not to crash, and by
filtering (see Section 6.8) input messages. Output messages should also be filtered as a matter of
course, discarding any with a source address not from this site. This will not stop an attack on this
network, but it will prevent this network being part of an attack on another.
(e) Hackers capable of penetrating corporate systems can read, destroy or alter corporate data stored
in databases or files.
(f) The system may suffer a malfunction, for example a hardware breakdown, or may not be configured
correctly. Damage may also be caused by misuse, criminal acts, programming errors, improper
installation, unauthorised software changes, power failures, floods, fires, earthquakes and other
natural disasters.
(g) Outsourcing adds to system vulnerability if data and information are held on networks and
computers outside the organisation’s direct control.
If a network is open to the Internet, there is a balance to be struck between being so restrictive as to prevent
genuine users from accessing the system, and being too lax and allowing malicious data packets to enter.
Genuine users, and in particular users within the company who may be inside a firewall (see Section 6.8),
should be educated to detect possible ‘phishing’ (Internet pages that mimic, say, a banking site, and attempt
to get the user to type in user names and passwords), to avoid sites that may be from disreputable sources,
and be very cautious about downloading any software.
It may be advisable in some cases to block program downloading or access to any sites considered
untrustworthy.
7.6 Ports
A web address will normally target a particular computer, but then there are still several hundred sub-
addresses which are entry points into different parts of the software. These are called ports. Many of the
port numbers are fixed (e.g. 80 for normal web pages, 110 for incoming email), and more may be assigned
dynamically. An attacker may try many ports to determine which are active, and provide a possible way in.
The programs which handle the ports are called services. Any services which are not required should be
closed down to deactivate the ports.
The IT components, sometimes referred to as the IT platform, comprise hardware, software and
networks and communications technology.
1
So, if we list the core elements of an organisation's IT infrastructure individually, we have:
– hardware.
– software.
– networking and telecommunications.
– data management.
– IT services (including staff).
Organisations use a range of information systems relevant to a number of functional areas at
different levels of the organisation. When viewed collectively, this is sometimes referred to as a
hierarchy of systems.
One way of classifying systems is according to the level at which they operate, for example:
– strategic.
– management.
– knowledge.
– operational.
A centralised architecturecan be defined as 'processing performed in one computer or in a
cluster of coupled computers in a single location'.
Distributed network architectures spread the processing power throughout the organisation at
several different locations. The majority of processing power is held on PCs spread throughout the
organisation.
A local area network (LAN) is a system of linked PCs and other devices such as printers.
Topology refers to how a computer network is physically arranged – popular topologies include star,
ring and tree.
A wide area network (WAN) is a network of computers which are dispersed on a wider
geographical scale than LANs.
A corporate network is a combination of computer hardware, cabling, network devices, and
computer software owned by the same company and used together to allow computers to
communicate with each other. The purpose of the network is to provide easy access to information,
thus increasing productivity for users.
Client-server networks include server computers that hold and provide resources to the network.
In a 'peer-to-peer' network each computer has equivalent capabilities and responsibilities – devices
communicate direct with each other.
For a computer to operate on a network, there are a range of different components that are
required. They include the following:
1 Hardware means the various physical components which comprise a computer system, as opposed
to the non-tangible software elements.
2 B You should have identified 'collaboration system' as being outside the three major classes of
information system.
3 B Drawing on diverse yet predictable data resources to aggregate and summarise data is
characteristic of decision support systems.
4 D If an information system that provides information that helps senior management with long-
term planning it is operating at the strategic level.
5 Knowledge workers are people whose jobs consist primarily of creating new information or
knowledge.
6 The statement is True. Centralised networks are generally easier to control and keep secure than
decentralised or distributed networks.
7 The statement is True. In a P2P network, each PC is considered an equal.
8 A local area network connects devices over a relatively short distance.
A wide area network spans a relatively large geographical area.
A client-server network is a configuration in which desktop PCs are regarded as clients that request
access to services on a more powerful server.
Peer-to-peer computing is a form of distributed processing that links computers via the Internet or
private networks so they can share processing tasks.
Database concepts
Topic list
51
Introduction
In this chapter we consider the role played by data and databases within an organisation.
Data feed an organisation's information systems. There is no point investing heavily in high quality
information systems unless the data are of an equally high standard – accurate, complete, appropriate and
up-to-date.
Most systems use databases in some way. In this chapter we explain how data and databases are structured
and how they should be managed.
Later in the chapter we consider the role of databases in relation to Accounting Information Systems (AIS)
and explore some of the ethical questions raised by the vast amounts of data held in computerised
databases today.
The chapter content is summarised in the diagram below.
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual. C
H
1 List five reasons why an organisation would collect and store data. (Section 1) A
P
2 Identify three internal and three external sources of data or information. (Section 2) T
E
3 What is a database record? (Section 3) R
4 Define the term 'database system'. (Section 4)
5 List the four main database storage models. (Section 5) 2
6 What does an Entity Relationship Model show? (Section 6)
7 What are the main steps involved when implementing a database? (Section 7)
8 Explain how databases are used in Accounting Information Systems (AIS). (Section 8)
9 Explain how encryption could help maintain database confidentiality. (Section 9)
10 Discuss how databases may present a threat to privacy. (Section 9)
2: Database concepts 53
LO
2.2 1 Data collection and storage
Section overview
We start this chapter by considering why organisations need to collect and store data.
Reasons include:
– To record transactions.
– Decision making
– Planning
– To facilitate control.
– To enable performance to be measured.
Definitions
Data is the raw material for data processing. Data consists of numbers, letters and symbols and relates to
facts, events, and transactions.
Information is data that have been processed in such a way as to be meaningful to the person who
receives it.
Some of the main reasons organisations collect and store data are explained in the following paragraphs.
1.3 Planning
Once decisions are made, it is necessary to plan how to implement the steps necessary to make them
effective. Planning requires data and information relating to available resources, possible time-scales for
implementation and the likely outcome under alternative scenarios. Data feeds information systems that
provide planning tools.
1.4 Controlling
Once a plan is implemented, data are required to assess whether it is proceeding as expected or
whether there is some unexpected deviation from the plan. It may consequently be necessary to take some
form of corrective action. Data captured by information systems can be used to monitor and control the
outcomes of the plan.
2.1.4 Timesheets
Many service businesses, notably accountants and solicitors, need to keep detailed records of the time
spent on various activities, both to justify fees to clients and to assess the efficiency and profitability of
operations.
Factor Comment
Political/legal National or local politics may affect how an organisation operates. Changes in legislation may
put new responsibilities or liabilities on an organisation.
2: Database concepts 55
Factor Comment
Economic Economic factors affect an organisation's finances such as the availability of loans, interest rates,
exchange rates and sales levels.
Social Society's views may put pressure on how the organisation is run, for example pressure to
reduce environmental pollution. Changes in populations are very important in some countries.
Technological Technological advances may affect an organisation's production and/or management processes.
Technology may also allow the development of new products and services which were not
previously possible.
Other areas an organisation may require external data and information on include:
(a) Competitors – how successful are they, are they developing new products?
(b) Customers – what are their needs, how large is the potential market, are there any new market
segments?
(c) Suppliers – what are their prices, what is the quality of their products like, are there any new
potential suppliers in the market?
Capturing data from outside the organisation might be entrusted to particular individuals, or might be
'informal'.
Routine formal collection of data from outside sources includes the following:
(a) A company's tax specialists will be expected to gather information about changes in tax law and how
this will affect the company.
(b) Obtaining information about any new legislation on health and safety at work, or employment
regulations.
(c) Research and development (R & D) work often relies on information about other R & D work being
done by another company or by government institutions.
(d) Marketing managers need to know about the opinions and buying attitudes of potential customers.
To obtain this information, they might carry out market research exercises.
Informal gathering of information from the environment goes on all the time, consciously or unconsciously,
because the employees of an organisation learn what is going on in the world around them – perhaps from
newspapers, television reports, meetings with business associates or the trade press.
Whereas formally collected information is explicit (the organisation knows that it possesses the information
or knowledge, and it is usually written down), informal information or knowledge is often tacit. The
information will often stay with individuals, is not formally recorded, and is therefore not made available to
the organisation as a whole. Uncovering, recording and disseminating valuable tacit knowledge can be a
major challenge to organisations.
Exam comments
exam
Ensure you understand why data collection and storage is important for your exam. C
H
A
P
LO
2.3
3 The data hierarchy T
E
R
Section overview
The way in which computer data is stored can be viewed as a hierarchy as follows: bit, byte, data 2
field, field, record, file and database.
3.1.1 Bit
The smallest item of computer storage is referred to as a bit. It can have the value 1 or 0.
3.1.4 Record
At the fourth level, data fields combine to form a complete record. A record stores all the information
about one file entity, for example one employee in a payroll file.
Record structure
The data fields (attributes) in each record are referred to collectively as the record structure. In many
accounting applications, this structure is fixed, meaning that each record contains the same number, same
type, and same-sized data fields as every other record on the file. This would probably be the case for
payroll records.
In other applications, either the number of data fields in each record might vary, or the size of a given data
field in each record might vary. For example, in a file of customer complaints, the memo field in each record
might vary in length to accommodate different-sized descriptions of customer problems. In a receivables
account, the number of outstanding invoices will vary between accounts and with time.
Primary key or key field
The primary key is the data field in each record that enables a system to uniquely distinguish one record
from another. In a payroll record, the primary key might be the employee's tax file number. Other
organisations may allocate each employee a unique employee number and use this as the key field. The
primary key enables users and computer programs to find a specific record.
2: Database concepts 57
It is possible to search for records using data fields which are not unique across. For example a payroll file
could be searched by surname.
Data fields from a payroll record
Employee
number First Tax file Hourly
(key field) Surname name number Start date Dept rated? Rate
E01046 Walsh Barry NR123456 Z 01/01/2010 M Y $22.50
3.1.6 Database
Finally, at the highest level, several tables or files create a database. For example, a collection of files that
contain all the information for an accounting application. In an inventory module, for example, this database
might contain a part-number master table, a supplier table, a price table and an order transaction table.
LO
2.3
4 Databases and database systems
Section overview
The term 'database system' is used to describe a wide range of systems that use a central pool
of data.
Definitions
A database is a collection of data organised to service many applications. The database provides
convenient access to data for a wide variety of users and user needs.
A database management system (DBMS) is the software that manages access to the database. It is a
system which allows numerous applications to extract the data they need without the need for separate
files.
Some tasks could be carried out using either a spreadsheet or a database package e.g., simple employee
records could be kept on either. However, there are differences between the two types of package.
Spreadsheets, of course, are particularly good at handling numerical data and calculating results, and so are
appropriate for many financial applications.
Database systems have sophisticated data retrieval and reporting facilities that are not normally found in
spreadsheets. They are more appropriate for conventional record-keeping tasks where the main
requirement is to retrieve information and produce transaction documents and reports.
The term 'database system' is used to describe a wide range of systems that use a central pool of data.
However, not every collection of data is a database; the term database implies that the data is managed to
some level of quality (measured in terms of accuracy, availability, usability, and resilience) and this in turn
often implies the use of a Database Management System (DBMS).
Database
management Database
system
Application
programs
2: Database concepts 59
4.2 The characteristics of a database system
The way in which data is held on a system affects the ease with which the data is able to be accessed and
manipulated. A database system has the following characteristics:
(a) Shared. Different users are able to access the same data for their own processing applications. This
removes the need to hold the same data in different files. Also, everyone will be using the same data
and this is important for consistency.
(b) Controls to preserve the integrity of the database.
(c) Flexibility. The database system should provide for the needs of different users, who each have
their own processing requirements and data access methods. The database should be capable of
evolving to meet future needs.
(a) Avoidance of unnecessary duplication of data (data redundancy). The same information is held only
once, leading to reduced storage space and
(b) Less processing. If a piece of data changes, it has to be updated only once as it is recorded only once.
(c) Data independence; the database does not have to be altered if programs using it are changed. The
database management system handles the changes.
(d) Data is looked upon as serving the organisation as a whole, not just for individual departments. The
database concept encourages management to regard data as a resource that must be properly
managed.
(e) Greater formality over security and control of access.
(f) The installation of a database system encourages management to analyse data, relationships between
data items, and how data is used in different applications.
(g) Consistency – because data is only held once, the possibility of departments holding conflicting data
on the same subject is reduced.
(h) Data on file is independent of the user programs that access the data. This allows greater flexibility in
the ways that data can be used. New programs can be easily introduced to make use of existing data
in a different way.
(i) If all data concerning each entity is in one place, more useful and faster processing will be possible.
(j) Developing new application programs with a database system is easier because the programmer is
not responsible for the file organisation.
C
H
LOs
2.3 5 Data storage models A
P
2.6 T
E
Section overview R
There are four main types of database storage models – hierarchical, network, relational and
object-oriented. 2
A data storage model is a specification describing how a database is structured and used. Among the most
popular structures are
hierarchical,
network and
relational.
These types of data storage differ not only in the way they physically manage the storage and retrieval of
data, but also in the conceptual models they present to the user and programmer.
In recent years, the relational database has generally become the normal standard for database storage. This
is due both to the usability of the relational model itself, and because it provides a standard interface called
Structured Query Language (SQL) that allows many different database tools and products to work together
in a consistent and understandable way. Additionally, a relational database typically provides mechanisms for
ensuring the integrity of the data, data validation, and a host of administrative processes to set up and
maintain the application's data.
2: Database concepts 61
Order Order Order Order Order
Hierarchical structures are appropriate when systems must handle large numbers of routine requests for
information e.g. an airline reservation system. The hierarchical nature of the model makes it unsuitable for
situations involving 'many-to-many' relationships.
P2: Pin 2mm P4: Pin 4mm Q9: Quagga B6: Bolt
C
H
A
P
T
Data from these tables can be extracted and or linked provided that any two share a common data E
element. For example, the customer code could be used to link the Customer table with the Order table. R
Once the link has been established between two or more tables a query can permit any combination of the
data from the tables to be viewed.
2
These views are obtained by using enquiry tools such as Structured Query Language (SQL). This permits an
application to create a unique data set (record) from a common set of data (database) in a fashion that
meets the application requirements. The two main benefits of a relational database are quick access to data
and the easily implemented data integrity.
Exam comments
exam
Ensure you know and understand the different data storage models for your exam.
2: Database concepts 63
LO
2.4 6 Data modelling and design
Section overview
An Entity Relationship Model (ERM) may be used to establish and model the logical data
requirements of a system.
To ensure data is able to be used effectively, databases must be designed effectively and the data organised
efficiently. There are several modelling techniques available to help plan and design a database.
Entity life histories identify the various states in which an entity can legitimately be. It is really the functions
and events which cause the state of the entity to change that are being analysed, rather than the entity itself.
2: Database concepts 65
The following notation rules are used for Entity life histories:
(a) Three symbols are used. The main one is a rectangular box. Within this may be placed an asterisk or
a small circle, as explained below.
(b) At the top level the first box (the 'root node') shows the entity itself.
(c) At lower levels the boxes represent events that affect the life of the entity.
(d) The second level is most commonly some form of 'create, amend, delete', as explained earlier (or
birth, life, death if you prefer). The boxes are read in sequence from top to bottom and left to
right.
(e) If an event may affect an entity many times (iteration) this is shown by an asterisk in the top right
hand corner of the box. A customer account, for example, will be updated many times.
(f) If events are alternatives (selection) – for example, accept large order or reject large order – a
small circle is placed in the top right hand corner.
Note the three types of process logic referred to above:
Sequence.
Iteration (or repetition).
Selection.
Entity life histories are important in database design because it is necessary to know all the changes that can
happen to an entity and to ensure that the system will allow these to take place. For example, the following
model does not explicitly allow for order cancellations: perhaps it should.
o o
LO
2.4
7 Database implementation
Section overview
Database implementation should be formally planned and managed to ensure the database is
fit for purpose.
Implementing a database requires formal planning, if only because a database, holding a large quantity of
data, is likely to be very important to the organisation’s operations. Many of the steps involved are similar
to other systems implementation projects covered elsewhere in this Study Manual (Chapter 4). The general
systems development and implementation information provided in Chapter 4 can be applied to many of the
steps listed below.
Step 6: Training
Establish training requirements and the training schedule.
Train programmers and the DBA.
2: Database concepts 67
Step 10: Fine-tune the database
Speak to users and monitor DBMS data and modify database as required.
Ensure database security is robust and working as intended.
Question 1: DBMS
What is a database management system (DBMS)?
(The answer is at the end of the chapter)
LO
2.1
8 Databases and Accounting Information Systems
(AIS)
Section overview
Accounting Information Systems (AIS) apply database concepts and techniques to produce
meaningful accounting information.
Definition
An Accounting Information System (AIS) is a collection of data and processing procedures that
records and creates accounting related information.
Accounting Information Systems use databases in a number of ways. For example, the accounts receivable
ledger stores customer data, the accounts payable ledger stores information about suppliers, and payroll
holds information about employees.
An AIS collects, records, stores, and manipulates financial data, and converts this data into meaningful
information for financial reporting and management decision making.
Throughout this chapter we have illustrated how database concepts apply to AIS – for example, payroll.
9.1 Definitions
Ethics is concerned with what is right and what is wrong. To act ethically generally means to 'do the right
and fair thing' in the eyes of society as a whole.
Privacy, in the context of information and databases, is concerned with the right of an individual or
organisation to control access to information relating to them.
Worked Example
Let us say a person has a car insurance policy with Beta Indemnity, and over the course of time has
numerous accidents and files a series of claims. The person then applies for a new policy with Midtown
Mutual. Does Beta have an ethical obligation to supply information to Midtown that might affect its decision
on the conditions for that policy? If not, and if our ability-impaired driver has a serious accident, does Beta
bear any responsibility for withholding information that might have prevented new insurance, and possibly
even the license to drive, from being issued?
Without technological advances in processing high data volumes, enabling data about consumers to be easily
shared among organisations, it would be difficult if not impossible to build up a comprehensive ‘life file’
about anyone. Does the fact that technology enables this to happen necessarily mean it should?
Prior to the advent of technology enabling mass capture, storage, and processing of data, maintaining the
security of that data and ensuring it was not misused was relatively easy. Critical and confidential data was
kept on paper, in locked files, in a secure file room, with access that was controlled by a responsible
person. Today, we have terabyte-sized databases that are tabulated and cross-referenced with others to
2: Database concepts 69
provide all sorts of information about us to all sorts of people. As individuals, we have little or no control
over that data. When you apply for a car loan your personal financial data is legitimately provided by the
credit reporting agencies to enable your lender to make an appropriate financial decision as to whether you
are a good risk. The lending institution subsequently uses that data to market products to you. That was
not the original intention of the transaction by which the data was supplied, but there is nothing inherently
illegal about it. However, is it ethical for that organisation to use an asset to which it wouldn't ordinarily
have had access and in an entirely different manner than what was agreed by the two parties to begin with?
Does this constitute an invasion of your privacy?
Worked Example
For example, every time you use a debit or credit card, make an online purchase, access an ATM, or
complete virtually any financial transaction, a significant amount of data about you and your activity is
recorded. In the simplest application, companies use that data to issue bills, record payments, or update
portfolios. This is basic recordkeeping. However, technology has enabled more sophisticated uses of that
data.
As just one example, data mining using segmentation analysis can swiftly analyse buying patterns and
‘suggest’ additional purchases on the basis of the product you are trying to buy. Is this an ethical use of data?
The information being used is all about you, but it was collected by the company with which you were
doing business. Is it your data or theirs? If it is their data, do you have the right to tell them how to use it?
Not too many of us would have much of a problem with technology enabling the bank to quickly and
accurately apply interest to our accounts, but do we have the same attitude when that same bank uses that
data for marketing purposes?
9.1.4 Profiling
Databases enable people and organisations to identify individuals with certain characteristics. For example, a
family holiday supplier may target people living in certain postcodes who have two or more children. Some
people find this type of targeted, unrequested marketing attention annoying.
Profiling has also been used by government agencies, such as airport authorities and the police, to identify
'suspects'. For example, utility records have been used to identify people who use unusual amounts of water
exam
Exam comments
Ethical concerns relating to data capture and storage are topical and therefore likely to be tested in your
exam.
C
H
Case study A
P
Some of the US's largest databases are truly vast. The US Internal Revenue Service (IRS) maintains records T
on over 75 million taxpayers. Ford Motor Company maintains a customer database of 50 million records. E
R
Citicorp uses a database of 30 million records. Controls are required to protect the security and integrity
of data held in databases.
2
As databases are held within an organisation's information infrastructure, security controls that protect an
organisation's information systems as a whole also provide protection to databases. Controls more relevant
to all aspects of an organisation's information systems are covered in Chapter 6. In this chapter section we
focus on controls most relevant to database security.
LO Database integrity relates to data accuracy and consistency within the database.
2.5
We will now look at some specific control measures intended to protect the database.
9.2.1 Encryption
Encryption aims to protect confidentiality. The encryption process encodes data in such a way that means
only authorised users, who have the correct 'key', can read the data. Encryption therefore renders data
unreadable to unauthorised users.
Data may be encrypted inside the database ('at-rest') and/or during communication ('in-transit'). Different
encryption algorithms include Data Encryption Standards (DES), Triple DES or 3DES, and Advanced
Encryption Standards (AES).
2: Database concepts 71
9.2.4 Input controls
Input controls aim to ensure the accuracy, completeness and validity of data input.
(a) Data verification involves ensuring data entered matches source documents.
(b) Data validation involves ensuring that data entered is not incomplete or unreasonable. Various
checks can be used, depending on the data type.
(i) Check digits. A digit calculated by the program based on the entry being checked to validate
it.
(ii) Control totals. For example, a batch total totalling the entries in the batch.
(iii) Hash totals. A system generated total used to check the reasonableness of numeric codes
entered.
(iv) Range checks. Used to check the value entered against a sensible range, e.g. balance sheet
account number must be between 5 000 and 9 999.
(v) Limit checks. Similar to a range check, but usually based on an upper limit e.g. must be less
than 999 999.99.
It is possible for data to be mis-keyed, but still be accepted by the system as valid (because it is in the
correct format).
9.3 Availability
Database controls and security measures aim to protect the confidentiality and integrity of the database and
also aim to ensure the database is available and able to be used effectively by authorised users.
The security measures described above help achieve this by reducing the chances of unauthorised activity
and damage to the database. It is also important to ensure the database is backed-up regularly and
appropriately to ensure efficient data recovery if required.
The data stored in commercial databases must be complete, comprehensive and accurate. It is also vital that
such systems are easy to use and serve their strategic missions.
Data that is inaccurate, out of date or inconsistent can create serious operational and financial problems for
businesses. Poor quality data leads to ill-informed decisions which result in financial losses.
We cover data quality issues, in detail, in Chapter 6.
2: Database concepts 73
Case study
The Gartner Group consultants reported that more than 25 per cent of the critical data in large US
Fortune 1 000 companies' databases is inaccurate or incomplete. This includes incorrect product codes and
product descriptions, faulty inventory descriptions, erroneous financial data, incorrect supplier information,
and incorrect employee data. Gartner believes that customer data degrades at a rate of two per cent per
month, making poor data quality a major obstacle to successful customer relationship management (Gage
and McCormick, 2005).
2: Database concepts 75
Quick revision questions
7 The implementation of a new database should not be constrained by formal planning – a flexible 'see
how we go' approach is best.
Is the statement above true or false?
A true
B false
8 An ………………….. ………………….. ………………….. is a collection of data and processing
procedures that records and creates accounting related information.
What three words are missing from the statement above?
9 In the context of computer databases, what does the abbreviation DAM mean?
1 Data is the raw material for data processing. Data consists of numbers, letters and symbols and
relates to facts, events, and transactions. Information is data that has been processed in such a way
as to be meaningful to the person who receives it.
2 Data and information captured and stored in an organisation’s information systems comes from a
variety of internal and external sources.
3 The statement is True. Computer data is made up of a hierarchy: bit, field, record, file and
database. C
H
4 SQL is short for Structured Query Language, and is a popular database query language. A
P
5 There are four main types of database storage models – hierarchical, network, relational and T
object-oriented. E
R
6 The relationship shown is a many-to-one relationship (M:1), many sales managers reporting to one
sales director.
7 The statement is false. Database implementation should be formally planned and managed to ensure 2
the database is fit for purpose.
8 An Accounting Information System is a collection of data and processing procedures that
records and creates accounting related information.
9 The abbreviation DAM stands for Database Activity Monitoring. DAM software tools sit outside
the database and monitor activity ‘live’. The DAM software alerts the database administrator of any
activity considered potentially suspicious, rather than relying upon subsequent inspection of the audit
trail.
2: Database concepts 77
Answer to chapter question
1 A database management system (DBMS) is the software that manages access to a database. The
DBMS enables numerous applications to operate from the database without the need for separate
files.
Topic list
79
Introduction
We start this chapter by considering the role of Enterprise Resource Planning (ERP) software, focusing on
the centralised database and workflow management aspects of these systems.
Then we discuss the concept of knowledge management, and the software that can help an organisation
gather and manage knowledge and information. Productivity software is covered as part of this discussion.
Later, we focus on the use of data warehouses, before turning our attention to tools used to utilise the
data, information and knowledge stored in organisational information systems.
Don't become too focused on the detailed IT aspects of these topics. What is important for professionally
qualified accountants is an understanding of the principles and thinking behind these systems and techniques
– and most importantly a focus on the business benefits technology can bring.
The chapter content is summarised in the diagram below.
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
C
H
A
P
T
E
R
Definition
Enterprise Resource Planning (ERP)systems integrate the planning, management, and use of all of an
organisation's resources. (Laudon and Laudon 2009).
Enterprise Resource Planning (ERP) systems provide unity and co-ordination across different functional
areas of an organisation. They eliminate the need for separate systems and separate data stores within an
organisation. The two most popular ERP systems are SAP and Oracle.
Finance Accounting
Reports customer's ERP software Records sales and
credit rating and Manages information flow payments and tracks
current selling prices among all database applications business performance
This integration is accomplished with a database shared by all the application programs. For example,
when a customer service representative takes a sales order it is entered in the common database and it
automatically updates the manufacturing backlog, the price, the credit system and the shipping schedule.
ERP systems work in real-time, meaning that the exact status of everything is always available. Further,
many of these systems are global. Since they can be deployed at sites around the world, they can work in
multiple languages and currencies. When they do, you can immediately see, for example, exactly how much C
of a particular part is on-hand at the warehouse in Japan and what its value is in yen or dollars. H
A
P
T
Example: ERP E
R
Say you are running a bicycle shop. Once you make a sale, you enter the order on the ERP system. The
system then updates the stock of bicycles in the shop, incorporates the sale into the financial ledgers, prints
out an invoice, and can prompt you to purchase more bikes to replace the ones that you have sold. The
3
ERP system can also handle repair orders and manage the spare parts stocks. It can also provide automated
tools to help you forecast future sales and to plan activities over the next few weeks. There may also be
data query tools present to enable sophisticated management reports and graphs to be generated. In
addition, the system may handle the return of defective items from unhappy customers, the sending out of
regular account statements to customers, and the management of payments to suppliers.
ERP systems can assist with the scheduling and deployment of all sorts of resources, physical, monetary and
human. A water company might use their ERP system to schedule a customer repair job, deploy staff to the
job, verify that it was done, and subsequently bill the customer. An oil company might use it to ensure that
their tankers are loaded, that a shipping itinerary is prepared and completed on schedule, and that all the
equipment and people required for loading and unloading the cargo in each port are present at the right
times. A bus company might use their system to manage customer bookings, record receipts and plan
maintenance activities for their fleet.
An insurance company could use ERP software to ensure a claim was handled consistently from the initial
call to claim settlement. The workflow application would ensure that each person handling the claim used
the correct online form and successfully completed their step before allowing the process to continue to
the next step.
Case study
SAP Workflow is designed to facilitate and automate business processes involving tasks performed by users
(people in the workplace). It ensures that the right work is assigned in the right sequence at the right time
to the right person in the workflow.
Each step of a business transaction can be easily monitored throughout the initiation and completion of
business processes. SAP Workflow enables the process owners to track deadlines, determine the workload
as well as provide statistics on the length of time to complete work processes.
SAP Workflow can be linked to other software tools such as Microsoft Outlook or Lotus Notes.
Definitions
Knowledge is information within people's minds.
Knowledge management describes the process of collecting, storing and using the knowledge held
within an organisation.
Case study
Facilitating knowledge sharing
World-class companies now realise that the best ideas do not necessarily come from the executive
boardroom but from all levels of the company; from line workers all the way through to top management.
Companies that have cultures that encourage best practice sharing can unlock the rich stores of knowledge
within each employee. Sharing promotes overall knowledge and facilitates further creativity.
World-class companies are innovatively implementing best practice sharing to shake them of out of the rut
of 'the way it's always been done'. Programs such as General Electric's Work-Out sessions help employees
challenge conventions and suggest creative new ideas that drive process improvement, increased efficiency,
and overall, a stronger bottom line.
The fundamental goal of knowledge management is to capture and disseminate knowledge across an
increasingly global enterprise, enabling individuals to avoid repeating mistakes and to operate more
intelligently – striving to create an efficient learning organisation.
The best companies create a best practice-sharing culture through all levels of the organisation, using both
internal and external sources of best practices. They then capture that knowledge and communicate it to all
employees.
Expert systems
Neural networks
Data warehouses 3
Fuzzy logic
Intelligent agents
Definition
Groupware is a term used to describe software that provides functions for the use of collaborative work
groups.
Typically, users of groupware are small project-oriented teams that have important tasks and tight
deadlines. The most widely-used groupware products are Microsoft Outlook and Lotus Notes.
However, there are many related products and technologies. Cloud-based services, such as Google Docs
and Microsoft Office 365 facilitate collaborative composition and editing of documents online without the
versions conflicts often experience. For example, the Google Docs website lists the following facilities for
the Google documents (word processing) part of the suite:
It is when groupware is used to share information with colleagues that it comes into its own. Features of
groupware include the following:
(a) Messaging; an e-mail account to send and receive messages.
(b) Access to an information database, and customisable 'views' of the information held on it, which can
be used to standardise the way information is viewed in a workgroup.
(c) Group scheduling, to keep track of colleagues' schedules and to enable meetings to be arranged,
including booking the meeting room and required resources.
(d) Public folders. These collect, organise, and share files with others on the team or across the
organisation.
(e) Other users can be given 'delegated or shared access' to another's groupware folders and send mail
on their behalf, or read, modify, or create items in public and private folders on their behalf.
(f) Conferencing. Participation in public, online discussions with others.
(g) Assigning tasks. A task request can be sent to a colleague who can accept, decline, or reassign the
task. After the task is accepted, the groupware will keep the task status up-to-date on a task list.
(h) Voting type facilities that can, say, request and tally responses to a multiple-choice question sent in a
mail message (e.g. 'Here is a list of options for this year's Christmas party').
(i) Hyperlinks in mail messages. The recipient can click the hyperlink to go directly to a Web page or
file server.
(j) Wikis. A wiki is a website that allows users to easily create new web pages on the site, to make links
between the pages, and to edit existing pages. Wiki sites are used by many companies to encourage
collaboration between individuals and groups. One of the most widely known public Wiki sites is
Wikipedia, an on-line encyclopedia.
(k) Blogs. A blog (web-log) is a website containing descriptions of events and personal experiences, or
comments or reviews. A blog can also be an individual entry, or a series of entries on a particular
topic. Blogs are usually informal, and can be a diary by a single person, or have contributions from
many sources. Often readers are able to add comments to an entry. Blogs have a huge number of
uses within a business, for instance: examples of conducting an interview, operating a machine, or
closing a sale; reports of field trips or meetings with customers; company or department news;
preparation for coming events of reviews of past ones; descriptions of working in various
departments and at different levels.
User
interface
Definition
An expert system is a computer program that captures human expertise in a limited domain of
knowledge.
Expert system software uses a knowledge base that consists of facts, concepts and the relationships
between them on a particular domain of knowledge and uses pattern-matching techniques to 'solve'
problems.
Rules of thumb or 'heuristics' are important. Heuristics are experienced-based techniques. A simple example
might be 'milk in first' when making a cup of tea: this is a rule of thumb for tea making that saves people having
to rethink how to make a cup of tea every time they do so. A simple business example programmed into a
credit check may be: 'Don't allow credit to a person who has no credit history and has changed address twice
or more within the last three years'.
For example, many financial institutions now use expert systems to process straightforward loan
applications. The user enters certain key facts into the system such as the loan applicant's name and most
recent addresses, their income and monthly outgoings, and details of other loans. The system will then:
(a) Check the facts given against its database to see whether the applicant has a good previous credit
record.
(b) Perform calculations to see whether the applicant can afford to repay the loan.
(c) Make a judgement as to what extent the loan applicant fits the lender's profile of a good risk (based
on the lender's previous experience).
(d) Suggest a decision.
A decision is then suggested, based on the results of this processing. This is why it is now often possible to get a
loan or arrange insurance over the telephone, whereas in the past it would have been necessary to go and speak
to a bank manager or send details to an actuary and then wait for him or her to come to a decision.
Other applications of expert systems include:
(a) Legal advice.
(b) Tax advice.
(c) Forecasting of economic or financial developments, or of market and customer behaviour.
(d) Surveillance, for example of the number of customers entering a supermarket, to decide what
shelves need restocking and when more checkouts need to be opened.
(e) Diagnostic systems, to identify causes of problems, for example in a factory, or in healthcare.
(f) Education and training, diagnosing a student's or worker's weaknesses and providing or
recommending extra instruction as appropriate.
(a) The knowledge base contains facts and rules from past experience.
(b) The knowledge acquisition program is a program which enables the expert system to
incorporate new knowledge and rules.
(c) The working memory stores the facts and rules being used by the current enquiry, and the
current information given to it by the user.
C
(d) The inferencing engine is the software that executes the reasoning. It applies the rules in the H
knowledge base to the facts of the case presented. A
P
T
2.6.3 When are expert systems effective? E
R
Expert systems are best suited to situations where:
(a) The problem is structured, meaning that there is a definite way to reach a correct conclusion.
(b) The expert can define rules by which the problem can be solved. 3
(c) The investment in an expert system is cost-justified.
The knowledge base of an expert system must be kept up-to-date and this will be difficult and expensive in
a dynamic environment.
Expert systems work by a going through a series of “If….then…else…” steps. They are not suited to high-
level, unstructured problems as these require judgement and information from a wide range of sources
rather than simply deciding between a few known alternatives.
LOs
3.1 3 Data warehousing
3.4
Section overview
A data warehouse consists of a database, containing data from various operational systems, and
reporting and query tools.
Definitions
A data warehouse is a copy of transaction data specifically structured for querying and reporting.
A data mart is similar to a data warehouse but the mart holds data relating to a specific department,
function or area of the business. It can be regarded as a sub-set of a data warehouse.
Subject-oriented A data warehouse is focused on data groups such as customer, supplier, product and activity.
Integrated Data within the data warehouse must be consistent in format and codes used – this is referred
to as ‘integrated’ in the context of data warehouses. Data must arrive in the data warehouse in
a consistent integrated state so that it can be consistently stored for later use. The data import
routine should 'cleanse' any inconsistencies.
Time-variant Data is organised by time and stored in 'time-slices'. Data warehouse data may cover a long
time horizon, perhaps from five to ten years. Data warehouse data tends to deal with trends
rather than single points in time. As a result, each data element in the data warehouse
environment must carry with it the time for which it applies.
Non-volatile Historical data cannot be changed within the warehouse. Only load and retrieval operations are
made.
Organisations may build a single central data warehouse to serve the entire organisation or may create a
series of smaller data marts. A data mart holds a selection of the organisation's data for a specific purpose.
A data mart can be constructed more quickly and cheaply than a data warehouse. However, if too many
individual data marts are built, organisations may find it is more efficient to have a single data warehouse
serving all areas.
Case study
Data gathering and use
Gathering data is the easy bit. Many companies have a transactional database at their disposal – the difficult
part is figuring out how to use the data to drive more profitable relationships with customers.
It might be tempting to take advantage of every customer 'touch point' to acquire more knowledge but
consumers are increasingly asking 'What's in it for me?' In the right circumstances they will provide
information but unless it is relevant to them and there is a tangible benefit, companies risk alienation.
Ward & Daniel (2006), when writing about benefits management, make the point that many management
information systems projects and data warehouse investments are expected to bring the general benefit of
LO
3.4 4 Data mining
Section overview
Data mining software looks for hidden, previously unknown patterns and relationships in large
pools of data.
Definition
Data mining is the analysis of data with the aim of discovering previously unknown, potentially useful
relationships.
LO There are many different definitions of data mining. However, the principle of data mining relates to the use
3.4 of advanced analytical techniques to discover useful relationships in large databases, typically, data
warehouses.
For example, the sales records for a particular brand of golf club might, if sufficiently analysed and related to
other market data, reveal a seasonal correlation with the purchase of tennis equipment by the same people.
Data mining differs from the use of structured query language to access large databases, in that the latter is
simply summarising data that is already in the database. Data mining, on the other hand, is looking for
‘hidden’ relationships in the data that can then be used to find rules in that data and to predict future trends
arising from those rules.
The data to be mined will normally be in a database. However, that data must be prepared for mining prior
to mining taking place. The analyst may need to select, sample, aggregate, filter, cleanse, and transform data
in preparation for mining.
Some people’s definition of data mining is linked with their definition of data warehousing. Data warehouses
are for storing data, not turning it into information, whereas data mining turns data into information.
The process of data mining normally results in five different types of results being obtained.
Associations – are the occurrences that are linked to a single event i.e. where one event can be 3
correlated to another event. For example, in a supermarket it may be found that people who purchase beer
also buy peanuts 35% of the time. However, when there is a ‘special offer’ on peanuts then beer and peanut
purchases are linked 50% of the time. Having access to this type of information will help the store manager
plan for appropriate special offers in the store as well as deciding where to place goods on the shelves.
Placing beer and peanuts on the same shelf may well increase the sales of these products because the
purchases are highly correlated.
Sequences – occur where events are linked over time, that is, one event leading to another later event.
For example, it may be found that 55% of the time, the purchase of curtains is followed by a purchase of a
rug after two months. Sending a direct mail shot to purchasers of curtains with details of an offer on
rug/carpet purchases may help to increase further the number of rugs sold.
Classification – aims to recognise patterns within the database for specific groups of items. This information
is used to try and predict the activity of specific items within that group. For example, some people tend to
change their credit card on a regular basis. By analysing the characteristics of the group of people with credit
cards, a card issuer may find it possible to identify those people most likely to change their card. Having
identified those people, special offers can be devised to try and stop them changing their credit card.
Clustering – works in a similar way to classification, although in this situation no groups have been
defined. In this situation, data mining involves finding groups within the entire database, perhaps by splitting
the database by geographical region or by age groupings. Specific characteristics can then be applied to
those groups to help identify trends.
Forecasting – is used to discover patterns in the data that can lead to predictions about the future. In this
sense, forecasting is simply extrapolating existing trends into the future to help determine the value of
different figures. For example, trying to determine the value of sales for the next six months based on sales
figures for the past five years.
Data mining can also be used to locate individuals within the database and then target those individuals with
specific offers or information. For example, some supermarkets send out offers to their customers based
Exam comments
exam
Ensure you understand what data mining is and the relationships it might uncover for your exam.
Case study
Data mining technology
Facebook and MySpace, the social networking giants, have both used data mining software to tailor the
advertisements presented to different users. In some cases the technology has improved the likelihood of
members clicking on an advert by up to 80 per cent. Factors taken into account include user group
membership and personal interests to formulate detailed portraits that can be used by advertisers to target
ads.
Definitions
Business intelligence (BI) applications enable the data held in databases to be manipulated and analysed.
A diagram showing how data, databases, a data warehouse and various data analysis tools work together
follows:
Databases, multi dimensional data cubes, data warehouse and data analysis tools
1 An Enterprise Resource Planning (ERP) system includes separate, distinct databases for each
organisational function. Individual ERP modules use their own data.
Is the statement above true or false?
A true
B false
3 Match the following types of system (left column) with how they help knowledge management (right
column).
Knowledge work systems Knowledge distribution
Artificial intelligence systems Knowledge sharing
Office automation systems Knowledge creation
Group collaboration systems Knowledge capture and codification
5 Microsoft Word is an example of both productivity software and Office Automation System
software.
Is the statement above true or false?
A true
B false
6 Distinguish between a data warehouse and a data mart.
7 A ………………. …………………. is a software tool that provides a high level, summarised view of
the performance of an enterprise.
What two words are missing from the statement above?
8 What type of software looks for hidden, previously unknown patterns and relationships in large
pools of data?
1 The statement is False. Enterprise Resource Planning (ERP) systems are built around a unified
central database that holds data that is utilised by all system modules.
2 Explicit knowledge is knowledge that an organisation already stores in formal systems. It includes
facts, transactions and events that can be clearly stated and stored in information systems.
Tacit knowledge is expertise held by people within the organisation that has not been formally
documented.
3 The correct combinations are shown below.
Knowledge work systems Knowledge creation
Artificial intelligence systems Knowledge capture and codification
Office automation systems Knowledge distribution
Group collaboration systems Knowledge sharing
4 The statement is False. Artificial intelligence (AI) is the development of computer-based systems
designed to behave as humans. Artificial intelligence systems are based on human expertise,
knowledge and reasoning patterns. An expert system is one example of AI. Expert systems are
computer programs that capture human expertise in a limited domain of knowledge.
C
5 The statement is True. Microsoft Word is an example of both productivity software and Office H
A
Automation System software. P
6 A data warehouse consists of a database, containing data from various operational systems, and T
E
reporting and query tools. A data mart is similar, but generally smaller. It holds a selection of the R
organisation's data for a specific purpose.
7 A digital dashboard is a software tool that provides a high level, summarised view of the
performance of an enterprise. 3
8 Data mining software looks for hidden, previously unknown patterns and relationships in large
pools of data.
1 A data warehouse consists of a database, containing data from various operational systems, and
reporting and query tools.
The following issues would need to be addressed if a data warehouse is to be implemented at the
Westhampton University.
(a) The 24 different departments use different systems and data, a common format for data held
in the data warehouse needs to be selected and applied.
(b) Manipulating the data into the required format for import into the warehouse would require
an automated data conversion program. Different conversion routines will be required to
cope with the different systems that will feed the warehouse.
(c) The effort required establishing and implementing a data warehouse may not be justified. The
data warehouse would hold historical student data which is not essential for the day to day
tuition of current students.
(d) The data warehouse should incorporate a reporting and query tool that allows users to view
and analyse data. All staff that may be required to access data held in the warehouse will
require training to enable them to extract the data they require.
(e) Data warehouses require staff to maintain and administer them. Data must be copied to the
data warehouse as often as required. As operational data will be held on other systems, it is
likely that data would be copied to the data warehouse at the end of each academic year.
Other tasks associated with the system will include the assigning of appropriate access rights
to users, and establishing back-up routines.
(f) Data warehouses are often used in a business context in conjunction with data mining, which
involves searching for patterns within information that are able to be exploited. It is unlikely
that data mining could be applied beneficially in the context of the University – hidden
patterns related to student course selection are unlikely to bring any benefit.
Topic list
105
Introduction
In this chapter we introduce a methodology for designing and developing information systems – the
systems development life cycle (SDLC).
We shall use the SDLC as a foundation to explain the processes and controls which organisations use when
creating new systems and maintaining them once they have been implemented.
The chapter content is summarised in the diagram below.
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
1 What are the criteria on which the success of projects is judged? (Section 1)
2 What cost categories are considered when considering a project's feasibility? (Section 2.3)
3 What are the tools used in system investigation? (Section 3.1)
4 What is a DFD? (Section 4.1)
5 What is meant by a system's logical design? (Section 5.1)
6 What is unit integration testing? (Section 6.2)
7 What are metrics? (Section 7.2)
8 What is adaptive maintenance? (Section 8.2)
C
H
A
P
T
E
R
In the early days of computing, systems were developed in a fairly haphazard way and were poorly
planned. The consequences were often badly designed systems, which cost too much to develop and which
were not suited to users' needs.
As early as the 1960s, developers attempted to bring order to the development process. Since then, a
number of systems development life cycle (SDLC) models have been created. The original 'typical'
SDLC is sometimes referred to as the waterfall model – this is because it involves a sequence of stages in
which the output of each stage becomes the input for the next stage; the development process always
moved relentlessly in one direction – like water in a waterfall. These stages can be characterised and
divided up in different ways, including the following:
Project planning, feasibility study - establishes a high-level view of the intended project and determines
its goals.
Systems analysis, requirements definition - refines project goals into defined functions and operation of
the intended application. Analyses end-user information needs.
Systems design - describes desired features and operations in detail, including screen layouts, business
rules, process diagrams, pseudo code and other documentation.
Systems development - the program code is written here.
Integration and testing - brings all the pieces together into a special testing environment, then checks
for errors, bugs and interoperability.
Systems implementation: acceptance, installation, training and deployment - the final stage of initial
development, where the software is installed, files are converted, personnel trained and the system
begins to be used for the organisation’s processing.
Maintenance - includes what happens during the rest of the software’s life: changes, correction,
additions, and moves to a different computing platform. Maintenance is needed throughout the life of
the system.
P Planning (feasibility)
Planning stage
Review and
A Analysis
Analysis stage maintenance
Design stage D Design
Development stage
D Development
Implementation stage.
I Implementation
C
H
A
P
T
E
Before even the planning stage begins, the organisation must identify the need for the new system. This R
process may involve end users who come up with an idea for improving their work or may only involve
Information Systems (IS) people. Ideally, the process occurs in tandem with a review of the organisation's
strategic plan to ensure that IT is being used to help the organisation achieve its strategic objectives. 4
Management may need to approve concept ideas before any money is budgeted for its development.
The activities associated with the steps outlined by the mnemonic ‘PADDI’ follow:
Planning (P) - will include establishing the terms of reference and a project feasibility study. The terms of
reference will include details as to what is expected from the project team.
The project feasibility study is concerned with justifying the system in terms of the benefits it will bring to
the organisation. The study will look at the volume and nature of transactions, the operating costs and the
availability of alternatives. It will normally look at economic feasibility (costs compared to benefits, technical
feasibility (will it work?), operational feasibility (will employees and customers want to use it?).
System analysis (A) - this stage will include a detailed investigation of the existing system in order to
discover the precise nature of the users’ needs and the way in which the system currently operates. The
performance of the existing system should be measured for effectiveness - providing a benchmark for the
new system. This stage will involve fact finding exercises and documentation of the system to enable the
production of an outline specification of users’ needs. The information that has been collected must be
LO
5.6
1.4 Project management
Developing a new system, even using a framework such as the SDLC, is difficult and it is important for the
project to be carefully managed to ensure a successful result.
Projects are usually deemed successful if they are completed on time, within budget and they achieve their
planned functionality or deliverables.
Constraint Comment
Scope or The work that was specified has been done and all the planned deliverables have, in fact,
Functionality been delivered.
Budget The project should be completed without exceeding authorised expenditure.
Timescale The progress of the project must follow the planned process, so that the 'result' is ready
for use at the agreed date. As time is money, proper time management can help contain
costs.
It is possible to add a fourth constraint: Quality, which extends the Scope constraint such that the end
result conforms to the project specification. In other words, the result should achieve what the project was
supposed to do to a given quality standard, such as reliability or response time.
C
It is worth pointing out that the main cause for IT project failure is ‘project drift’. This occurs when the H
A
scope and functionality of the project were not properly determined and agreed in advance. The various P
stakeholders in the project might therefore want and expect different outcomes, and in an effort to please T
all, the project managers allow the project to grow in an uncontrolled way, adding functionality, incurring E
additional expense and time, and running the risk that the project will not actually achieve its most R
important and fundamental deliverables.
An article in Financial Management (June 2006) helpfully summarises the factors that contribute to successful 4
project delivery as follows:
(a) Proper planning with regard to time, cost and resource constraints.
(b) The involvement of users (among other key stakeholders) in development and delivery processes, to
ensure that their needs are met (without subsequent changes).
(c) Competent and committed project staff, with the right skills.
(d) Ownership by senior managers on the basis of a clear business case.
(e) Careful management of constraints: control procedures for monitoring the pace, money/resource
usage and conformance of the project.
(f) Risk assessment and management, allowing for risk reduction and contingency planning.
(g) Clear criteria for business case and precise measurements of performance, so that project success
can be evaluated and lessons learned.
Exam comments
exam
Ensure you understand the controls used in project management for your exam.
Project managers often make use of sophisticated software and systems which define a set of standards for
controlling project activities. Published standards (described below) include PMBOK and PMA BOK.
Appointing project managers with control over staff in a number of functional areas creates a ‘Balanced
Matrix’, and creating a new function area containing a pool of such project managers results in a ‘Strong
Matrix’.
PMBOK assumes that each phase of a project (eg. Design Phase, Implementation Phase) is accomplished by
five groups of processes:
Initiating – recognising the needs, and committing the necessary resources;
Planning – devising and maintaining a workable scheme;
Executing – coordinating people and other resources;
Monitoring and Controlling – measuring progress and taking corrective action;
Closing – formal acceptance of a completed project.
The completion of one process implies the start of the next, and the outputs of a process (documents, etc)
become the inputs of the next, though in complex projects these groups may overlap considerably in time.
1.5.3 PRINCE2
PRINCE was developed by the UK Government. The acronym PRINCE stands for PRojects IN Controlled
Environments.
The latest version of PRINCE, PRINCE2 is now the de facto UK standard for systems project management
C
and is widely used in other countries. H
A
Stage control is the process undertaken by the project manager to ensure that any given stage of the
P
project remains on course. A project might consist of just one stage. T
E
PRINCE2 project control includes a structure of reports and meetings as follows: R
(a) A project initiation meeting agrees the scope and objectives of the project and gives approval for
it to start.
4
(b) The completion of each project stage is marked by an end stage assessment, which includes
reports from the project manager and the project assurance team. The next stage does not
commence until its plans have been reviewed and approved.
(c) Mid stage assessments are optional and may arise if, for example, a stage runs for a particularly
long time or it is necessary to start a new stage before the current one is complete.
(d) Highlight reports are submitted regularly by the project manager to their superiors. These
reports are the main overall routine control mechanism and their frequency (often monthly) is
agreed at project initiation. They are essentially progress reports and should include brief summaries
of project schedule and budget status.
(e) The checkpoint is the main control device used by the project team itself. Meetings are held more
frequently than highlight reports are prepared (possibly weekly) and provide a basis for continuing
progress review by team leaders and members.
The earlier a change is made the less expensive it should be to implement. However, all changes will cost
time and money and should not be undertaken lightly.
When considering a change an investigation should be conducted to discover:
(a) The consequences of not implementing the proposed change.
(b) The impact of the change on time, cost and quality.
(c) The expected costs and benefits of the change.
(d) The risks associated with the change, and with the status quo.
The process of ensuring that proper consideration is given to the impact of proposed changes is known as
change control.
In the remainder of this chapter, we will look in greater detail at the activities undertaken during each stage
of systems development.
Question 1: PRINCE2
Which of the following is the main control device for a project team operating under PRINCE2?
A checkpoint
B highlight report
C mid stage assessment
D end stage assessment
(The answer is at the end of the chapter)
LO
5.5 2 Feasibility study
Section overview
A feasibility study is a formal study to decide on the economic, technical, operational and social
viability of a project.
A feasibility study team should be appointed to carry out the study (although individuals might be given the
task in the case of smaller projects). The team should include people from departments affected by the
project as well as those with the required technical and business knowledge. With larger projects it may
well be worthwhile for a small firm to employ a professional systems analyst and then appoint a
management team to work with the analyst.
Once the team is assembled the study begins. A common approach is to look at the existing system for
problems, generate possible alternative solutions and evaluate them.
2.3 Costs
The costs of a new system can be classified into a number of categories – the following table provides some
examples.
Cost Examples
Equipment costs Computers and peripherals
Ancillary equipment
The initial system supplies (flash drives, CD-ROMs, paper)
Installation costs New buildings (if necessary)
The computer room (wiring, air-conditioning if necessary)
C
Development costs Measuring and analysing the existing system H
A
Software/consultancy work P
Systems analysis and programming T
E
Changeover costs such as file conversion R
Personnel costs Staff training
Staff recruitment/relocation
4
Staff salaries and pensions
Redundancy payments
Overheads
Operating costs Consumable materials (memory sticks, toners, CD-ROMs, stationery)
Maintenance
Accommodation costs
Heating/power/insurance/telephone
Standby arrangements, in case the system breaks down
Observable benefits
Observable benefits are those that cannot be objectively measured and their assessment depends on the
views of appropriately experienced observers. These benefits relate mainly to matters such as customer
satisfaction, staff morale, ethical standing and empathy with patients. They are of relatively little use in initial
project justification because they are so difficult to communicate with any accuracy, but undoubtedly they
can be recognised after projects have been completed. Almost inevitably, efforts are made to try to
measure these ‘soft’ benefits because then they become easier to deal with and less reliance needs to be
invested in the opinions of the observing experts.
It is important to realise that many observable effects are also likely to be unexpected effects. The very fact
that they are unexpected means that no attempt will have been made to measure them; after the project has
been completed they become obvious. This does not mean that effects that are merely observable or
unexpected are unimportant. Some of the most significant benefits and disbenefits are those that surprise
everyone dealing with the project. An example can be seen in a new intranet and group working software
being implemented in a firm of accountants. The expected benefit might be faster communication, but an
unexpected benefit might be the ability to shift routine work to less expensive staff situated in cheaper areas
of the country.
Measurable benefits
This term has a very precise meaning: the benefit can be measured objectively, but it is not possible to
predict how a project will change it. By definition, these benefits are not going to be very useful when
constructing a business case for a project. However, retrospectively, it will be extremely interesting to see
how various measures have moved and these effects will be important in post-project and post-
implementation reviews.
Quantifiable benefits
Here, the extent of the benefits or improvements can be forecast. It is only once benefits have become
quantifiable that there is any hope of progressing to financial measurement and the construction of a sound
economic business case for the project. There are several challenges:
Ensuring that all quantifiable benefits and disbenefits are captured. If an important factor is
omitted, then the analysis will be distorted.
Establishing a starting point – a baseline against which changes can be compared. This requires the
measurement techniques to be established.
Predicting the changes that the project will cause – turning measurable changes into quantifiable
changes.
Section overview
4
System investigation is a detailed fact-finding exercise about the areas and system under
consideration. Methods employed include the use of interviews and questionnaires.
Once the project team has determined that the project is feasible, it has to determine the existing system's
inputs, outputs, processing methods and volumes so that the new system can perform the tasks which it is
needed for. As part of this, the team should review the organisational structure and examine controls,
staffing and costs. It should also consider the expected growth of the organisation and its future
requirements.
LO
5.5
4 System analysis
Section overview
System analysis examines why current methods are used, what alternatives are available, what
restricts the effectiveness of the system and what performance criteria are required from a new
system.
Systems analysis is a process which examines why current methods are used and what alternatives might
achieve the same or better results. A variety of fact-finding techniques are available to determine how a
system operates, what document flows occur, what work processes are involved and what personnel are
involved. Common techniques used include data flow diagrams, entity relationship modelling and entity life
histories and decision tables.
An entity is a source or destination of data which is considered external to the system (not necessarily
external to the organisation). It may be people or groups who provide data or input information or who
receive data or output information.
A data store is a point which receives a data flow and holds data.
A data flow represents the movement or transfer of data from one point in the system to another.
Data processes involve data being used or altered. The processes could be manual, mechanised or
computerised.
C
H
A
P
T
E
R
Worked Example
A customer receives a 5% discount if an order is more than $1,000
A customer receives a 10% discount if designated ‘Favoured’.
The discounts are independent and cumulative
The action entry quadrant shows the action or actions that will be performed for each rule. In the computer
program, instructions specify the action to take, given the conditions established by comparison checks.
In this stage the new system should be designed to meet an agreed (by users, developers, management)
requirements specification. There are two types of design, logical and physical.
LOs
5.1 6 System implementation
5.5
Section overview
System implementation describes a number of processes which take the new system's logical
and physical design through to the point where it is ready for operations.
The main stages in the implementation of a computer system once it has been designed are as follows:
(a) Installation of the hardware and software.
(b) Testing.
(c) Staff training and production of documentation.
(d) Conversion of files and database creation.
(e) Changeover.
The items in the list above do not necessarily happen in a set chronological order, and some can be done at
the same time. Therefore the requirements for implementation vary from system to system.
6.1 Installation
Installing a mainframe computer or a large network is a major operation that is carried out by the
manufacturer/supplier. If just a few PCs are being installed in a small network, this may be able to be
performed by non-specialists, though some technical expertise is needed.
6.2 Testing
A system must be thoroughly tested otherwise there is a danger that it will go live with faults that might
prove costly. The scope of tests and trials will vary with the size and complexity of the system. To ensure a
coherent, effective approach to testing, a testing plan should be developed. The following types of testing
may be used:
(a) Logic testing. Before any programs are written the logic behind them should be checked. This
process would involve the use of flow charts or data flow diagrams and decision trees. The path of
different types of data and transactions are manually plotted through the system, to ensure all
possibilities have been catered for and that the processing logic is correct.
(b) Program testing. This involves processing test data through all programs. Test data should be of
the type that the program will be required to process and should also include invalid/exceptional
items to test whether the program is resilient and reacts as it should.
(c) Unit testing and unit integration testing. Unit testing means testing one function or part of a
program to ensure it operates as intended. Unit integration testing involves testing two or more
software units to ensure they work together as intended.
(d) System testing. System testing has a wider focus than program testing and extends into areas such
as the practicalities of input, system flexibility, the system's ability to cope with peak transaction
volumes and to produce information when required. System testing involves testing both before
installation (known as off-line testing) and after implementation (on-line testing).
(e) User acceptance testing. This is used to establish whether users are satisfied that the new system
meets the system specification when used in the actual operating environment. Users process test
data, system performance is closely monitored and users report how they felt the system meets
their needs. Test data may include some historical data, because it is then possible to check results
against the 'actual' output from the old system. Usability will also be assessed. This form of testing
also has the benefit of helping the new users accept the new system and any changes to how they
perform their work.
C
6.3 Training H
A
Staff training in the use of a new system is essential if the return on investment is to be maximised. If proper P
training is not carried out then many of the benefits predicted at the feasibility study stage will not be T
realised. Training should be provided to all staff who will use the system. Examples of situations where E
R
significant training is likely to be required include, when:
The training method applicable in a given situation will depend on the following factors:
Time available.
Software complexity.
User skill levels and learning styles.
Facilities available.
Budget.
User documentation may be used to explain the system to users. Much of this information may be
available on-line using context-sensitive help e.g. 'Press F1 for help'.
LOs
5.1
5.5 6.4 File conversion
5.7
Most computer systems are based on files containing data. When a new system is introduced, files must be
created that conform to the requirements of that system. The various scenarios that file conversion could
involve are outlined in the following table:
Held in manual (i.e. paper) Data will be keyed into the new system – probably via input forms, so that data
files entry operators have all the data they require in one document. This is likely to
be a time-consuming process.
Held in existing computer It may be possible to automate much of the conversion process.
files
Held in both manual and Two separate conversion procedures are required and the two sources of data
computer files have to be integrated.
Existing data is incomplete If the missing data is crucial, it must be researched and made available in a
or inaccurate format suitable for the new system – or suitable for the file conversion process.
Incorrect data should be identified and removed or corrected. There is no point
starting off the new system with poor data.
The file conversion process is shown in the following diagram, which assumes the original data is held in
manual files.
LOs
5.1
6.5 Changeover
5.5 C
Once the new system has been fully and satisfactorily tested the changeover (sometimes called H
5.7
handover) can be made. There are four main methods of system changeover: A
P
(a) Direct ('Big Bang') changeover. The old system is completely replaced by the new system in one T
move. This may be unavoidable where the two systems are substantially different, or where the E
costs of parallel running are too great. R
While this method is comparatively cheap, it is risky, particularly when processing day-to-day
transactions depends on correct functioning of the IT system. For example, if customer orders are 4
taken over the Internet, sales will soon dry up if the system doesn’t work. If this method has to be
used, the new system should be introduced during a quiet period, for example over a public holiday
or during an office closure.
(b) Parallel running. The old and new systems are run in parallel for a period of time, both processing
current data and enabling cross checking to be made. This method provides a degree of safety should
there be problems with the new system. However, if there are differences between the two systems
cross-checking may be difficult or impossible.
Parallel running delays the full implementation and use of the new system, which may be perceived as
a lack of confidence in the system. Also, more staff or overtime working may be needed to cope
with systems running concurrently.
This cautious approach, if adopted, should be properly planned, and the plan should include:
(c) Pilot operation. A pilot operation involves selecting part or parts of an organisation (e.g. a
department or branch) to operate running the new system in parallel with the existing system. When
the branch or department piloting the system is satisfied with the new system, they cease to use the
old system. The new system can then be implemented through out the organisation in relative safety.
area of the organisation.
Pilot operation is cheaper and easier to control than running the whole system in parallel, and
provides a greater degree of safety than a direct changeover. Additionally, the learning that is
experienced during the changeover of the first branches can be used to improve the system and the
implementation in the remaining branches.
(d) Phased changeover. Phased or modular changeover involves selecting a complete section of the
system for a direct changeover, e.g. in an accounting system the general ledger. When this part is
running satisfactorily, another part is switched – until eventually the whole system has been changed.
A phased series of direct changeovers is less risky than a single direct changeover, as any problems
and disruption experienced should be isolated in an area of operations.
The relative advantages and disadvantages of the various changeover methods are outlined in the
following table:
Parallel running Safe, built-in safety Costly - two systems need to be operated
Provides a way of verifying results of new Time-consuming
system
Additional workload
Pilot operation Less risky than direct changeover Can take a long time to achieve total
changeover
Less costly than complete parallel running
Not as safe as complete parallel running
Phased changeover Less risky than a single direct changeover Can take a long time to achieve total
changeover
Any problems should be in one area – other
operations unaffected Interfaces between parts of the system may
make this impractical
LO
5.7
7 System review
Section overview
A system should be reviewed after implementation, and periodically, so that any unforeseen
problems may be solved and to confirm that it is achieving the desired results.
The system should have been designed with clear, specified objectives, and justification in terms of cost-
benefit analysis or other performance criteria. Once it has been implemented the project team can
review the system's actual performance against what was expected.
A post-implementation review should establish whether the objectives and targeted performance criteria
have been met, and if not, why not, and what should be done about it. In appraising the operation of the
new system immediately after the changeover, comparison should be made between actual and predicted
performance.
This will include:
(a) Consideration of throughput speed (time between input and output).
(b) Use of computer storage (both internal and external).
(c) The number and type of errors/queries.
(d) The cost of processing (data capture, preparation, storage and output media).
A special steering committee may be set up to ensure that post-implementation reviews are carried out,
although the internal audit department may be required to do the work of carrying out the reviews.
The post-implementation measurements should not be made too soon after the system goes live, or else
results will be abnormally affected by 'teething' problems, lack of user familiarity and resistance to change. A
suitable period is likely to be between one month and one year after completion (the appropriate length of
time will depend upon the role of the system, and how complex it is).
Maintenance must be included in the initial planning of a system with the allocation of adequate staff and
resources. The software must be structured and the documentation must be of a high enough standard to
allow people who are unfamiliar with the system to make any necessary changes to one part without
impairing the functionality of other parts.
Definition
Maintenance is the process of modifying an information system to continually satisfy organisational and
user requirements.
We can distinguish between hardware and software maintenance in costs as well as in objectives.
Hardware maintenance - the purpose of maintaining computer system hardware is to keep the
equipment in working order without changing its functionality. Traditionally, this aspect of system
maintenance has been covered by maintenance contracts with equipment manufacturers.
System maintenance - the principal effort in system maintenance is directed at maintaining the
applications software. Software maintenance includes all modifications of a software product after it has
been turned over to operations. The cost of this maintenance over the useful life of an application is
typically twice the development cost.
Some characteristics of software that affect software maintenance are system size, age, and structure.
Understanding the characteristics of software will facilitate maintaining the software more efficiently.
Factor Comment
Errors However carefully and diligently the systems development staff carry out systems testing and
program testing, it is likely that bugs will exist in a newly implemented system. Most should be
identified during the first few runs of a system. The effect of errors can obviously vary
enormously: some can be fatal to the operation of the system whilst other are mere irritants.
Poor If old systems are accompanied by poor documentation, or even a complete lack of
documentation documentation, it may be very difficult to understand them and update them. Programmers
may opt instead to patch up the system with new applications using newer technology.
Changes in Although users should be consulted at all stages of systems development, problems may arise
requirements after a system is implemented because users may have found it difficult to express their
requirements and to understand what is planned. Occasionally users may have been concerned
about the future of their jobs and may therefore not have been willing to have participated fully
in development of the new system.
Cost constraints may have meant that certain requested features were not incorporated. Time
constraints may have meant that requirements suggested during development were ignored in
the interest of prompt completion.
There are therefore three broad types of system maintenance as described below:
(a) Corrective maintenance is carried out when there is a systems failure of some kind. For example
a defect in processing or in an implementation procedure. Its objective is to ensure that systems
remain operational.
(b) Adaptive maintenance is carried out to take account of changes or anticipated changes in the
processing environment. For example, new taxation legislation might require changes to be made to
payroll software.
(c) Perfective maintenance is carried out in order to perfect the software, or to improve it so that
the processing inefficiencies are eliminated and performance is enhanced.
Corrective maintenance usually consists of action in response to a problem. Adaptive maintenance
responds to prospective problems. Much perfective maintenance consists of making enhancements C
requested by users to improve or extend the facilities available. For example, the user interface may be H
amended to make software more user friendly. A
P
Whereas corrective and adaptive maintenance are more or less essential, great care should be exercised T
E
over perfective maintenance as it can be very expensive to generate marginal improvements and benefits. R
Each request for maintenance should be critically examined in terms of its feasibility.
Provision must also be made to ensure computer hardware is maintained. A hardware maintenance
contract should specify service response times in the event of a breakdown, and include provision for 4
temporary replacement equipment if necessary. Maintenance services may be provided by the computer
manufacturers or suppliers, or by a third-party maintenance company.
Section overview
Project control is the continuous monitoring of the project for deviations from plan (time, cost, and
scope) and the execution of corrective action. There are two key elements to the control of any
project: gates and milestones (clear, unambiguous targets of what, by when), and an established
means of communication.
Developing a new system is no small or easy undertaking and it is important for the project to be
carefully managed to ensure a successful result. The systems development lifecycle is a methodology
for developing information systems to ensure they are properly planned, cost-effective and meet the
needs of users.
The systems development life cycle (SDLC) can be described using the main stages involved in an
information system development project, from an initial feasibility study in the planning stage through
analysis, design, development and implementation to maintenance of the completed application.
A feasibility study is a formal study to decide what type of system can be developed which best
meets the needs of the organisation.
System investigation is a detailed fact-finding exercise about the areas and system under
consideration. Methods employed include the use of interviews and questionnaires.
System analysis examines why current methods are used, what alternatives are available, what
restricts the effectiveness of the system and what performance criteria are required from a new
system.
System design is a technical phase which addresses in particular inputs, outputs, program design,
dialogue design, file design and security.
System implementation describes a number of processes which take the new system's logical and
physical design through to the point where it is ready for operations.
A system should be reviewed after implementation, and periodically, so that any unforeseen problems
may be solved and to confirm that it is achieving the desired results.
There are three types of systems maintenance. Corrective maintenance is carried out to correct an
error, perfective maintenance aims to make enhancements to systems and adaptive maintenance
takes account of anticipated changes in the processing environment.
Project control is the continuous monitoring of the project for deviations from plan (time, cost, and
scope) and the execution of corrective action. There are two key elements to the control of any
project: gates and milestones (clear, unambiguous targets of what, by when); and an established
means of communication.
Published standards for Project Control include the Project Management Body of Knowledge
(PMBOK), the Association for Project Management Book of Knowledge (APM BoK), and PRINCE2.
1 In the systems development life cycle (SDLC) which stage comes after feasibility study?
A system analysis
B system design
C system investigation
D system implementation
2 When conducting a feasibility study a number of costs and benefits of the proposed system are
analysed. Which of the following is a tangible benefit as opposed to an intangible benefit?
A increased customer satisfaction
B improved efficiency resulting in lower operating costs
C improved staff morale
D better decision making
3 Which of the following methods of system investigation is the most expensive to conduct?
A interviews
B questionnaires
C document review
D looking at existing systems
4 Which method of system analysis provides an investigator with a basic understanding of how a
system works?
A data flow diagrams
B entity relationship modelling
C entity life histories
D decision tables
5 The term 'system configuration' describes the:
A hardware specification of a system
B software specification of a system
C purpose of the system
D hardware, software and processes of which a system comprises
6 Which method of system changeover is the most expensive? C
H
A direct changeover A
B parallel running P
T
C pilot operation
E
D phased changeover R
7 Which of the following are direct measures of system quality?
I throughput speed 4
II number of errors
III number of calls to the help desk
A I and II only
B I and III only
C II and III only
D I, II and III
8 Which of the following are examples of system operations?
I testing system security
II updating the system for changes in legislation
III purchasing consumables needed by the system
A I and II only
B I and III only
C II and III only
D I, II and III
2 B Cost savings are a tangible benefit, the others are all intangible benefits.
3 A Interviews are more time consuming than the other options and therefore more
expensive.
4 A Data flow diagrams provide an investigator with a basic understanding of how a system
works.
5 D ‘System configuration’ describes the hardware, software and processes of which a system
comprises.
6 B Parallel running is the most expensive as it requires both systems to be running together
for a period of time.
8 B Updating the system for changes in legislation is adaptive maintenance, not system
operations.
1 A Checkpoints are the main control device used by project teams operating under PRINCE2.
C
H
A
P
T
E
R
Topic list
139
Introduction
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
1 AIS adds value to an organisation by (Section 1.2)
I improving efficiency.
II sharing knowledge.
III improving the internal control structure.
Definition
An accounting information system (AIS) is the system that collects, records, stores and processes
data to keep and maintain its accounting records. This includes the purchase, sales, and other financial
processes of the business.
LO An alternative definition is found in Boochholdt J (Accounting Information Systems Transaction Processing and
6.2 Control. The McGraw-Hill companies, 1999), which defines accounting information systems as systems that
operate the functions of data gathering, processing, categorising and reporting financial events with the aim
of providing relevant information for the purpose of score keeping, attention directing and decision-making.
Accounting software allows faster data entry than manual accounting, so that documents such as invoices,
purchase orders and payroll can be collated and printed quickly and accurately. Because the AIS updates
some records automatically, the accounting records will always be up to date, saving time in updating.
A big advantage of AIS is that they automate and streamline reporting. Reporting is a major tool for
organisations allowing them to see accurate, summarised, timely information for use in decision-making and
financial reporting. The AIS pulls data from the centralised database, processes and transforms it, and
ultimately generates a summary of that data as information that can now be easily analysed by managers or
other decision makers.
This means that:
there is no need to reconcile financial and costing accounts.
the probability of error is less because recording takes place in only one set of accounts.
there is no confusion arising from different stock valuations and methods of depreciation and profits.
information generated on an integrated system is quicker and consistent, thus helping management in
decision making.
Another function of an AIS is to provide adequate internal controls to accomplish the following objectives:
to ensure that the information is reliable
to ensure that business activities are performed efficiently
to safeguard the organisation’s assets.
The advantages associated with this are that the AIS provides for adequate documentation of all business
activities and is designed for effective segregation of duties.
After the wave of corporate scandals from large companies such as Enron and WorldCom, pressure was
put on enforcing public companies to implement strong internal controls into their transaction-based
systems. This was made into law in the US with the passage of the Sarbanes Oxley Act of 2002, which
stipulated that companies must generate an internal control report stating who is responsible for an
organisation’s internal control structure and which outlines the overall effectiveness of these controls. Since
most of these scandals were rooted in the companies' accounting practices, much of the emphasis of
Sarbanes Oxley was put on computer-based accounting information systems. Today, AIS vendors advertise
their governance, risk management and compliance features which will help to ensure business processes
are robust and protected and the organisation's assets (including data) are secured.
C
H
A
P
T
E
R
Information system
LO As well as processing the company's transactions, an AIS fulfils three important business functions.
6.1
(1) It can collect and store data about organisational activities, resources, and personnel.
(2) It transforms data into information that is useful for making decisions so management can plan,
execute, control, and evaluate activities, resources, and personnel.
(3) It provides adequate controls to safeguard the organisation's assets, including its data, to ensure the
assets and data are available when needed and the data are accurate and reliable.
The margin is the excess the customer is prepared to pay over the cost to the firm of obtaining resource
inputs and providing value activities.
A well-designed AIS can contribute to the organisation's value chain by
(a) Improving the quality and reducing the costs of products or services. For example, the
system can monitor machinery so that operators are notified immediately when performance falls
outside acceptable quality limits. This helps maintain product quality. It also reduces the amount of
wasted materials and the costs of having to rework.
OPERATIONS
Dividends paid to
stock investors –
detailed on the CASH
statement of
changes in equity
Income from sales
Bond investors
Materials
Direct
Indirect
Direct
Labour
Note
Direct materials + Direct labour = Prime cost
Direct labour + Factory overhead = Conversion cost
Direct materials + Direct labour + Factory overhead = Manufacturing cost
Definition
Management accounting or managerial accounting is concerned with providing and using accounting
information to managers within organisations, so that they can make informed business decisions that will
allow them to be better equipped in their management and control functions.
Managerial accounting differs from financial accounting in a number of ways that are briefly discussed below.
Reports to those outside the organisation: owners, Reports to those inside the organisation for
LO lenders, tax authorities and regulators. planning, directing and motivating, controlling and
6.3 performance evaluation.
Objectivity and verifiability of data are emphasised. Relevance of items relating to decision making is
emphasised.
Only summarised data for the entire organisation is Detailed segment reports about departments,
prepared. products, customers, and employees are prepared.
Must follow Generally Accepted Accounting Need not follow Generally Accepted Accounting
Principles (GAAP). Principles (GAAP). Any presentation that is useful is
allowed
C
Mandatory: usually annual financial statements. Not mandatory. H
A
P
T
2.6 Payroll system E
R
LO Payroll costs in most businesses represent a significant expense and the administrative procedures involved
6.3 can be quite complicated. As a result, a formalised system is vital if the business is to record its payroll costs
accurately, pay the correct amounts to its employees and reflect the debt owed to the Australian Tax office 5
in respect of deduction.
The nature of the payroll records depends to a great extent on the size of the workforce and the degree to
which the record keeping is automated. In most payroll systems (manual or automated) the payroll register
and the employee's earnings record are the two basic records that are used.
3.1 History
The notion of accounting as an information system emerged when the factory system began to displace the
domestic system, and production fell under the direction of entrepreneurs who paid wages, bought
materials and supervised the process of producing goods for profit. They had a motive for record keeping,
therefore, which the family or the solitary producer had not.
Over time, accounting systems have changed and grown both in response to limitations and the availability
of new technologies. We will consider five information system models.
Definition
A transaction processing system (TPS) is an information system that captures and processes data
generated during an organisation's day-to-day transactions. A transaction is a business activity such as a
deposit, payment, order or reservation.
Clerical staff typically perform the activities associated with transaction processing, which include the
following:
Recording a business activity such as a student's registration, a customer's order, an employee's
timecard or a client's payment.
Confirming an action or triggering a response, such as printing a student's schedule, sending a thank-
you note to a customer, generating an employee's pay or issuing a receipt to a client.
Maintaining data, which involves adding new data, changing existing data, or removing unwanted data.
Many of the decisions made are automatic and can be delegated to a computer. The stock re-ordering
process, for example, will be triggered when stock levels fall below a pre-set level.
These tasks are routine but are made more efficient and cost effective by the use of computers. Once data
has been put onto the computer, it can easily be manipulated and used to produce additional information.
For example, a sales ledger may have been computerised to ease the recording of sales transactions but, as
a by-product of that, aged debtors analyses and sales analyses can easily be produced.
A financial transaction is an economic event that affects the assets and equity of the company, is reflected in
its accounts and is measured in monetary terms.
The most common financial transactions include the sale of goods or services, the purchase of inventory,
the discharge of financial obligations and the receipt of cash on account from customers. C
H
A
3.3.1 Transaction cycles P
Three transaction cycles process most of the company's economic activity: the expenditure cycle, the T
E
conversion cycle and the revenue cycle. R
(1) The expenditure cycle – business activities begin with the acquisition of materials, property and
labour in exchange for cash. The diagram above shows the flow of cash from the organisation to the
various providers of these resources. Most expenditure transactions are based on a credit 5
relationship between the trading parties. The actual payment of cash takes place at some point after
the receipt of the goods or services, meaning that this transaction has two parts – a physical
component (the acquisition of the goods) and a financial component (payment to the supplier).
Finished goods
Cash
Definition
A database is defined as a file of data, or files of inter-related data, that is structured and designed in such
a way that many different processing applications can use the same data and update it.
LO As explained in Chapter 2, a database is a common file of data for many different users and for a range of
6.4 different applications. For example, a company can use the same database for its payroll system and its
personnel records.
All communications between the different software applications and the database files are controlled by
special software called the database management system or DBMS. A DBMS can be defined as a set
of programs that manages the database. It deals with all aspects of access, maintenance and security of data.
A distinguishing feature of a database system is that, since there is a common set of shared files for all
applications, information to update the files is input just once (instead of several times, once for each
application system).
Invoicing Accounts
DATABASE
Unlike many early transaction processing systems, the database model centralises an organisation's data so
that it can be shared by other users. Because all data should not be accessible by all users, the database
management system (DBMS) serves as a gatekeeper, limiting access to particular data sets to users who are
authorised.
However, these systems still had limitations.
Step 1 Identify the pair of events that represent the basic give-to-get economic duality relationship in
that cycle.
Step 2 Identify the resources affected by each event and the agents who participate in those events.
For example, the basic economic exchange in the revenue cycle involves the sale of goods or
services and the subsequent receipt of cash in payment for those sales. The REA diagram will
show the drawing of sales and cash receipts events entities as rectangles and the relationship
between them as a diamond. The sales event involves the disposal of inventory and the cash
receipts event involves the acquisition of cash.
Step 3 Analyse each economic exchange event to determine whether it should be decomposed into
a combination of one or more commitment events and an economic exchange event. If
necessary, replace the original economic exchange event with the resulting set of
commitment and economic exchange events. For example, the sales event may be
decomposed into the 'take order' commitment event and the 'deliver order' economic
exchange event.
Step 4 Determine the cardinalities of each relationship. These indicate how many instances of one
entity can be linked to one specific instance of another entity. The first number is the
minimum (can be either 0 or 1) and the second number is the maximum (can be either 1 or
N). A many-to-many relationship is shown as (M:N).
In the diagram below, the minimum cardinality of 1 in the (1, 1) cardinality pair to the right of
the sales entity in the customer-sales relationship indicates that a new sales transaction can
only be added if it is linked to a single customer. A minimum cardinality of 1 means that each
row in that table can be linked to at most only 1 row in the other table. The maximum
cardinality of N in the (0, N) cardinality pair to the left of the customer entity in the
customer-sales relationship indicates that a given customer may be linked to many sales
events and could be linked to no sales events.
Exam comments
exam
Make sure you have grasped the 'duality' aspect of this system. It is an interesting subject and lends itself to
MCQs.
By identifying the Events (underlying transactions, past, present and future), the Agents (economic actors)
who participate in those Events, and the Resources that flow into and out of those Events, we can develop a
pattern or model for the underlying business enterprise.
The diagram above shows that each sales transaction is paid in full by a cash collection event and each
customer payment is for one sale, so total accounts receivable is the sum of all sales for which there is no C
remittance number. H
A
P
T
(0,N) (1,N) Cash E
Sales
collections R
Now the diagram shows that each sales transaction may be paid for in instalments and each customer 5
payment may be for more than one sale so total accounts receivable is the sum of all sales minus the sum of
all cash collections.
Use machinery
Although the REA data model was developed specifically for use in designing accounting information
systems, many firms have not adopted it because it represents a major change from the traditional double-
entry approach.
Definition
Enterprise resource planning systems are modular software packages designed to integrate the key
processes in an organisation so that a single system can serve the information needs of all functional areas.
Definition
A batch is a group of similar transactions that are accumulated over time and then processed together.
This mode used to be the main type of processing. It is still the most logical method of dealing with large
transaction volumes at a specific time.
Some delay in processing the transactions is inevitable and this means that batch processing is usually not
suitable for systems involving customer contact. Batch processing is suitable for internal, regular tasks such
as clock card and payroll applications.
The diagram below illustrates where transactions are kept in a transaction file, which contains all the
transactions for a particular time period. Periodically, this file is used to update a master file, which contains
permanent information on entities (e.g. a payroll master file with employee earnings and deductions
information. It is updated with weekly time card transactions). Adding the transaction data to the existing
master file creates a new master file.
Error detection is simpler (facilitated by the nature of the The system is 'time-driven' (for example, processing might
single processing run). be at the end of each week) and so is not geared to rapid
action.
No special hardware/software is needed (all computer The system provides bulk information and so is not
systems should be able to adopt this). selective.
Bulk processing produces economies of scale. Preparing batches can result in duplication of effort.
System design is simple.
If necessary, part may be processed now and the
remainder later.
C
H
A
4.3 On-line processing P
T
Two types of data are of value to an organisation – current and historical. Current data relates to on-going E
LO
R
6.5 business events that are changing (are not yet history). Historical data can be voluminous. On-line
Transaction Processing (OLTP) events relate to current activities of the business. On-line Analytical
Processing (OLAP) involves on-line transactions that include large amounts of data used for extensive
5
analysis. OLTP applications support mission-critical tasks. OLAP applications support management-critical
tasks through analysis of data in the data warehouses.
Process/
Enter update Master
directly master file
file
On-line systems are practically the norm in modern business. Examples include the following:
(a) As a sale is made in a department store or a supermarket, the item barcode is scanned on the point
of sale terminal and the stock records are updated immediately.
(b) In banking and credit card systems whereby customer details are often maintained in a real-time
environment. There can be immediate access to customer balances, credit position etc and
authorisation for withdrawals (or use of a credit card).
(c) Travel agents, airlines and theatre ticket agencies all use real-time systems. Once a hotel room, plane
seat or theatre seat is booked up everybody on the system must know about it immediately so that
they do not sell the same holiday or seat to two (or more) different customers.
Advantages Disadvantages
The user enters transactions into a device that is The system is relatively high-cost (in terms of
directly connected to the computer system. The hardware and software required, installation, and
transactions are usually processed immediately. essential storage).
A higher level of customer satisfaction is achieved A high level of security is required (e.g. bank cash
(e.g. the real-time banking system). dispenser).
Information needed is obtained by adopting very To avoid loss should the system fail, duplicate
simple procedures. processors and files are needed.
Prompt and early information assists in improving System failure could cause great organisational
and maintaining the quality of management decisions. problems.
The characteristic differences between batch and real-time processing are outlined in the table below:
Information time Lag exists between time when the economic Processing takes place when the
frame event occurs and when it is recorded. economic event occurs.
Resources Generally, fewer resources (e.g. hardware, More resources are required
programming and training). than for batch processing.
Have longer systems
development time.
Operational Certain records are processed after the event to All records applying to the
efficiency avoid operational delays. event are processed
immediately.
Organisations can increase efficiency by grouping
large numbers of transactions into batches rather
than processing each event separately.
Control Batch processing provides control over the
transaction process via control figures.
Source of data Operational data; OLTPs are the original Consolidation data; OLAP data comes from
source of the data. the various OLTP Databases.
C
Purpose of data To help with planning, problem solving, and H
To control and run fundamental business tasks.
decision support. A
P
What the data Reveals a snapshot of ongoing business Multi-dimensional views of various kinds of T
shows processes. business activities. E
R
Inserts and Short and fast inserts and updates initiated by Periodic long-running batch jobs refresh the
updates end users. data.
Queries Relatively standardised and simple queries 5
Often complex queries involving aggregations.
returning relatively few records.
Processing Typically very fast. Depends on the amount of data involved; batch
speed data refreshes and complex queries may take
many hours; query speed can be improved by
creating indexes.
Space Can be relatively small if historical data is Larger due to the existence of aggregation
requirements archived. structures and history data; requires more
indexes than OLTP.
Backup and Must be backed-up regularly; operational data
Instead of regular backups, some environments
Recovery is critical to running the business, and data loss
may consider simply reloading the OLTP data
is likely to cause significant monetary loss and
as a recovery method.
legal liability.
Categories
Diesel 2010
Premium
January
Regular
February
March
April
May
Sales Sales
Amount Cost Sales
Profit
Qty
Measures Margin
Each dimension represents a different category such as product type, region, sales channel, and time. Each
cell within the multidimensional structure contains aggregated data relating elements along each of the
dimensions. For example, a single cell may contain the total sales for a given product in a region for a
specific sales channel in a single month. Multidimensional databases are a compact and easy to understand
method for visualising and manipulating data elements that have many inter relationships.
OLAP database servers support common analytical operations including: consolidation, drill-down, and
'slicing and dicing'.
Definition
A data warehouse consists of a database, containing a copy of transaction data specifically structured for
querying and reporting. Data warehouses are used for data mining.
A data warehouse contains data from a range of sources: internal (sales order processing system, nominal
ledger) and external. One reason for including individual transaction data in a data warehouse is that if
necessary the user can drill-down to access transaction level detail. It supports information processing by
providing a solid platform of integrated, historical data from which to do analysis. Data is extracted data
from the organisation's production database; it is then reformatted and loaded into a database designed for
querying with an on-line analytical processing system (OLAP).
Definition
Data mining is the analysis of data with the aim of discovering previously unknown, potentially useful
relationships.
The ultimate goal of data mining is prediction – and predictive data mining is the most common type of data
mining and one that has the most direct business applications.
Data mining is usually applied to the data in data warehouses. It involves processing of the data to:
Identify clusters of useful and significant data in the midst of a useless or irrelevant mass.
Summarise data to show overall patterns that may be hidden if data is viewed at the detailed level.
Create and learn classification rules that can make sense of patterns in data.
Find possible dependencies between apparently unrelated data sets, using correlation and regression
tools.
C
Detect anomalies in patterns of data that may signify events or occurrences that are important to H
A
the decision-maker. P
T
E
R
5.1 Introduction
Definition
Ethics can be defined as the principles of right and wrong that can be referenced by individuals in making a
personal decision or judgment. Often these references are made from a combination of sources.
Information systems have the ability to affect individuals, companies, cultures and countries instantaneously.
This heightens the need to take ethical issues into account because damage can be done instantly.
There are several professional bodies that publish codes of conduct or guidelines for their members with
reference to the use of information technology, but a generic set of guidelines would contain the following:
Avoid harm to others
Be honest and trustworthy
Contribute to society and human wellbeing
Honour property rights including copyrights and patents
Access computing resources only when authorised
Respect the privacy of others.
The majority of professional bodies add to this generic list and propose specific guidelines relating to the
appropriate profession.
(b) Gatekeeping: the restricted access to services, privileges, benefits or opportunities on the basis of
certain data values. Some gate keeping seems inevitable, and acceptable; entry to a university
permitted by a points system based on exam results is one such example and a point scoring system
Quality of life
??? ???
Identify and briefly explain the two moral dimensions that are missing from the diagram above.
(The answer is at the end of the chapter)
C
H
A
P
T
E
R
Accounting information systems (AIS) combine the study and practice of accounting with the design,
implementation, and monitoring of information systems.
The role of an AIS is to facilitate the processing of the company's transactions as well as improving the
management decision-making process, its internal control and the quality of the financial reporting.
An AIS fulfils three important business functions: it can collect and store data about organisational
activities, resources, and personnel, transform data into information that is useful for making
decisions and provide adequate controls to safeguard the organisation's assets, including its data, to
ensure the assets and data are available when needed and the data are accurate and reliable.
The main types of accounting systems are financial, tax, cost and management systems.
Cost accounting is concerned with the costs of business activities – products, services, departments
and resources. It is part of managerial accounting. The role of a cost accounting system is to provide
information useful for managing the activities that consume resources.
The advantages of an AIS include: because the data is entered only once, many human errors are
eliminated and more timely information is available. The disadvantages include: use of inappropriate
and/or incompatible software and hardware; need for reliable back-up procedures; lack of computer
system skills; computer viruses and hackers and fraud and embezzlement.
Transaction processing systems were among the first computerised systems developed to process
business data – a function originally called data processing. They represent the lowest and most basic
use of information within an organisation, and are an integral part of the operation of the organisation.
Three transaction cycles process most of the company's economic activity: the revenue cycle, the
expenditure cycle and the conversion cycle.
A distinguishing feature of a database system is that, since there is a common set of shared files for
all applications, information to update the files is input just once (instead of several times, once for
each application system).
The REA (resources, events and agents) model (McCarthy 1982) is an accounting framework for
modelling an organisation's critical resources, events and agents and the relationship between them.
The REA model provides guidance for database design by identifying what entities should be included
and by prescribing how to structure relationships among those entities.
Enterprise resource planning systems are modular software packages designed to integrate the key
processes in an organisation so that a single system can serve the information needs of all functional
areas.
Technology is rapidly changing the nature of the work of most accountants and auditors. Special
software packages greatly reduce the tedious work associated with data management and records
keeping but accountants need to be involved in the various stages of accounting information system
adoption and use.
Three activities in an information system produce the information that organisations need for making
decisions, controlling operations, analysing problems and creating new products or services. These
activities are input, processing and output. Data processing converts the raw input into a more
meaningful form.
OLAP database servers support common analytical operations including: consolidation, drill-down,
and 'slicing and dicing'.
Data mining means extracting data from multiple data sources by means of interactive and analytical
software tools that allow the miner to specify search parameters.
The differences between the various types of data processing techniques include the number of sub
processes, the information time frame, resources and operational efficiency.
A review of the literature on ethical and social issues surrounding systems identifies five moral
dimensions of the information age: information rights and privacy, property rights, accountability and
control, system quality and quality of life.
1 An information system can be defined technically as a set of interrelated components that collect (or
retrieve), process, store and distribute information to support
A decision making and control in an organisation.
B communications and data flow.
C managers analysing the organisation's raw data.
D the creation of new products and services.
2 Which of the following accurately depicts the components of an accounting information system?
A people, forms, and reports
B people, procedures, and information technology
C people, procedures, and paper
D procedures, paper, and information technology
E people, paper, and information technology
3 Financial statements are prepared
A only for publicly owned business organisations.
B for corporations, but not for sole proprietorships or partnerships.
C in either monetary or non-monetary terms, depending upon the need of the decision maker.
D primarily for the benefit of persons outside of the business organisation.
4 The basic purpose of an accounting system is to
A develop financial statements in conformity with generally accepted accounting principles.
B provide as much useful information to decision makers as possible, regardless of cost.
C record changes in the financial position of an organisation by applying the concepts of double-
entry accounting.
D meet an organisation's need for accounting information as efficiently as possible.
5 Information is cost effective when
A the information aids management in controlling costs.
B the information is based upon historical costs, rather than upon estimated market values.
C the value of the information exceeds the cost of producing it.
D the information is generated by a computer-based accounting system.
6 For a bank the master records would consist of some identification data, historical transactions and
the current balance for all the accounts. What would the transactions file consist of?
7 Which of the following would be an activity associated with the human resources/payroll cycle?
A updating payroll records
B prepare employee and management reports
C discharge employees
D evaluate employee performance C
H
E all of the above
A
8 On-line analytical processing involves several basic analytical operations. Drill-down in OLAP P
T
involves E
R
A aggregation of data.
B analysing data in the reverse direction to display detailed data that comprises consolidated
data. 5
C
H
A
P
T
E
R
1 Typical reports
Financial and management accounting
Annual statutory accounts.
Budgets and forecasts.
Sales and contribution analyses.
Cash-management and working capital evaluation.
Capital project appraisal.
Standard cost and variance analysis reports.
Returns to government departments.
2 TPS reports
The most obvious reports produced are as follows:
Sales – Monthly totals and cumulative to date analysed by:
Product.
Salesperson.
Geographical location.
Purchases – Unfilled orders.
Stocks – Stock levels and products out of stock.
Accounts: list (aged) of overdue debtors' accounts.
list of payments due to suppliers.
payroll summaries (e.g. by department).
Management will also require a lot of additional information that is not so directly related to the
accounting functions. For example, reports on:
Overall profitability and profitability by business segment.
Resource requirements (e.g. cash, manpower, capital investment).
Productivity (e.g. output per hour).
Variance from budget.
Labour turnover statistics.
Daily requirements of raw materials etc.
3 REA model
Correct answer is D they are all correct.
4 REA calculation
Correct answer is B cost of goods sold.
Total sales would be the Sum of the Invoice Amount attribute in the Ship Product table for all items
shipped on or before the year-end closing date.
Accounts receivable would be Total sales minus the sum of the Receive Cash table's Amount
attribute for all remittances received on or before the year-end closing date.
Inventory would be the Quantity on Hand attribute multiplied by the Unit Cost attribute in the
Inventory table.
5 Corporate values
Correct answer is B, C and D
C
H
A
P
T
E
R
Topic list
179
Introduction
In this chapter we shall consider the importance of data quality to an organisation's information system and
the various controls that are required to maintain it. In particular we shall look at technical and procedural
controls and consider how they complement each other.
It is important for any investment that an organisation makes in system controls to be cost-effective. We
shall see that an appropriate mix of preventive, detective and corrective controls should be selected.
The chapter continues by considering various security and privacy issues facing organisations which are
related to information systems – in particular, those connected with personal websites and electronic
communications.
We conclude by looking at some security risks involved in face-to-face and non face-to-face (electronic)
transactions, as well as the controls necessary to minimise them.
The chapter content is summarised in the diagram below.
When considering the role and purpose of information systems two terms are often mentioned – data and
information. Before continuing any further it is important to understand the difference between them.
We defined data and information in Chapter 2, and repeat these definitions below.
Definitions
Data are the raw material for data processing. Data consists of numbers, letters and symbols and relates to
facts, events, and transactions.
Information is data that has been processed in such a way as to be meaningful to the person who receives
it.
It is the role of an information system to turn data into information by processing it into a form a user
understands.
DQ category DQ dimensions
Intrinsic Accuracy, Objectivity, Believability, Reputation
Accessibility Accessibility, Access security
Contextual Relevancy, Value-added, Timeliness, Completeness, Amount of data
Representational Interpretability, Ease of understanding, Concise representation, Consistent representation
These principles are adopted by many organisations and bodies that provide guidance and information on
data quality. Each body applies the principles that are most important to them and some add principles of
their own.
The Australian Bureau of Statistics (ABS) developed a data quality framework containing a number of key
data quality principles which should be used in quality assessments and reporting.
Accuracy Whether the data correctly describes what was measured or input.
Coherence Whether the data can be used in conjunction with other data or if it can be used over 6
periods of time.
Interpretability Whether external information is available to help interpret the data.
Accessibility Whether the data can be obtained by users easily.
LO
7.2 2 Procedural controls
Section overview
Procedural controls include input, processing and output controls.
Definition
Procedural controls manage the human aspects of system activity and are usually placed on the day-to-
day running of the system.
Procedural controls are concerned with managing the human element of systems and are therefore usually
imposed on the day-to-day running of the system. They can be divided into three sub-categories, input
controls, processing controls, and output controls.
Case study
In 2005 a pensioner in Manchester, UK was sent a speeding ticket for driving his Toyota Land Cruiser at
800 miles per hour in a 30 miles per hour zone – faster than the speed of sound.
On appeal, Greater Manchester Police cancelled the ticket and a spokeswoman said that information on the
ticket was input manually and the mistake was down to human error.
LO
7.2 3 Technical controls
Section overview
Technical controls address security issues such as authorisation, documentation, backup
and recovery.
Definition
Technical controls are IT solutions to security concerns and often relate to the storage of, and access to
data, as well as to amending or deleting data files.
Once data has been collected, further controls are needed to ensure it is stored properly and that it cannot
be tampered with.
Technical controls are put in place so that an organisation's management is able to exert some control over
the activities of its employees. These controls are often required for corporate governance purposes.
Technical controls can be classified into four main types: authorisation, documentation, backup and
recovery. The following table provides an explanation and examples of each type of control.
LO Procedural and technical controls, if designed appropriately, should complement each other in protecting
7.3 the system and the data and information held within it by covering all possible causes of data loss or
damage. However this protection comes at a cost in both time and money.
There is a trade-off between having limited controls and a relatively high number of security breaches, and
having sophisticated and costly controls and few security breaches. Somewhere between the two there will
be an optimum level of risk and cost for any particular organisation.
Total cost
Cost of security
breaches Costs of control
The cost of security breaches falls with increasing levels of control because the chance of such breaches is
reduced and if they do occur then the cost impact caused by the breaches is also reduced.
As more controls are implemented the cost of purchasing new controls and managing existing ones
becomes more expensive than the impacts they are intended to prevent. At this point the organisation has
reached its optimum level and investment in further controls should cease.
Definitions
Preventive controls are designed to stop errors or damage before they occur.
Detective controls are designed to bring the error to the user's (or someone else's) attention after the
error has occurred.
Corrective controls are designed to rectify errors which have been detected. They require their own
preventive and detective controls to ensure the correction process is not defective.
Corrective Anti-virus programs that repair system damage caused by malicious software
6
Each type of control has an associated cost and level of effectiveness. In general terms, preventive controls
are more cost-effective than those which detect or correct problems because they reduce or eliminate the
problems occurring in the first place. By definition, detective and corrective controls allow errors or
damage to occur.
This does not mean organisations should invest in preventive controls only. No control is 100 per cent
foolproof and even the best preventive control may still allow errors or damage to occur. Additionally, it is
not always cost-effective to put a preventive control in place for every possible problem, especially where
the risk of the problem occurring is small.
Therefore, to cover the organisation for a range of eventualities, it is important for all three types of
control to be put in place. Controls should be selected on the following basis:
(a) The risk of what they are designed to prevent actually occurring.
(b) Their cost-effectiveness.
As preventive controls can stop the majority of problems occurring, they should form the foundation of the
control mix. However, as we saw above, there will be gaps in this protection. To cover these gaps the
organisation should take a view on the chance of errors getting through the initial screening provided by the
preventive controls and make a decision on investing in detection and corrective controls accordingly.
LOs
7.4 5 Privacy and security issues
7.5
Section overview
Privacy and security issues are of key importance to individuals and organisations. Threats to them
can be caused by the use of personal (social networking) websites and electronic messaging
services.
We have covered controls needed to protect specific data and information which are held within an
organisation's system, so we now turn to other wider privacy and security issues.
Exam comments
exam
For the exam, ensure you understand the security and privacy issues associated with the use of personal
web pages and electronic communication methods by employees.
5.1 Privacy
Definition
Privacy is the right of an individual or organisation to control access to information relating to them.
Definition
Security can be defined as 'The protection of data from accidental or deliberate threats which might cause
unauthorised modification, disclosure or destruction of data, and the protection of the information system
from the degradation or non availability of services'. (Lane: Security of computer based information systems)
Information systems with links to other systems such as the Internet are exposed to security risks. Some of
the main risks are explained below.
Risk Explanation
Viruses A virus is a small piece of software which performs unauthorised actions and which replicates and
spreads itself. Viruses may cause damage to files or attempt to destroy files and damage hard
disks. When transmitted over a network, such as the Internet, into a 'clean' system, the virus
reproduces, therefore infecting that system.
Types of virus include:
E-mail viruses spread using e-mail messages and replicate by mailing themselves to addresses
held in the user's contacts book.
Worms copy themselves from machine to machine on a network.
Trojans or Trojan horses are hidden inside a 'valid' program but perform an unexpected act.
Trojans therefore act like a virus, but they aren't classified as a virus as they don't replicate
themselves.
Trap doors are undocumented access points to a system allowing controls to be bypassed.
Logic bombs are triggered by the occurrence of a certain event.
Time bombs are triggered by a certain date.
Hackers and Hackers attempt to gain unauthorised access to information systems. They may attempt to
eavesdroppers damage a system or steal information. Hackers use tools like electronic number generators and
software which enables rapid password attempts.
Data that is transmitted across telecommunications links is exposed to the risk of being
intercepted or examined during transmission (eavesdropping).
Hoaxes An associated problem is that of hoax virus warnings. There are a vast number of common
hoaxes, most of which circulate via e-mail. Many are a variation of one of the most 'popular' early
hoaxes – the Good Times hoax. This hoax takes the form of a warning about viruses contained in
an e-mail. People pass along the warning because they are trying to be helpful, but they are in fact
wasting the time of all concerned.
Denial of This involves an organised campaign to bombard an Internet site with excessive volumes of traffic
service attack at a given time, with the aim of overloading the site and causing very slow responses or causing
the site to crash.
Phishing Internet pages or emails that mimic, say, a banking site or emails from a bank. They attempt to get
the user to type in user names and passwords.
Malware Malware is short for malicious software. This is software designed to disrupt computer
operation, gather and report sensitive information, or gain unauthorised access to computer
systems.
Spyware Spyware is a type of malware that collects information about users without their knowledge. It is
usually installed on a user's personal computer without their knowledge. Spyware can collect
almost any type of data, including personal information such as Internet surfing habits, user login
and password details, and bank or credit account information.
5.4.4 Legal risks related to blogs – disclosure and trade secrets issues
A blog, or weblog, is a website in which statements can be posted by one or several administrators and
entries are displayed in reverse chronological order. There are several types of blogs, including news blogs,
photography blogs, video blogs, and music blogs. Most often, however, blogs take the form of an online
diary, where a person might post anything from what she had for lunch that day to how her son is enjoying
college. Employee blogs have become a popular way for employees to share their everyday experiences at
work with co-workers, friends, and strangers. Since blogging is a relatively recent phenomenon, companies
are still grappling with how to respond. Blogs can be useful for trainees learning a new job or for instructors
to assess how training is proceeding.
Network security is becoming increasingly important for companies looking to protect their intellectual
property. Employees have access to all sorts of information the disclosure of which would damage the
company. Blogs offer employees a means to publish this information quite literally at the push of a button. If
a company is publicly traded, employees might disclose insider information that could alter the price of the
company’s stock. Employees may disclose trade secrets or not-yet-patented technology that could put the
company at a competitive disadvantage. Frequently companies are not aware of such conduct until after the
damage is done.
Companies that permit employees to post confidential or proprietary information on the internet may lose
trade secret protection for the information. If employees inadvertently post or make proprietary
information accessible on the internet, its protection may be lost forever.
A 2006 California case held that employees who disclose trade secrets for publication on a third party blog
are afforded First Amendment protection, insofar as the recipient blog need not disclose the identity of its
source.
Case studies
In the UK in 2009, a 16-year-old female was sacked as an administrator for making disrespectful comments
about her job on Facebook and inviting other members of staff to read them. Her employer stated that the
same result would have occurred if the employee had posted the comments on a staff noticeboard and that
her comments undermined their relationship and made her job untenable.
In July 2009, cricketer Philip Hughes stated on Twitter that he had been dropped from the latest Ashes
squad before the team was announced. This breached the Australian cricket team's right to privacy and may
have handed their opponents, England, an advantage in the forthcoming match.
Case studies
In March 2010, a military operation by the Israeli Defence Force had to be cancelled after one of the
soldiers due to take part posted the day and location that the attack was due to occur on Facebook.
Vodafone UK was forced to issue a public apology when an employee posted a homophobic tweet on the
company's twitter account which was sent to its 8 500 followers. The employee gained access to the
account through an unattended keyboard.
Case study
In 2010 thousands of fake emails were sent by scammers purporting to be from the UK's tax authority.
Recipients were told that they were due a tax refund and to provide the sender with their bank or credit
card details to facilitate the transfer. The tax authority issued a warning about these phishing attacks and
stated that it only informed customers about tax refunds by post.
6 Transaction security
Section overview
Business transactions often occur face-to-face, such as in a shop, but increasingly business is being
conducted electronically via the Internet or telephone. There are different security implications for
each type of transaction and therefore different security precautions that should be taken.
LO An important part of modern business is e-commerce, transactions made between buyers and sellers using
7.9 the Internet or other electronic methods. We saw in the previous section that security is a major concern
when using such methods so we shall now consider the controls which are necessary to minimise security
risks.
Step 2 Customer takes the item to the sales counter, the price to pay is totalled and payment is
requested. 6
The risks of non face-to-face transactions are actually a greater problem for the vendor than the customer.
This is because unless they are 100 per cent happy that the transaction is safe and that they can trust the
vendor, it is unlikely that a customer will order from them.
Therefore, it is up to the vendor to gain the customer's trust, to do this vendor websites should:
(a) Be secure. The site should provide customers with an HTTPS: connection which provides security
against eavesdroppers or hackers gaining access to their personal information when it is sent over
the Internet.
(b) Protect payments. The availability of additional card protection features such as those offered by
MasterCard and Visa, while mainly protecting the vendor, show the customer that their security is
important too.
(c) Provide information. Trusted websites supply customers with full information about what to
expect during the purchasing process.
(d) Provide reassurance. Customers should be reassured that even though the website exists
intangibly on the Internet, the organisation behind it is solid and contactable. The availability of a
customer service telephone number to deal with queries is ideal as customers may not trust that
emails will be dealt with swiftly.
Many of the controls used when purchasing from a smart phone or similar device benefit customers as well
as vendors. By ensuring customers are who they claim to be, they are protected from identity theft and
being charged for transactions they know nothing about.
Passwords are widely used, particularly if the customer has an account with the vendor. This is the normal
method if the product is a game, an application, or music which is downloaded to the device.
If the device has a reasonable display, the purchaser may be presented with a few letters in strange format
which are easy for a person to recognise, but almost impossible for a computer. This is to block large scale
automatic attempts at impersonation and theft. This technique may also be used for non-mobile on-line
purchasing.
Vendors may also use sophisticated behavioural profile models to detect, say, unusually heavy purchasing
which may follow the theft of a mobile device.
Data is used to create information and it is important to control and maintain it in order to obtain
the best possible information from a system. To this end organisations should apply data quality
principles and introduce technical and procedural controls over their systems.
Procedural controls include input, processing and output controls.
Technical controls address security issues such as authorisation, documentation, backup and
recovery.
Controls can be classified as preventive, detective and corrective. Organisations should employ a mix
of them to be cost-effective.
Privacy and security issues are of key importance to individuals and organisations. Threats to them
can be caused by the use of blogs, cookies, web beacons and personal (social networking) websites
and electronic messaging services. They are also at the heart of productivity and network security
issues.
Business transactions often occur face-to-face, such as in a shop, but increasingly business is being
conducted electronically via the Internet or telephone. There are different security implications for
each type of transaction and therefore different security precautions that should be taken.
1 B Coherence relates to whether the data can be used in conjunction with other data or if it
can be used over periods of time.
2 B Validation tests are designed to check that the data is processed correctly. The other
options are file checks which are designed to ensure the integrity of the file structure is
maintained.
4 C Controls can only reduce the risk of security breaches, they can never eliminate them. The
optimum level of investment is the most cost-effective – investments should be made until the
cost of systems are the same as the benefits new systems bring. Investments should not go
ahead if the costs outweigh the benefits.
5 A Trojan horses are hidden in legitimate looking software. They do not replicate themselves
and so are not classed as viruses.
6 D They are all practical steps a vendor can take to give customers confidence in the
security of transactions on its website.
Business processes
Learning objectives Reference
Information controls and processes LO7
Construct an overview diagram of business processes LO7.6
Produce an effective summary of business processes and systems LO7.7
Explain the interrelationships between business processes and accounting LO7.8
information systems
Identify and explain the steps involved in changing business processes LO7.10
Topic list
203
Introduction
Business
processes and
AIS
Summarising
business processes
Business
process
Changing business
processes
BPR
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual. C
H
1 Who should you speak to when gathering information about a business process? (Section 1) A
P
2 What are the main symbols used in a process map flowchart? (Section 2) T
E
3 What does the term 'business process re-engineering' mean? (Section 3.4) R
4 Give one example of how an accounting information system may impact business (Section 4)
processes. 7
Section overview
Business processes are easier to understand, and therefore easier to change, if they are accurately
documented.
Processes are usually documented using a combination of a written summary that describes the
process, and a diagram or process map that illustrates it.
Definition
A business process is a collection of co-ordinated activities or tasks performed to accomplish a specific
goal or output.
Gathering information
You should interview the people who do the work associated with the process. Identify the person or
people who really know the process, this usually means experienced employees. These people should walk
and talk you through their part of the process and answer any questions.
One approach to this would be to interview all of the people you have identified at a group meeting or
workshop. A risk associated with this approach is that when people are away from their place of work they
tend to focus on the value-added steps they perform but overlook other more mundane steps. These steps
may best be documented by observing behaviour in the workplace. So, in some situations the best approach
is to physically follow the process yourself, interviewing and recording your findings as you go.
What information should you record?
Identify and record the data and information used in business processes and what is done with it. This is the
substance of a process. Record how data is held, for example in documents, forms, reports, email messages,
digital files and so on, and describe how these are moved and changed. Move through the process from one
workstation to the next, collecting copies of source documents and screen prints – anything that will help
subsequent production of a process map.
Make sure that employees understand what you are doing and why they are involved. Use observation
whenever possible as watching a demonstration of a process being carried out provides very good evidence.
LOs
7.6 2 Mapping business processes
7.7 C
H
Section overview A
P
Business processes are usually easier to understand if they are illustrated or mapped. T
There is a range of process mapping techniques including flowcharts and data flow diagrams. E
R
Definition
A process map identifies and represents the steps and decisions involved in a process, in diagrammatic 7
form.
Flowcharting symbols
Start/End
Action or
process
A box can represent a single step (‘add two cups of flour’), or an entire sub-process
(‘make bread’) within a larger process.
Document
A printed document or report.This symbol is not always used –it depends upon the
level of detail required in the model.
Decision
This arrow indicates the sequence of steps and the direction of flow.
It may be useful to also use the D symbol to indicate any delays in the process, particularly at the
boundaries between agencies or sections.
exam
Exam comments
Ensure you understand process maps and process map extracts for the exam.
3.3.1 Pace
The more gradual the change, the more time is available for questions to be asked, reassurances to be
given and retraining (where necessary) embarked upon. People can get used to the idea of new methods
and become acclimatised at each stage.
3.3.2 Manner
The manner in which a change is communicated is important. The need for change must made clear,
fears soothed, and if possible the individuals concerned positively motivated to embrace the change.
3.3.3 Scope
The scope or extent of the change is important. Total transformation will create greater insecurity and
greater risk, but also provides the opportunity for greater excitement, than moderate innovation.
There may be hidden changes to take into account. For example, a change in technology may cause changes
in work methods and processes which may in turn result in the breaking up of work groups.
Definition
Business process re-engineering is the fundamental rethinking and radical redesign of business
processes to achieve dramatic improvements in critical contemporary measures of performance, such as
cost, quality, service and speed. Hammer and Champy (2004)
As the definition states, business process re-engineering involves fundamental changes in the way an
organisation operates. For example, processes which were developed in a paper-intensive processing
environment may not be suitable for an environment which is underpinned by IT.
Other key words from the definition are 'radical', 'dramatic' and 'process'.
(a) Fundamental and radical indicate that BPR assumes nothing: it starts by asking basic questions such
as 'why do we do what we do', without making any assumptions or looking back to what has always
been done in the past. This is a ‘zero-based’ approach.
(b) Dramatic means that BPR should achieve 'quantum leaps in performance', not just marginal,
incremental improvements.
(c) A process is a collection of activities that takes one or more kinds of input and creates an output.
For example, order fulfilment is a process that takes an order as its input and results in the delivery
of the ordered goods.
3.5.1 Davenport and Short - five step approach to changing business processes
Davenport and Short (1990) prescribe a five-step approach to the redesign or changing of business processes.
Step 1 Answer the questions in the first column. These summarise the
Present method present process method, asking: what; how; when; where; and
who.
Step 2 Challenge each of your answers by asking 'Why?'
Challenge the current method
Step 3 Use column three to help you generate a range of improvement
Identify possible improvements options.
Step 4 Decide on the best option.
Best option
Case study
Example of BPR
A company employs 25 staff to perform the standard accounting task of matching goods received notes
with orders and then with invoices. A process review established that 50 per cent of employee time was
spent trying to match the 20 per cent of document sets that do not agree.
LO
7.8
4 Business processes and accounting information
systems
C
H
Section overview A
P
Information technology and information systems, including accounting information systems, often T
enable or facilitate the changing of business processes. E
R
One of the most direct ways in which an accounting information system impacts upon business
processes is the workflow management capability of Enterprise Resource Management (ERM)
systems. 7
(b) Expert systems may allow non-specialists to do work that previously required an expert.
(c) Telecommunications networks mean that businesses can simultaneously reap the rewards of
centralisation and decentralisation.
(d) Decision support tools allow decisions to be made by a larger number of staff.
(e) Wireless communication technology allows staff 'in the field' to send and receive information
wherever they are.
(f) Interactive websites allow personalised contact with many customers (or at least the appearance of
personalised contact).
(g) Automatic identification and tracking technology allows the whereabouts of material, inventory and
people to be monitored.
(h) High performance computing allows instant revision of plans rather than periodic updates.
(i) Workflow management systems enable the system to drive business processes.
Definition
An Accounting Information System (AIS) is a collection of data and processing procedures that
records and creates accounting related information.
Based on our definition of an Accounting Information System, many parts of an organisation's information
infrastructure could be considered as part of their AIS. For example, the transaction processing elements of
a website with e-commerce capability 'records and creates accounting related information'.
Therefore, the examples of the impact of IT on working methods listed in the previous section also
demonstrate the relationship between the AIS and business processes.
An Enterprise Resource Planning (ERP) system is a type of AIS. As we explained in Chapter 3, ERP systems
enable software to control workflow management, directly impacting upon business processes.
Case study
Workflow systems / process re-engineering
Work design, whether it is related to work in the factory or at the desk, is a process of arriving at the most
efficient way of completing tasks and activities that minimises effort and reduces the possibility of mistakes.
It is involved in increasing productivity and efficiency whilst maintaining or improving quality standards.
A workflow system is a system that organises work and allocates it to particular workstations for the
attention of the person operating the workstation. Workflow systems operate in three main ways; the
casework basis, the flowline basis and the ad hoc basis.
The casework basis functions by knowing the individual caseload of staff and directs existing cases to the
appropriate caseworker and new cases or customers are allocated on the basis of equalising caseload.
The flowline approach allocates a small number of tasks to each operator and the case flows along the line
from screen to screen.
The ad hoc system works on the basis of equalising workload, regardless of who may have dealt with the
case previously. The choice depends on the particular circumstances of the business and the approach taken
to customer service.
The advantages and benefits of workflow systems come mainly from improvements in productivity and
efficiency and better or speedier services to customers.
A list of possible benefits would be:
More efficient office procedures
Providing workflow management
Equalising of workloads
Monitoring of operator performance
Ensuring work gets done when it should get done
Possible disadvantages include employee specialisation in a small number of tasks before passing the work
on to the next person's screen, almost like a production line. This de-skilling can increase boredom and lead
to high staff turnover. It also reduces social contact.
Adapted from: 'Computer talk' – Workflow systems Trevor Bentley – Chartered Institute of Management
Accountants Articles database.
Business processes are easier to understand, and therefore easier to change, if they are accurately
documented.
Processes are usually documented using a combination of a written summary that describes the
process and a diagram or process map that illustrates it.
Business processes are usually easier to understand if they are illustrated or mapped.
C
There is a range of process mapping techniques including flowcharts and data flow diagrams.
H
A
Change, in a business context, should ideally be planned - although this isn't always possible as the P
business environment is volatile. T
E
R
To change or re-engineer a business process requires an understanding of the current process and
the desired process.
7
A number of steps can be identified in the changing of business processes.
Information technology and information systems, including accounting information systems, often
enable or facilitate the changing of business processes.
One of the most direct ways in which an accounting information system impacts upon business
processes is the workflow management capability of Enterprise Resource Management (ERM)
systems.
1 The first step when documenting business processes is to ask 'Why are things done this way?’
Is the statement above true or false?
A true
B false
3 List the three important factors we identified as important for managers to consider when
introducing change.
1 The statement is False. The fist step is to gather information that will enable the production of a
process map that accurately reflects the current process. ‘Why?’ is a question for later.
3 Three important factors for managers to consider when introducing change are pace, manner and
scope.
C
H
4 Hammer (1990) considered information technology as the key enabler of BPR. A
P
T
E
R
1 Some of the main reasons why business process re-engineering (BPR) can be important within the
organisation described are explained below.
Potential for cost savings
Often, the changed process will result in cost savings, such as those often experienced when
transaction processing is automated. It is likely that this organisation has experienced such savings
from the automation of transaction processing and administrative functions.
Keep up with competitors
If competitors improve their processes they are likely to be in a stronger position, which may
threaten the very existence of a competing organisation. For example, a competitor could innovate
leading to reduced costs, and may then be in a position to undercut prices. Improving processes in
line with competitors may be necessary simply to survive.
Competitive advantage
Competitors may not be in a position to copy the innovated processes (e.g. they may not have the
funds required to invest in IT). For example, the organisation may invest funds developing a website
that allows it to sell books direct to consumers. If the organisation's competitors lack the will or
funds to provide a similar service, this will provide a competitive advantage.
Driven by technology
Some BPR might become necessary when technological change means existing processes have
become archaic. For example, it is likely that 30 years ago the organisation operated a manual paper-
based transaction processing system.
Better decision making
Better quality internal systems and processes should result in the capture and availability of better
quality information. This should lead to better quality decision making. For example, a database of
historical sales information may allow better sales forecasting, allowing more effective production
planning.
Topic list
221
Introduction
Accounting scandals in several countries have prompted governments to enforce accounting standards, and
to try to ensure that companies disclose enough information so that their true financial position cannot be
concealed. The Sarbanes-Oxley Act (2002) in the United States and the Corporations Act 2001 in
Australia provide the framework to do this.
While some countries, notably the United States, rely on their own accounting standards, many are
adopting the International Financial Reporting Standards (IFRS) set by the International
Accounting Standards Board (IASB), though with some local variation.
New methods of reporting financial data, suitable for distribution on the Internet, are making it possible for
investors and scrutineers to examine the workings of companies in great detail. At the forefront of these
methods is XBRL, a language for reporting financial data in such a way that the values can be picked up by
other programs. International standardisation of much of XBRL allows such programs to access the data in
the same way for all companies, and compare the data for different companies. XBRL can be extended to
meet the local needs of countries and companies. Many governments insist that companies supply their
financial returns in XBRL format.
The chapter content is summarised in the diagram below.
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
1 List six of the stakeholders that would normally have an interest in the well (Section 2)
being of an organisation.
2 Describe two ways in which companies can reduce the risk of fraud. (Section 3.1)
3 When can accounting data be said to be reliable? (Section 3.1)
4 What is the meaning of Substance over Form? (Section 3.1)
5 What are the benefits of transparency to a company? (Section 3.2)
6 The XBRL data file containing the actual accounting data is called: (Section 5.1) C
H
A an instance A
B a validation file P
C a taxonomy T
E
D a mapping file R
7 What are the two organisations that set and enforce Australian accounting (Section 7.1)
standards?
8
8 What are the two Acts that ended most restrictive practices in Australia, (Section 7.1.3)
and enforced the use of accounting standards?
Beer drinkers
C
65%
H
Others A
2% P
T
E
Wine drinkers
R
33%
200
100
0
20X1 20X2 20X3 Year
Definition
Stakeholders are individuals or groups of people whose interests are affected by the activities of the
business.
LO
8.2
Unions and
Pensionable staff Families
previous associations Consumer
employees groups
Directors C
Employees
Managers Customers H
Shop floor A
Suppliers Direct customers P
T
End users E
Manufacturers Retailers R
Distributers ORGANISATION
Contractors Debt
holders 8
Pressure Government
Shareholders Banks
groups departments Investment institutions
Institutions Individuals
Environmental Taxation
Individuals
Moral Employment
Compliance Prospective
Trade investors
Often stakeholders are classified as either 'internal' or 'external' stakeholders. However, the classification is
not distinct, and is anyhow not vitally important. Shareholders as owners of the company could certainly
be internal, but as members of the public who may have invested in several companies they are external.
Banks are external if the company has borrowed from them, but internal if they happen to be
shareholders. Unions are internal since they are groups of employees, but external in that they may be
nationwide organisations with members in many companies. The deciding factor used in the list below is
that internal stakeholders are or have a close link with the employees or owners.
Unpredictable Low
Few Minimal Keep
but power
problems effort informed
manageable
Interest is usually interpreted as how likely it is for the stakeholder to be motivated to act.
The mappings indicate where the effort should be put for the most effect.
Employees are usually powerful. Exceptions would be if the workforce was unskilled, not
unionised, and easily replaced, or if there was a large proportion of contract workers. Employee
morale, on its own, can have power to determine success or failure. Interest is often high, but some
employees, such as nurses, can be reluctant to take any sort of industrial action. C
H
When attempting to influence any of the stakeholder groups, the most powerful individuals or sub- A
groups must be identified. For individual employees, the position in the management hierarchy is P
usually sufficient, though skilled workers who are difficult to replace will have more power than their T
position suggests. Department power is normally in proportion to their budgets, and by the amount E
R
of representation in the boardroom.
Extreme actions: Industrial action; refuse to relocate; resign.
8
Shareholders as the owners of the company have high power – at least in theory, although many
shareholders in listed companies are very passive. Interest is often low and predictability high
provided the share price and dividend payment are satisfactory. But if there are individual
shareholders with a large percentage of the shares, or if a group of smaller shareholders form an
alliance, they will often show a much greater interest and be much less predictable.
Extreme actions: Sell shares; vote to remove the management; vote against directors’ remuneration
packages.
Customers, particularly large ones, are powerful. If there are no customers, there is no company.
But they are predictable, and surveys or pilot schemes can usually determine what they will do.
Interest is inherently low and companies expend tremendous effort and money just trying to
increase that interest, for example by establishing a strong brand identity. Apple has been notably
successful in this: there are not many companies whose customers will queue round the block for a
new product. Social media, such as Facebook and Twitter, are increasingly being used in an attempt
to build brand loyalty and create ongoing customer involvement.
Extreme actions: Not buy; sue.
Suppliers are not powerful if there are a number of readily available alternative suppliers, as is
usually the case. A monopoly supplier is powerful. Their reactions to new proposals can depend on
many factors, so predictability is low. Their interest in their customers should be high.
Extreme actions: Refuse credit; court action (to recover debts); refuse to supply.
Debt holders have power if there are few alternative sources of funds. This depends on the
economic climate and the economic health of the company. Additionally, interest must be paid when
due or the debt holder is likely to start proceedings for receivership or liquidation.
Extreme actions: Raise interest rate; deny more credit; demand repayment; force receivership.
Oppose Support
High
Antagonists Allies
power
Those responsible for strategy should encourage coalitions of the most important and supportive
stakeholder groups, and encourage 'low priority' groups to be more involved. For antagonistic groups, the
priority is to defend the strategy, possibly by redefining it, and to communicate the purpose of the strategy.
Question 1: Stakeholders
Three companies intend to bring down costs by reducing wages and making employees work more flexible
shifts:
(1) A local public library
(2) A contract cleaning company
(3) An accountancy training company
How much power will the employees have in each case, and what effect might this have on the strategy
adopted by the companies?
(The answer is at the end of the chapter)
LO Reliable data is at the heart of an accounting information system. If the data is not reliable, nothing else is of
8.3 any consequence. Reliable data is truthful, accurate, complete, and capable of being verified.
Transparency is the ethical basis. It is not sufficient that data is reliable, it must be seen to be reliable and
complete. Transparency works at two levels:
Data about the company, its capitalisation, its profitability, and its liabilities must be accessible to
interested parties and in a form suitable for assessment and comparison.
The reliability of that data must be demonstrated by available supporting data and by proof of
independent auditing.
3.1 Reliability
Reliable accounting data is produced by systems and companies that adhere to the guidelines known as
Accounting Standards or Generally Accepted Accounting Principles (GAAP). The United States
relies on its own GAAP, but elsewhere the normally accepted standards are based on the International C
Financial Reporting Standards (IFRS) set by the International Accounting Standards Board H
(IASB). In Australia the Australian Accounting Standards Board (AASB) has issued 'Australian A
equivalents to IFRS', which are the IFRS standards along with some 'domestic' standards and interpretations, P
T
but these generally just slightly strengthen the IASB rules with regard to disclosures. E
R
The IFRS and US GAAP rules are broadly similar. IFRS rules require financial statements to show:
(a) Understandability: users are assumed to have a reasonable knowledge of business and accounting,
and information about complex matters should not be excluded on the grounds it is too difficult for 8
them to understand.
(b) Prudence: uncertainties that affect the reliability of information should be disclosed, and a degree of
caution exercised when making judgments.
(c) Reliability: information should be accurate and free from bias; prudence and disclosure should be
exercised when assigning a usable value to any 'soft' accounting data.
(d) Comparability: users must be able to compare the financial statements with those of other
companies, and with previous periods for the same company.
(e) Relevance: information should be presented so that its predictive value is maximised.
(f) Materiality: information is material if its omission or misstatement could influence users' economic
decisions. This often means that material items should be presented separately and should not be
aggregated with other items.
(g) Substance over form: financial statements must show the financial reality (the substance) rather
than the legal form of the transactions and events that underlie them.
(h) Completeness: no misleading omissions.
Inaccurate or unreliable data can be due to incompetence or to deliberate dishonesty. Dishonesty may
result from a desire to impress, or to cover up previous incompetence, or be part of a criminal fraud or act
of sabotage. This is tackled in three main ways:
(a) Regular auditing by an outside firm: part of the audit is to check that the accounting principles are
applied and conform to the standards.
(b) The adoption of adequate internal controls. While auditing may be too expensive for some small
businesses, internal controls are always necessary. The first step is the secure recording of
transactions at the time they occur, with safeguards against the files being tampered with afterwards.
Typical safeguards are password protection and automatic recording of all edits to the file. Measures
3.2 Transparency
Openness and acceptance of responsibility for bad decisions or performance as well as good, is the basis of
business integrity.
Definition
Transparency is the open and clear disclosure of relevant information to shareholders and other
stakeholders, and not concealing information that may affect decisions.
Transparency in the financial statements goes beyond the figures and notes to include voluntary disclosures,
above the minimum required by law, of liabilities, problems, and forecasts. At the basic level it is the duty of
managers, who (presumably) know what is going on, to transmit that knowledge to the owners. In the
wider context, a company with a reputation for openness will gain more trust among shareholders and
potential investors.
There are situations in which transparency is not appropriate:
Decisions on future strategy, knowledge of which could benefit competitors.
Discussions leading to decisions which are to be made public.
'Trade secrets' which do not affect decisions made by stakeholders.
Confidential data concerning individuals.
Transparency also requires that the data be accessible to whoever has an interest in it. This is now normally
achieved by publication on the Internet. A new set of standards and formats (mainly XBRL, described later)
will make it possible for all companies to be inspected, and in the same way.
5 XBRL
Section overview
The eXtensible Business Reporting Language (XBRL) is a method of recording business data
in a file where each of the data items is stored with a tag which can be used to retrieve that data.
Definition
eXtensible Business Reporting Language (XBRL) is an open standard for the electronic
communication of business and financial data that supports information modelling and the expression of
semantic meaning. The language has been built and promoted by XBRL International, a worldwide
consortium of approximately 550 companies and agencies.
XBRL is based on another language called XML (eXtensible Markup Language) which also has tags, and
is widely used. In both languages the data and its tag are written as:
<price>1200</price>
The opening <price> defines the start of the tagged data and </price> defines its end. This construction is
called an element in XML, and either an element or a concept in XBRL.
Definition
A tag is a mechanism used in markup languages, such as XML, to describe and locate data. XBRL tags are
generally a word or words enclosed in angle brackets to denote an opening tag, and the same but with a
forward slash for an ending tag.
Tags can include attributes which describe more about the data:
<price currency="AUSD">1200</price>
Attributes can also be used to link to other elements and to define relationships and actions, and even to
indicate how the data should be displayed, such as defining the number of decimal places.
Definitions
An attribute is an XML element property used to describe name-value pairs.
A taxonomy is an electronic dictionary of business reporting elements used to report business data.
Definitions
An instance is an XBRL business report containing tagged business facts together with the context in
which they appear and any further attributes needed to describe them.
An element in XBRL is a business reporting concept defined in a taxonomy and quantified in an XBRL
instance document.
Validation is the process of checking that an instance document meets the syntactical and semantic rules
provided in its associated taxonomy. Validation also confirms that XBRL reports and taxonomies conform
to the XBRL specification.
An extension taxonomy is one that is created on top of a public taxonomy to further define necessary
reporting concepts that have not been previously defined.
Software based on the taxonomy will write the actual elements, and get the data from existing accounting C
files if possible, though initially at least some of the data may have to be entered manually. Validation H
software will check that the rules have been followed. The taxonomies themselves are written in the XML A
language. P
T
Because XBRL is extensible, countries and the larger companies each have additional extension E
R
taxonomies to allow for their particular requirements. But many national and international groups have
been working for several years to make the public XBRL taxonomy encompass as much as possible, and
ensure that the basic elements of turnover, expenditure, capitalisation and so on are present and the same
8
for all companies.
If the mapping for an item cannot be done because there is no suitable tag in the taxonomy, then a new tag
must be created in the company's extension taxonomy.
Mapping is often difficult, and some items in a company's accounting system may be associated with different
tags depending on the circumstances. When creating the XBRL instance, manual intervention may be
needed to select the correct tag, until such time as software is written to do the selection automatically.
On the other hand, for some accounting systems there are already programs to do the mapping and the
whole production of the XBRL instances is easy.
Tagging to create
the instance file
consists of getting
this data and this tag
and transferring them
to the file
Tag and amount
transferred to the
XBRL instance file
...
<CostGoodsSold>123456
</CostGoodsSold>
C
Tagging is the production of the final XBRL instance file. Apart from this, the term tagging is not well H
defined. It may refer just to the manual entry of those items which fail to be done automatically. Sometimes A
it is used to include the mapping, particularly if software exists to use the mapping directly to generate the P
T
XBRL instance. E
R
(a) Software must be obtained or written to collect data as determined by the mapping and extension.
Where this is not possible or until such time as the software is written, some data will have to be
keyed in manually:
8
Existing company
accounting system
STATEMENT OF COSTS
... First, create a report using the existing system
Cost of goods sold …123456
Tagging
...
<CostGoodsSold>123456
</CostGoodsSold>
- if there is no
match, the item will
Print go into the There are standard
company's programs to assist in
extension this, using the list of
STATEMENT OF COSTS matching items from
... taxonomy
the mapping
Cost of goods sold …123
456
Question 3: Taxonomies
Who defines the various parts of a typical XBRL taxonomy?
(The answer is at the end of the chapter)
Section overview
C
Regulators are organisations that police other organisations to ensure they do not act illegally. H
Their role is the prevention of such acts, as well as detection. A
P
‘Watchdog’ is an informal name given to regulators T
E
R
6.1 The need for regulation
LO A great many financial catastrophes have resulted from fraudulent or inadequate financial reporting.
8.7 8
th th
In the UK in the 16 and 17 centuries, some associations were given legal status separate from the
individuals forming them, either by royal charter or act of parliament. Usually this process of
incorporation was accompanied by the granting of a monopoly in some items or in a geographical
location. Examples are the East India and Hudson Bay companies. There was little regulation. The East India
Company, for instance, conducted wars and plundered the state of Bengal. The cost of its military ventures
eventually brought it to the edge of collapse. State intervention was required, and parliament took greater
control over the company.
6.1.1 Bubbles
The rapid expansion of trade during the 17th and 18th centuries meant that companies, incorporated or not,
often had or required large amounts of capital, and they grew larger and had many passive investors. Usually
shares in unincorporated companies were freely transferable, and the market in these shares was often
volatile. There was much fraudulent trading based on vague promises and inflated estimates. Prices might
rise dramatically (‘bubbles’) and fall even faster.
7.3.1 China
Chinese accounting standards originated in a socialist period in which the state was the sole owner of
industry. Therefore they are less a tool of profit and loss, but an inventory of assets available to a company.
However, in recent years, the Finance Department of the Chinese Government has issued new accounting
standards which are some 90% compliant with the IFRS.
The China Securities Regulatory Commission (CSRC):
sets regulations governing the markets;
regulates listed companies, auditors, securities and investment funds;
oversees stock and bond issues;
issues penalties.
7.3.2 India
Accounting practice in India largely follows that in the United Kingdom. No regulatory body is specifically
responsible for the establishment of accounting principles, though in several accounting areas, mandatory
requirements for accounting practices are included in the Companies Act.
All listed companies should be IFRS compliant by 2014.
Pressure for visibility and standardisation increased greatly when, in 2009, the chairman and founder of
Satyam Computer Services Limited, a company with over 40,000 employees, admitted that the company’s
accounts had been greatly falsified to keep the share price high. This has been compared to the Enron
scandal in the US (see below).
7.3.3 Japan
The Accounting Standards Board of Japan had agreed to resolve all inconsistencies between the
current JP-GAAP standards and IFRS by 2011 and that all companies should be IFRS compliant by 2016.
However, the Japanese government has delayed the adoption of IFRS for publicly traded companies as a
result of concerns over the additional costs this would cause for Japanese companies struggling since the
earthquake and tsunami hit Japan in March 2011.
The government and the FSA have abandoned the compulsory adoption of IFRSs by 2016 and the decision
on whether or not to adopt IFRS is pending. If IFRSs are to be adopted there is likely to be a substantial
transition period.
7.3.4 Malaysia
Accounting standards are issued by the Malaysian Accounting Standards Board (MASB), which is
overseen by the Financial Reporting Foundation. MASB expects Malaysia to be in full convergence with
IFRS by 2012.
The Securities Commission of Malaysia is a combined regulator with the role of protecting the
investor, and encouraging and promoting the development of the securities and futures markets.
7.3.5 Singapore
Singapore’s accounting standards are closely aligned with the IFRS.
The Monetary Authority of Singapore (MAS) is the central bank and the financial regulatory authority
for Singapore.
Following the Trial Balance, management reports summarise, check budgets, and further analyse the
accounting data.
Stakeholders are individuals or groups of people whose interests are affected by the activities of
the business.
Stakeholders include employees, suppliers, customers, the government, shareholders, debt
holders, and various pressure groups.
Reliable accounting data results from the application of accounting standards.
The International Financial Reporting Standards (IFRS) are issued by the International
Accounting Standards Board (IASB).
The Australian Accounting Standards Board (AASB) defines the accounting standards for
Australia. These are the IFRS with some extensions.
Transparency is the open and clear disclosure of relevant information. It is a prime objective of the
accounting standards.
Hard data has definite values. Soft data results from value judgments.
Extensible Business Reporting Language (XBRL) is a method that can make accounting data C
accessible to a wide range of interested parties. H
A
International standards for XBRL are set by XBRL International, a consortium of several hundred P
T
companies and agencies. E
R
Each country and the larger companies extend XBRL to suit their own needs.
XBRL is based on XML (eXtensible Markup Language).
8
XBRL tags each data item so it can be retrieved by software.
Each tag can have a number of attributes.
Mapping is the process of matching items in the company's existing accounting system with the
corresponding items in the XBRL GL taxonomy plus the national extension. The list of matching
items is then used in the tagging operation, and to write software to produce the XBRL instance
automatically.
Tagging is taking accounting data from the existing accounting system and matching each item with
the corresponding tag in the taxonomy before tag and item are put into the XBRL instance.
The Australian Securities and Investments Commission (ASIC) enforces the accounting
standards set by the AASB.
The Trade Practices Act 1974 put an end to many restrictive practices in Australia.
The Corporations Act 2001 enforced accounting standards in Australia.
The Sarbanes-Oxley Act 2002 enforced stricter reporting standards in the USA, following several
accounting scandals.
The Dodd-Frank Act in the USA considerably increases consumer and national protection relating to
financial products, financial instruments and financial companies.
1 Employees are stakeholders in an organisation. What other stakeholders are associated with the
employees?
2 What is a taxonomy, and what is the XBRL taxonomy?
3 Who sets the accounting standards?
4 Who sets the XBRL standards?
5 In the XBRL trials, the most frequent error was the omission or misplacement of values on the final
display. What reduces the importance of this problem?
6 In order of preference, data being reported to management within a company should, if possible, be
displayed as
A bar or pie chart, table, graph
B graph, bar or pie chart, table
C bar or pie chart, graph, table
D table, bar or pie chart, graph
7 What is the difference between mapping and tagging?
8 What does the GL in XBRL-GL stand for?
A General Legends
B Global Ledger
C Generic Ledger
D General Ledger
1 The employees’ families depend on the salaries paid by the organisation, and are therefore
stakeholders.
Previous employees who are receiving or expect to receive a pension from the company’s pension
fund.
Trade unions, employee associations, professional bodies.
2 A taxonomy is an electronic dictionary of business reporting elements used to report business
data.
The XBRL taxonomy is the rules about what tags and attributes can be or must be used in an XBRL
instance.
3 Some countries, such as the United States, set their own standards based on their Generally
Accepted Accounting Principles (GAAP). Most countries follow the International Financial
Reporting Standards (IFRS) set by the International Accounting Standards Board (IASB),
and amend or extend the rules slightly. In Australia the Australian Accounting Standards Board
(AASB) defines the enforced standard, based on the IFRS.
4 XBRL International, a consortium of several hundred companies and agencies, defines and
promotes the common international XBRL tags and rules. Each country adds its own extensions, as
C
do the larger companies. H
A
5 The definition of how data is displayed does not affect how the data itself is accessed by software P
packages. The data may not display correctly, but still be correct and correctly tagged, and could be T
picked up by whatever software is used. That software may not display the item at all, or may do its E
own display without requiring the default display rules in the taxonomy. R
Testing the default display parts of the taxonomy is time consuming and often given low priority.
6 C – bar or pie chart, graph, table 8
7 Mapping is the process of matching items in the company’s existing accounting system with the
corresponding items in the XBRL GL taxonomy plus the national extension.
Mapping is done once only.
Tagging is taking accounting data from the existing accounting system and allocating each item with
the corresponding tag in the taxonomy before tag and item are put into the XBRL instance.
Tagging is repeated each time an XBRL instance is created.
8 Global Ledger. The XBRL-GL taxonomy allows access to the detailed data. Summary data, as in
financial statements, is in the taxonomy XBRL-FR (FR for Financial Report).
249
250 IT and Business Processes
Chapter 1
1 Which of the following are reasons an organisation would collect and store data and information?
I to help decision-making
II for planning purposes
III to record transactions
IV to measure performance
A I and III only
B II and IV only
C I, III and IV only
D I, II, III and IV
2 Which one of the following correctly represents the elements of the PEST framework?
A Policy, Economic, Social, Technological
B Political/legal, Economic, Social, Taxation
C Parliament, Economic, Social, Technological
D Political/legal, Economic, Social, Technological
3 Which one of the following could be used as a key field in an employee database of approximately
five thousand employees?
A surname
B department
C date of birth
D employee number
4 What name is given to the software that extracts or selects items from within a database?
A record pointer
B query language
C data administrator
D data activity monitor
5 Which one of the following is not a database storage model?
A SQL
B network
C relational
D hierarchical
6 In an Entity Life History diagram, what symbol is placed in the top right corner of a box to indicate
alternatives (selection)?
D cross
A circle
C triangle
B asterisk
2 Which one of the following represents a likely potential barrier to the successful implementation of
an internal knowledge management initiative?
A privacy issues
B competitor activity
C the need for confidentiality
D staff reluctance to provide knowledge
1 In which stage of the systems development life cycle (SDLC) would new software be written?
A system design
B system analysis
C system investigation
D system implementation
2 A potential system's feasibility would be judged against which of the following criteria?
I technical feasibility
II economic feasibility
III social feasibility
A I and II only
B I and III only
C II and III only
D I, II and III
3 Which method of system investigation is best suited to a situation where a limited amount of specific
information is required from a large number of individuals?
A interviews
B observation
C questionnaires
D user workshops
4 Entity relationship models contain which of the following elements?
I entities
II attributes
III processes
A I and II only
B I and III only
C II and III only
D I, II and III
5 New systems should be designed to meet an agreed requirements specification. Which parties are
involved in determining such a specification?
I users
II developers
III management
A I and II only
B I and III only
C II and III only
D I, II and III
6 Which type of system testing tests one function or part of a program to ensure that it operates as
intended?
A unit testing
B logic testing
C program testing
D user acceptance testing
Labour
Materials Customers
Cash
A B C
Subsystems: Subsystems: Subsystems:
Purchasing/Accounts payable Production planning and Sales order
Payroll control processing
Fixed assets Cost accounting Cash receipts
Finished goods
Cash
A .....................
B .....................
C .....................
1 Which of the following are principles of data quality as identified by Wang and Strong?
I timeliness
II believability
III availability
A I and II only
B I and III only
C II and III only
D I, II and III
2 Which of the following are procedural controls?
I numbering documents
II backup
III file size checks
A I and II only
B I and III only
C II and III only
D I, II and III
3 Which of the following are technical controls?
I limiting data access to secure locations
II allocating passwords and system privileges to certain employees
III requiring amendments to data to be documented
A I and II only
B I and III only
C II and III only
D I, II and III
4 Anti-virus software installed onto an infected computer is an example of which type of control?
A preventive
B procedural
C detective
D corrective
5 Which method of system security disables part of the system's telecoms technology to prevent
unauthorised intrusions?
A firewalls
B encryption
C authentication
D anti-virus software
6 Which of the following is the main risk for customers in face-to-face transactions?
A receiving defective goods
B failure to receive their goods
C cloning of their debit or credit card
D personal details such as name and address being stolen
1 Which one of the following techniques is likely to produce the most reliable record of how a
business process is performed?
A a group meeting
B an individual interview
C workplace observation of staff
D a group workshop with role play
3 Which of the following are steps recommended by Tucker when changing business processes?
I summarise the present method.
II challenge the current method.
III identify possible improvements.
IV decide on the best option.
A I and IV only
B II and III only
C I, III and IV only
D I, II, III and IV
4 Which one of the following is not one of the three main ways in which workflow systems operate?
A ad hoc
B flowline
C relational
D casework
263
264 IT and Business Processes
Chapter 1
1 C Data management is not considered part of the IT platform, although it is part of the IT
infrastructure.
2 C Software is the name given to the program or sets of programs that instruct and manage
computers.
3 D A legacy system is an old system that continues to be used due to the high cost or
inconvenience involved replacing it.
5 D Data theft, fraud, radiation and tapping are all risks associated with transmitting data
over network communications lines.
1 D All four are reasons why an organisation may collect or store data and information.
3 D A unique employee number would be allocated to each employee and used as the key
field. The other options could all have duplicate values, for example if two employees were
born on the same day.
6 B In an Entity Life History, if events are alternatives (selection) a small circle is placed in the
top right hand corner.
7 D Training requirements, hardware needs, database security and DBMS selection should all be
considered when implementing a new database (as should many other factors as covered in
section 7 of Chapter 2).
8 D Accounting Information Systems (AIS) often utilise database technology and are sometimes
used to support the production of management, marketing and other types of information.
9 A Profiling involves the use of a database to identify individuals who share certain
characteristics.
1 A ERP systems eliminate the need for separate systems and separate data silos. They also aim to
eliminate data duplication (data redundancy) through using a central database that holds data
that is utilised by all system modules.
2 D Staff reluctance is the most likely potential barrier. The motivation to share hard-won
experience is sometimes low as the individual feels they are 'giving away' their value.
4 D A digital dashboard is unlikely to include the relatively lengthy text required for detailed
financial commentary.
5 B Data mining software is used to search and analyse large pools of data with the aims of
predicting trends and behaviours and looking for hidden, previously unknown patterns and
relationships.
1 D Software can only be written once the system has been designed and so this would occur in
the implementation phase.
3 C Questionnaires are best suited to situations where a limited amount of specific information
is required from a large number of individuals as they are quick and relatively cheap to
conduct.
6 A Unit testing tests one function or part of a program to ensure that it operates as intended.
7 B System reviews should ideally be performed between one month and one year after
system implementation. Option A is too early and options C and D are too late.
6 C As customers collect goods from the shop there is little or no risk of receiving defective
goods or of receiving no goods at all. Most transactions do not require customers to share
their personal details. The main risk is of card cloning.
1 C Observing how staff perform the process in the workplace is likely to produce the most
accurate record of the process. Even this is not completely reliable though, as the fact that
staff are being observed may influence their behaviour.
4 C Workflow systems operate in three main ways; the casework basis, the flowline basis and
the ad hoc basis.
273
274 IT and Business Processes
Chapter 1
2 IT components are sometimes referred to as the IT platform. This includes hardware, software,
networking and communications components.
3 The correct answer is B. Work stations are powerful computers, usually for technical or scientific
applications, such as complex graphics or complex calculations.
4 A DSS is a Decision Support System. Decision Support Systems combine data and analytical
models or data analysis tools to support semi-structured and unstructured decision making.
6 Two from bus, ring, star or tree. Refer to Section 4.1 to check your diagrams.
7 In a client-server network, server computers hold and provide resources to client computers. In a
peer-to-peer network, each computer has equivalent capabilities and responsibilities – devices
communicate direct with each other.
8 A table held in memory that contains a list of all the networks that a router is connected to.
9 Generally, centralised networks are easier to control as data is held in a single location and
communication channels are more easily monitored and controlled. Although distributed networks
are more difficult to control, they offer greater flexibility.
1 Some of the main reasons organisations collect and store data are to:
Record transactions
Facilitate planning
Identify that control action is needed
Measure performance
Facilitate informed decision making
3 A database record contains the data fields relating to one entity, for example one employee in a
payroll file.
4 The term 'database system' is used to describe a wide range of systems that utilise a central pool
of data.
6 An Entity Relationship Model (ERM) shows what data a system requires (the logical data
requirements) independently of the system's organisation and processes. The ERM provides a static
view of data requirements.
Step 1 Define the scope of the project and the proposed database
Step 5 Training
8 An AIS collects, records, stores, and manipulates financial data, and then converts this data into
meaningful information for financial reporting and management decision making. Accounting
Information Systems utilise databases in a number of ways. For example, the accounts receivable
ledger stores customer data, the accounts payable ledger stores information about suppliers, and
payroll holds information about employees.
9 Encryption helps maintain confidentiality by encoding data in such a way that only authorised users,
who have the correct 'key', can read the data. Encryption therefore renders data unreadable to
unauthorised users.
10 Electronic databases enable organisations to capture and store vast amounts of data about individuals
and other organisations. They often contain sensitive data, for example credit card numbers or
medical records. Risks include unauthorised data linking and sharing and the existence and
propagation of errors.
2 Productivity software refers to general office application software such as Microsoft Office –
including word processing (Word), spreadsheet (Excel), scheduling (Outlook), presentation
(PowerPoint) and other types of software used by individuals to improve their productivity.
3 Digital dashboards are software tools that provide a high level, summarised view of the
performance of an enterprise. Sometimes called an executive dashboard, an enterprise dashboard or
a management cockpit, they provide rapid access to timely information and direct access to
management reports. Information is presented in a clear, user friendly format, usually including
graphics.
4 Data mining software analyses data with the aim of discovering previously unknown,
potentially useful relationships. Data mining uses statistical analysis tools as well as fuzzy logic
and other intelligent techniques.
4 A DFD is a Data Flow Diagram. Data flow diagrams are often produced during systems analysis to
provide a diagrammatic representation of how the system works.
5 Logical design involves describing the purpose of a system, i.e. what the system will do. Logical
design does not include any specific hardware or software requirements as it is more concerned
with the processes to be performed.
6 Unit integration testing involves testing two or more software units to ensure they work
together as intended. This would usually be carried out after unit testing has established that
individual units or parts of a program operate as intended.
7 Metrics are quantified measurements relating to system performance. They should be carefully
thought out, objective and stated clearly. Examples of metrics include system response time, the
number of transactions that can be processed per minute, the number of bugs per hundred lines of
code and the number of system crashes per week.
8 Adaptive maintenance is carried out to take account of anticipated changes in the processing
environment. For example, new taxation legislation might require changes to be made to payroll
software.
1 Juran describes data as having good quality if they are 'fit for their intended uses in operations,
decision making and planning'.
2 Procedural controls manage the human aspects of system activity and are usually placed on the
day-to-day running of the system. They can be divided into three sub-categories, input controls,
processing controls, and output controls.
3 Technical controls address security issues such as authorisation, documentation, backup and
recovery.
4 In general terms, preventive controls are more cost-effective than those which detect or correct
problems because they reduce or eliminate the problems occurring in the first place. By definition,
detective and corrective controls allow errors or damage to occur.
5 Privacy is the right of an individual or organisation to control access to information relating to them.
6 The two main security risks to organisations (when acting as the vendor) in Internet
transactions are:
The customer is using fake bank or credit card details and so they will not be paid
Goods are not received by the customer so replacements have to be sent
1 You should speak with the people who do the work associated with the process. Identify the
person or people who really know the process, this usually means experienced employees. These
people should walk and talk you through their part of the process and answer any questions.
2 Below are examples of commonly used flowcharting symbols. Remember though that different
people and organisations may use different symbols.
Flowcharting symbols
Start/End
Action or
process
A box can represent a single step (‘add two cups of flour’), or an entire sub-process
(‘make bread’) within a larger process.
Document
A printed document or report. This symbol is not always used – it depends upon the
level of detail required in the model.
Decision
3 Business process re-engineering is the fundamental rethinking and radical redesign of business
processes to achieve dramatic improvements in critical contemporary measures of performance,
such as cost, quality, service and speed. Hammer and Champy (2004).
4 An Accounting Information System (AIS) is a collection of data and processing procedures that
records and creates accounting related information. An Enterprise Resource Planning (ERP) system
is one type of AIS. ERP systems use software to control workflow management, directly
impacting upon business processes.
1 For example: Employees, shareholders, suppliers, customers, government, banks – but others are
possible.
2 Regular auditing by an outside firm.
Rotation of duties – but other answers are possible.
3 Reliable accounting data is produced by systems and companies that adhere to the national
guidelines known as Accounting Standards or Generally Accepted Accounting Principles
(GAAP).
There should be regular auditing by an outside firm.
There must be adequate internal controls to prevent records being falsified.
4 Financial statements must show the financial reality (the substance) rather than the legal form of the
transactions and events that underlie them.
5 Transparency:
Builds trust and reputation
Lenders prefer companies that do not conceal problems
Many investors may select only companies that give the fullest disclosure
If the company’s performance is good, making evidence of that more widely available will attract
more investors.
6 A - An instance
7 AASB, The Australian Accounting Standards Board
ASIC, The Australian Securities & Investments Commission
8 Trade Practices Act 1974
Corporations Act 2001
285
286 IT and Business Processes
Accounting information system (AIS). The system that collects, records, stores and processes data to
keep and maintain a company’s accounting system. This includes the purchase, sales, and other financial
processes of the business.
Ad networks. Use web bugs to create a personal profile of the sites a person is visiting. This information
is stored in a database belonging to the ad network and in turn determines what banner ads the user is
shown.
Architecture. The structure of a system or IT service, including the relationships of components to each
other and to the environment they are in. Architecture also includes the standards and guidelines for the
design and evolution of the system.
Attribute. An XML element property used to describe name-value pairs.
Australian Accounting Standards Board (AASB). Produces and promotes accounting standards. It
does not enforce standards or check that individual companies are adhering to the standards – that is the
duty of the ASIC. It was set up under the Australian Securities and Investments Commission Act 2001.
Australian Competition and Consumer Commission (ACCC). Promotes competition and fair trade
in the market place. It was formed in 1994 with the amalgamation of the Australian Trade Practices
Commission and the Prices Surveillance Authority to administer mainly the Trade Practices Act (1974).
Among other things, this Act legislates against companies gaining market dominance (usually through
mergers) and so lessening competition. The ACCC acts as a corporate watchdog to monitor and enforce
this.
Australian Prudential Regulation Authority (APRA). The financial sector is regulated by APRA,
which was set up as a result of the Financial System Inquiry (better known as the Wallis Inquiry) in 1996 to
examine the results of the deregulation of the Australian financial system. It also resulted in ASIC becoming
the consumer regulator in the financial system.
Australian Securities & Investments Commission (ASIC). Australia's corporate regulator. It is an
independent government body that enforces and regulates company and financial services laws in the
interests of Australian consumers, investors and creditors. ASIC was originally the Australian Securities
Commission (ASC). The ASC came into being as a result of the ASC Act 1989 and replaced the National
Companies and Securities Commission and the Corporate Affairs offices of the states and territories, and
unified corporate regulation throughout Australia.
In 1998 the ASC was also made responsible for consumer protection in superannuation, insurance, deposit
taking and (from 2002) credit, and became the ASIC.
The ASIC is often referred to as Australia's corporate watchdog. It monitors the stock market for unusual
trading activity and investigates company collapses as well as checking that accounting standards are
maintained.
Australian Taxation Office (ATO). The ATO administers Australia's tax system and collects income
tax, fringe benefits tax, Goods and Services Tax and other indirect taxes and excise. It also administers
some benefits and parts of the superannuation system.
Balanced scorecard. Allows an organisation to divide a vision, or overall objective into the smaller pieces
or necessary steps that will allow it to occur. For example, goals and measures of performance can be set
in a number of dimensions such as Financial, Customer, Internal, and Innovation.
Batch processing. Involves transactions being grouped and stored before being processed at regular
intervals, such as daily, weekly or monthly. Because data is not input as soon as it is received the system will
not always be up-to-date.
Bit. The smallest item of computer storage is referred to as a bit.
Blog. A website containing descriptions of events and personal experiences, or comments or reviews.
Bluetooth. Connects mobile devices wirelessly to each other or to desktop PCs.
Bridge. Joins two networks together, so as far as data packets are concerned it looks like one large
network.
Cat 5/cat 6. Stands for category 5 and category 6 and refers to the type of wiring used in Ethernet
network.
Central Processing Unit (CPU). The CPU, or microprocessor, can be thought of as the brain of a
computer system. The CPU is a chip that deciphers and executes your commands.
Centralised network architecture. Involves all processing being carried out on one or more processors
at a single central location.
Client. There are three meanings that apply in a data environment. In the first, a client is a customer (as
opposed to the organisation which provides a service or product). In the second definition, a client is a
computer that is used directly by a user, for example PCs, handheld computers, or workstations. In its third
usage, the term client means the part of a client/server application that the user directly interfaces with (for
example, an email client).
Client/Server. The splitting of an application into tasks performed on separate computers connected over
a network. In most cases, the ‘client’ is a desktop computer or a program ‘served’ by another networked
computing device.
Client-server network. A configuration in which desktop PCs or similar devices are regarded as 'clients'
that request access to services available on a more powerful server PC, for example access to files, or to
printing or to e-mail facilities.
Cluster area network. See system area network.
Computer Aided Design (CAD). The use of information technology in product design.
Computer Aided Manufacturing (CAM). The physical control of the production process or part of it
by computers, as applied in robots, computer numerical control tools.
Conceptual model. A descriptive model of a system based on qualitative assumptions about its elements,
their interrelationships, and system boundaries.
Consolidation. An analytical operation performed by On-line Analytical Processing (OLAP) database servers,
which involves computing all of the data relationships for one or more dimensions. For example, sales
offices can be rolled-up to districts and districts rolled-up to regions.
Cookies. An Internet cookie is a packet of information sent by a server to a browser, which is then used
by the browser each time it accesses the server. Cookies are typically used to authenticate a registered
user of a web site, or personalise the site, or maintain an online shopping cart. Originally developed by
Netscape, cookies offer convenience to the visitor if care is taken by the website. One of the controversies
surrounding cookies is their ability to build a personal profile of the user's browsing and purchasing habits.
Data. The raw material for data processing. Data consists of numbers, letters and symbols and relates to
facts, events, and transactions.
Data cube. At the core of OLAP tools lays a multidimensional data model. The best and most typical way
to visualise this is in the form of a data cube. In general, each cube is defined by two entities, measurements
and metric. A metric is basically the dimensions in which data in an organisation is kept. Time (in years,
quarters or months) or region (north, south, east west), would be examples of metrics. Measurement, on
the other hand, represents values of the data that is being stored. Think of measurements as quantities in
which we want to analyse relationships between metrics. Measurements are typically numeric in nature.
While time (in years, quarters or months) is an example of a metric in the example given above, yearly sales
or average quarter-to-quarter growth are examples of measurements.
Data field. Several characters combine to form a data field, for example an account balance. Other names
for a data field are 'attribute,' 'column,' or simply 'field'.
Data flow. Represents the movement or transfer of data from one point in the system to another.
Data flow diagrams. Show the ways in which data is processed, and may be used to help map a process.
Data governance. Refers to the overall management of the availability, usability, integrity, and security of
the data employed in an enterprise.
Data management. Comprises all the disciplines related to managing data as a valuable resource.
Data mart. Similar to a data warehouse but the mart holds data relating to a specific department, function
or area of the business.
Data mining. An analytic process designed to explore data (usually large amounts of data and typically
business or market related) in search of consistent patterns and/or systematic relationships between
variables, and then to validate the findings by applying the detected patterns to new subsets of data. The
ultimate goal of data mining is prediction – and predictive data mining is the most common type of data
mining and one that has the most direct business applications.
Data processes. Data being used or altered. The processes could be manual, mechanised or
computerised.
Data store. A point which receives a data flow and holds data.
Data warehouse. Consists of a database, containing data from various operational systems, and reporting
and query tools, which enable data to be analysed outside of operational systems.
Database. A collection of logically-related records and files organised to service many applications. A
database consolidates many records previously stored in separate files, so that a common pool of data
records serves many applications. An organisation's database can contain facts and information on
customers, employees, inventory, competitors' sales, on-line purchases and much more. It provides
convenient access to data for a wide variety of users and user needs.
E-commerce. Transactions made between buyers and sellers using the Internet or other electronic
methods.
Element. An element in XBRL is a business reporting concept defined in a taxonomy and quantified in an
XBRL instance document.
Email (electronic mail). An electronic document (usually a message) sent to a person or group on the
Internet. When used as a verb, ‘email’ refers to the act of sending the document.
Email attachment. A data package sent via email, for example a Word document from a colleague, or a
photo from a friend.
Encryption. A way of scrambling information so that data can stay secure. It aims to protect confidentiality
by rendering data unreadable to unauthorised users.
End user. The person who is executing applications on the workstation.
Enterprise collaboration systems. Information systems that use a variety of information technologies to
help people work together to collaborate and communicate ideas, share resources and co-ordinate co-
operative work between teams.
Enterprise Information Portals (EIP). Serve as a gateway to an organisation's information and
knowledge. They deliver personalised business data and content directly to employees, business partners
and customers. The portal often is often similar to a website and extranet combined.
Enterprise Resource Management (ERM) systems. See Enterprise Resource Planning (ERP)
systems.
Fast Ethernet. A new Ethernet standard that supports 100 Mbps using category 5 twisted pair or fibre
optic cable.
Feasibility study. Involves a review of the existing system and the identification of a range of possible
alternative solutions. A feasible (technical, operational, economic, social) solution will be selected – or a
decision made not to proceed.
Feedback. In information systems, feedback is information from the system that is used to make changes
to input or processing activities.
Fibre optic cable. A cable, consisting of a centre glass core surrounded by layers of plastic, that transmits
data using light rather than electricity. It has the ability to carry more information over much longer
distances.
Field. See Data field.
Gate keeping. The restricted access to services, privileges, benefits or opportunities on the basis of
certain data values.
Gateway. Converts the data passing between dissimilar networks so that each side can communicate with
the other i.e. it converts data into the correct network protocol.
General Packet Radio Service (GPRS). An extension to GSM which organises data into packets,
resulting in higher data transmission speeds. Among other things, this allows continuous Internet access and
more advanced messaging.
Gigabyte (GB). One billion bytes of information or one thousand megabytes.
Global Ledger Taxonomy (or XBRL-GL). Allows the representation of anything that is found in a chart
of accounts, journal entries or historical transactions, financial and non-financial. This defines the underlying
data elements in AIS, and is available from the XBRL International web site www.xbrl.org/GLFiles/.
Global System for Mobile Communications (GSM). By far the most widely used mobile telephone
system in the world. Control signals and speech are both transmitted digitally.
Graphical Robotics Applications Simulation Package (GRASP). A 3-D graphical simulation system
used by engineering companies for evaluating and programming industrial robots.
Groupware. Software that provides functions for the use of collaborative work groups.
Hard data. Data that can be verified objectively, satisfies audit criteria, and is considered reliable. The rules
for generating the data are inflexible with little scope for guesswork or human feeling for a situation. Hard
data is characterised by clear objectives, and a clearly defined problem which can be solved by standard
techniques, and it is obvious when a solution, a particular value, has been achieved.
Hardware. The various physical components that comprise a computer system, which are used to
perform input, processing and output activities. Hardware resources include the computer, its peripherals,
and consumables such as stationery.
Hub. The network hub allows computers to share data packets within a network.
Information. Data that have been processed in such a way as to be meaningful to the recipient. Data are
subjected to a 'value-added' process (data processing or information processing) where their form is
aggregated, manipulated and organised or their content is analysed and evaluated and is placed in a proper
context for a human user.
Information infrastructure. Includes all of the people, processes, procedures, tools, facilities, and
technology which support the creation, use, transport, storage, and destruction of information.
Information superhighway. A 1990s concept for a high-speed computing and communications network
that would deliver ubiquitous voice, telephony, data, video and other communications. The Internet itself
Logical design. Describing the purpose of a system, i.e. what the system will do. Logical design does not
include any specific hardware or software requirements as it is more concerned with the processes to be
performed.
Near field communication (NFC). Very short range communication between two enabled devices.
Often initiated by tapping one device with the other.
Netiquette. Short for 'Internet etiquette’, netiquette refers to standards of courtesy in electronic
communications.
Object-oriented databases. Emerged in the mid-1980s, but relational databases remain the most
popular. The main difference with an object-oriented database is that database 'records' are treated as
properties of an object rather than as a group of related fields. Links can be established between different
objects and their associated properties and classes. Objects may hold other objects, allowing them to
inherit properties.
Office Automation Systems (OAS). Support general office work for handling and managing documents
and facilitating communication. They are designed to increase the productivity of data and information
workers.
On-line Analytical Processing (OLAP). Involves on-line transactions that include large amounts of data
used for extensive analysis. OLAP applications support management-critical tasks through analysis of data in
the data warehouses.
On-line Transaction Processing (OLTP). Events relating to current activities of the business. OLTP
applications support mission-critical tasks.
Operations support systems. The role of an organisation's operations support systems is to effectively
process business transactions, control industrial processes, support enterprise communications and
collaboration and update corporate databases.
Operating system (OS). Software that controls the basic operation of the machine. The operating
system performs such tasks as recognising keyboard input, sending output to the monitor, keeping track of
files and directories on the disk, and controlling other connected devices such as printers.
Output controls. Designed to ensure that the output of data is authorised and as accurate and complete
as possible.
Parallel running. The old and new systems are run in parallel for a period of time, both processing
current data and enabling cross checking to be done.
Password. A common security measure, a password is generally a string of letters, numbers and symbols
used by individuals to access protected computers or computing systems.
Patches. See Software Patches.
Payroll accounting. This accounting system is the only operation in a business that is almost completely
governed by various federal, state, and local laws and regulations. Rules establish who is an employee, what
is time worked, when overtime is to be paid, what deductions are made, when to pay an employee, and
when taxes are paid. Lack of compliance with these laws and regulations can result in both fines and back-
pay awards. With each new year, payroll administrators must keep abreast of the changes in legislation that
affect their firms' payroll record keeping.
Peer-to-peer network. Each computer has equivalent capabilities and responsibilities – devices
communicate directly with each other.
Pharming. A scam in which malicious code is installed on a personal computer or server, misdirecting
users to fraudulent Web sites without their consent.
Query language. A formalised method of constructing queries in a database system. A query language
provides the ways in which you ask a database for data. Some query languages can be used to change the
contents of a database. SQL, short for Structured Query Language, is a popular language.
Record. Data fields combine to form a complete record. A database record stores all the information
about one file entity, for example one employee in a payroll file.
Relational database. A computer database in which all the data is stored in relations which (to the user)
are tables with rows and columns. Each table is composed of records (called tuples) and each record is
identified by a field (attribute) containing a unique value. Every table shares at least one field with another
table in 'one to one,' 'one to many,' or 'many to many' relationships. These relationships allow the database
Secure sockets layer (SSL). A protocol allowing secure transmission of confidential material via the
Internet.
Server. Any machine that provides a service for other users on the network.
Service Desk. The point in service management where people, process and technology blend to deliver a
business service. It provides the essential daily contact between customers, users, IT service and any
relevant third-party support organisation.
Simple mail transfer protocol (SMTP). A protocol for transferring email messages from one server to
another.
Slicing and Dicing. Refers to the ability to look at the database from different viewpoints. A slice is a
subset of a multi-dimensional array corresponding to a single value for one or more members of the
dimensions not in the subset. The dice operation is a slice on more than two dimensions of a data cube (or
more than two consecutive slices). One slice of the sales database might show all sales of product type
within regions. Another slice might show all sales by sales channel within each product type. Slicing and
dicing is often performed along a time axis in order to analyse trends and find patterns.
Social media. Systems such as Facebook and Twitter which promote and facilitate communication
between ‘friends’ and ‘followers’. The content of the communication is usually trivial.
Soft data. Consists of estimates or relies on value judgements. It is the product of systems and methods
which do not give a rigid answer, but may produce a range of results or assign probabilities, or just be based
on what people think the answer should be. It may not be clear what the objective is, for the item to be
measured may be difficult to define and standard methods of solution will not apply. Examples of soft data
are employee morale and customer satisfaction.
Soft Systems Methodology (SSM). Checkland's SSM is a way of analysing situations. It provides an
organised approach (seven stages) which can be used to tackle unstructured and poorly defined problems.
The seven stages include first identifying and then analysing the problem. Then a set of 'root definitions' is
developed for anything thought to be relevant to the problem. Conceptual models of the root definitions
are built and compared with the real world. Possible changes are defined before a change is made, and
the resultant problems are considered.
Software. Sets of instructions or data that tell a computer what to do. Software is often divided into two
categories: system software, which includes the operating system (e.g., Windows Vista, MacOSX) and all
utilities that enable the computer to function; and application software, which includes programs that
perform specific tasks (e.g., word processors, spreadsheets, and databases).
Software patches. Updates that fix a flaw in a computer program.
Source code. Computer programs or operating systems are originally written by a person in a
programming language. This is the software's source code. To use it, the computer has to translate the
Tag. A mechanism used in markup languages, such as XML, to describe and locate data. XBRL tags are
generally a word or words enclosed in angle brackets to denote an opening tag, and the same but with a
forward slash for an ending tag.
Tax accounting. Tax accounting ensures that the organisation is paying what is due or what it owes to
the Government in the form of taxes. Tax accounting systems include taxation as it applies to individuals,
partnerships and corporations, estate and trusts, international taxation and special tax issues and topics.
Taxonomy. An electronic dictionary of business reporting elements used to report business data.
Technical controls. IT solutions to security concerns and often relate to the storage of, and access to
data, as well as to amending or deleting data files.
Ubiquity. Refers to the attribute of being available at any location at any given time. A mobile terminal in
the form of a smart phone or a PDA offers ubiquity.
Unshielded Twisted Pair (UTP). Is the most common kind of copper telephone wiring. Twisted pair is
the ordinary copper wire that connects home and many business computers to the telephone company. To
reduce crosstalk or electromagnetic induction between pairs of wires, two insulated copper wires are
twisted around each other.
Validation. The process of checking that an instance document meets the syntactical and semantic rules
provided in its associated taxonomy. Validation also confirms that XBRL reports and taxonomies conform
to the XBRL specification.
XBRL. The eXtensible Business Reporting Language (XBRL) is a method of recording business data
in a file where each of the data items is stored with a tag which can be used to retrieve that data.
301
302 IT and Business Processes
3G technologies, 35 Bubbles, 239
Budget, 111
Bugs, 129
A Bus topology, 18
Acceptance, 108, 211 Business intelligence (BI), 97
Access control, 24 Business intelligence management, 12
Accountability and control, 167 Business Intelligence Systems, 15
Accountancy & Actuarial Discipline Board, 241 Business intelligence tools, 97, 99
Accounting cycle, 149 Business process, 206
Accounting Information System (AIS), 68, Business Process Re-engineering (BPR),
143, 159, 215, 216 212
Accounting records, 55 Business processes, 206, 211, 212, 213, 215
Accounting Regulatory Committee (ARC), 240 Business processes and IT, 215
Accounting software, 144 Business processes summary, 206
Accounting Standards, 231 Byte, 57
Accounting Standards Board of Japan, 242
Active resistance, 211
Ad networks, 168
C
Adaptation, 211 Cardinalities, 156
AIS and BPR, 216 Cash, 149
Analysis stage, 109 Categories, 115
Anti-virus software, 189 Centralised architecture, 19, 45
Association for Project Management Body of Centralised network architecture, 19
Knowledge (APM BoK), 113 Change control, 114
Associations, 94, 95 Change
Attribute, 234 pace, manner and scope, 212
Audit Oversight Board, 243 Changeover, 125
Australian Accounting Standards Board (AASB), Changing business processes, 211, 212, 213
231, 241 Check digits, 72
Australian Competition and Consumer Checkland's SSM, 233
Commission (ACCC), 241 Checkpoint, 113, 137
Australian Institute for Project Management China, 242
(AIPM), 113 China Securities Regulatory Commission, 242
Australian National Competency Standards for Classification, 95
Project Management (ANCSPM), 113 Client applications, 27
Australian Prudential Regulation Authority Clients, 27
(APRA), 241 Client-server network, 25, 26
Australian Securities & Investments Commission Cloud computing, 22
(ASIC), 240 Clustering, 95
Australian Taxation Office (ATO), 241 Communications media, 12
Authentication, 24, 189 Computer Aided Design (CAD) systems, 15, 22
Computer crime, 170
Computer ethics, 167
B Computer fraud, 145
Backup and Recovery, 164 Computer-based information system (CBIS), 12
Balanced Matrix Organisation, 112 Confidentiality, 24
Balanced Scorecard, 224 Consistency, 60
Bar chart, 225 Consolidation, 165
Batch, 160 Consultancies, 56
Batch processing, 160 Control investment, 186
Bit, 57 Control systems, 186
Bitcoin, 29 Control totals, 72
Blog (Weblog), 191 Controlling, 54, 131
Blogs, 88 Controls, 189
Boochholdt J, 143 Conversion cycle, 154
BPR and AIS, 216 Cookies, 168, 190
Bridge, 38 Copyright law, 168
Broad reach, 33 Corporate applications, 27
Bubble Act, 239 Corporate network, 25, 45
Index 303
Corporate network components, 26 Database Management System (DBMS) ,
Corporations Act, 241 15, 58, 59, 154
Corrective controls, 186 Database queries, 60
Cost, 130 Database security, 71
Cost accounting, 147, 150 Database system, 58, 60
Cost-benefit analysis, 115 Database user privileges, 71
Costs Database user rights, 71
categories of, 115 Dataflow Diagrams (DFDs), 110
Creativity, 211 Davenport and Short, 212
Cryptography, 189 Decentralised network architecture, 21
Customers, 228 Decision making, 54
Decision Support Systems (DSS) , 8, 15,
16, 17, 49
D Decision support tools, 215
Data, 54, 55, 182 Decision tables, 121
Data analysis, 97, 99 Decision-makers, 95
Data capture, 68 Denial of Service (DoS), 170
Data collision, 39 Denial of Service attacks, 43, 188
Data compression, 39 Dependence, 170
Data corruption, 153 Deployment, 108
Data design, 64 Deployment flowchart, 210
Data dictionary, 73 Design stage, 109
Data field, 57 Desktop computers, 10
Data flow, 119 Detective controls, 186
Data flow diagrams, 119, 210 Development costs, 115
Data governance, 11 Development stage, 109
Data hierarchy, 57 Dial-back security, 189
Data independence, 60 Dialogue generation and management system
Data integrity, 24 (DGMS), 15
Data management, 5, 11 Digital dashboards, 97
Data mart, 91 Digital Subscriber Line (DSL), 24
Data mining, 94, 101, 165, 224 Direct productivity loss, 189
Data modelling, 64 Distributed architecture, 21
Data mosaic, 70 Distributed architectures, 21
Data packets, 39 Documentation, 129
Data privacy, 167 Documentation files, 110
Data processes, 119 Double entry bookkeeping, 157
Data processing, 160 Drill-down, 165, 224
Data quality, 182 Duality, 156
Data quality management, 11 Duplicate copies of data, 153
Data quality principles, 182, 183
Data redundancy, 60
Data security management, 11
E
Data sources, 55 EasyMiner, 94
Data storage, 68 E-commerce analytics, 99
Data storage models, 61 Economic agents, 156
Data store, 119 Economic resources, 156
Data warehouse, 91, 92, 93, 165 Electronic communication, 193
Data warehousing, 12, 91, 94 Electronic Data Interchange (EDI), 56
Database, 11, 58, 68, 154, 215 Electronic signatures, 189
Database Activity Monitoring (DAM), 72 Element, 235
Database administrator (DBA), 73 Employment, 170
Database availability, 73 Empowerment, 169
Database controls, 68 Encryption, 71, 189
Database implementation, 66 End users, 9
Database integrity, 71 Enterprise collaboration systems, 8, 49
Database management, 11 Enterprise information portals, 99
Database management system (DBMS), 58 Enterprise Resource Management (ERM)
systems, 82
Index 305
Information Technology (IT), 69 Logical view, 59
Information technology (IT)
infrastructure, 5
InfoSphere Warehouse, 94
M
Input controls, 72, 184 Maintenance, 108, 128
Input devices, 9 Malaysia, 242
Installation, 108, 122 Malaysian Accounting Standards Board (MASB),
Installation costs, 115 242
Instance, 235 Malicious software, 170
Instant Messaging (IM), 29 Malware, 190
Intangible benefits, 116 Management accounting, 147, 151
Integration, 83, 108 Management Information Systems (MIS) ,
Intelligent agents, 87 8, 13, 14, 49
Internal, 55 Management support systems (MSS), 8, 49
Internal information, 55 Managerial accounting, 147, 151
International Accounting Standards Board Manner, 212
(IASB), 231 Manual processing, 152
International Financial Reporting Standards Many-to-many relationship, 64
(IFRS), 231, 242 Many-to-one relationship, 64
Internet, 12, 19 Mapping, 236
Internet Protocol, 24 Master files, 58, 160
Intranet, 12, 31 M-business, 34
Intranets, 87 M-commerce, 34
Investment workstations, 87, 89 Measuring performance, 127
IT platform, 5 Mesh topology, 19
IT services, 5 Metadata management, 12
Iteration, 66 Microcomputers, 9
Iterative Development, 109 Milestones, 130, 131, 134
Mobile commerce (m-commerce), 34
Mobile technology, 33
J Mobility, 33
Jamming, 170 Model-based management system (MBMS), 15
Japan, 242 Monetary Authority of Singapore (MAS), 243
Monitoring, 131
Multidimensional data model, 164
K Multidimensional databases, 98, 163
Kermit, 39 Multidimensionality, 98
Key field, 57
Keys, 189
Knowledge, 85
N
Knowledge areas, 113 NetTracker, 94
Knowledge bases, 11 Network, 12, 18
Knowledge creation, 86 Network database, 61
Knowledge management, 85, 87 Network devices, 26
Knowledge Work Systems (KWS), 15, 17, Network model, 62
89 Network protocol, 39
Knowledge Workers, 15 Network Service Providers (NSPs), 24
Kotter and Schlesinger, 211 Network support, 12
Network topology, 18
Notebook computers, 10
L
Laptop, 10
Libraries, 56
O
Limit checks, 72 Object-oriented database, 61, 63
LinkedIn, 29 Object-relational database, 63
Local applications, 27 Office Automation Systems (OAS), 16, 17,
Local Area Network (LAN), 23 87
Logic bomb, 188 Off-line testing, 123
Logical design, 122 OLAP tools, 164
Index 307
Singapore, 243 Trade Practices Act, 241
Skype, 29 Training, 123
Slates, 10 Transaction cycles, 153
Slicing and dicing, 165 Transaction file, 58
Sniffing, 43, 170 Transaction processing system (TPS), 8,
Social networking, 29 16, 49, 153
Soft data, 233 Transmission Control Protocol (TCP), 39
Soft Systems Methodology (SSM), 233 Transparency, 232
Software, 6, 10 Trap door, 188
Software developers, 9 Tree topology, 19
Software framework, 5 Trojan horse, 188
South Sea Bubble, 239 Tucker, 213
Spam, 190 Types of change, 211
Spiral model, 108
Spoofing, 44, 170
Spyware, 43, 168
U
Stakeholders, 227 Ubiquity, 33
Static structure model, 64 UMTS (Universal Mobile Telephone System ), 35
Storage Area Network, 25 Unauthorised access, 43
Strategic level information system, 13 Unauthorised data linking, 70
Strong Matrix Organisation’, 112 Unauthorised data linking sharing, 70
Structured query language (SQL), 61, 63, 157 User Access Controls (UAC), 71
Suppliers, 228 User passwords, 71
Switches, 38
System analysis, 109, 118
V
System analysts, 9
System Area Network, 25 Validation, 235
System design, 110, 122 Value chain, 146
System development, 110 Vandalism, 43
System implementation, 110, 122 Virtual Private Network (VPN), 24, 28
System investigation, 117 Virtual Reality, 87
System maintenance, 128 Virtual reality systems, 89
System operation, 110, 129 Viruses, 144, 188
System operators, 9 Viruses and worms, 43
System quality, 169
System review, 126
W
Systems analysis, 108, 118
Systems design, 108 WAP phones, 35
Systems development lifecycle (SDLC), 109, 134 Watchdogs, 241
Systems maintenance, 128 Waterfall method, 108
Waterfall model, 108
Weak Matrix Organisation, 112
T Web beacons, 190
Table, 58 Web bugs, 168
Tacit knowledge, 86 Wide Area Network (WAN), 24
Tag, 234 WiFi Internet access, 34
Tax accounting, 147, 150 Wiki, 88
Taxonomy, 234 Wikipedia, 22
TCP/IP protocol stack, 39 Wireless Application Protocol, 35
Technical controls, 185 Wireless commerce, 34
Telecommunications, 12 Wireless fidelity, 34
Telecommunications networks, 12, 215 Wireless Local Area Network (WLAN), 25
Testing, 108, 123 Wireless-enabled devices, 34
Time, 130 Work breakdown structure (WBS), 131
Time bomb, 188 Workflow, 83
Timesheets, 55 Workstations, 9
Topology, 18
Torrington and Weightman, 211
Tracking technology, 215
Index 309
310 IT and Business Processes