EIS Bull's Eye Mat

ENTERPRISE INFORMATION SYSTEM
Operational Processes (or Primary Processes)

Operational or Primary Processes deal with the core business
and value chain. e.g., purchasing, manufacturing, and sales.
Also, Order to Cash cycle (O2C) and Purchase to Pay (P2P)
cycles are associated with revenue generation.
Supporting Processes
CATEGORIES OF Supporting Processes back core processes and functions within
BUSINESS PROCESSES an organization. Human Resource Management The main HR
CATEGORIES OF Process areas are grouped into logical functional
BUSINESS PROCESSES areas that include Recruitment and Staffing;
Management Processes
Manageme nt Processes measure, monitor and control the
activities related to business procedures and systems.
Vision Business Cost Board Strategic Revenue Profit Budget

Goals Projections Approval PlanProjectionsProjections Review
1
HIT THE BULLS EYE
BUSINESS PROCESS
AUTOMATION (BPA)
BusinessProcess Step1: Define

Automation(BPA) whyweplanto
is thetechnology- Challenges implementaBPA?
enabled automation B (SO6 sitive Benefits involved in Step2: BPA
of activities or processes) of BPA Business Understand the Implementation
Process rules/ regulation
servicesthat
Automation under which
accomplish a
enterprise
specific function and needsto comply
canbeimplemented Step3:
for manydifferent functions of company with? Document
• Quality and Consistency • Automating Redundant the process, wewishto automate
activities BPAis the tactic abusiness
• Time Saving Processes: Step4: Define the objectives/goals to
usesto operateefficiently andeffectively.
• Visibility • Defining Complex beachievedbyimplementingBPA
BPAis thetradition of analyzing,
documenting, optimizing andthen • Improved Operational Processes Step5: Engagethe businessprocess
Efficiency consultant
automatingbusinessprocesses. • Staff Resistance:
• Governance and Reliability Step6: Calculatethe RoI (Returnon
FactorsaffectingBPASuccess • Implementation Cost: Investment)for project
• Reduced Turnaround Time
Confidentiality Integrity Step7: Developing the
• Reduced Costs
Availability Timeliness BPA Step8 : Testingthe
BPA
2
CA INTERMEDIATE
Risk and itsManagement Characteristics8 Risk Typesof Risks

A. BusinessRisks employed toacquireconfidential
Sources of Risk credentials
•StrategicRisks•FinancialRisks
Asset Broadly, risk has the •Regulatory (Compliance)•Risks xii. Needfor governanceprocessesto
•Operational Risks•Hazard adequately managetechnology
Threat following characteristics andinformationsecurity
Risks•ResidualRisks
Potential loss that exists xii. Needto ensurecontinuity of business
Vulnerability B. TechnologyRisks processesin the eventof major exigencies
as the result of threat/ i. Downtime dueto technology failure
Exposure ii. Frequent changesor C. DataRelatedRisks
vulnerability process. obsolescenceof technology (i) DataDiddling
Likelihood iii. Multiplicity andcomplexityof systems: (ii) Bomb
Uncertainty of loss
iv. Different typesof controls for different (ii) Christmas Card
Attack expressed in terms of typesof technologies/systems
probability of such loss. v. Proper alignmentwith businessobjectives (iv) Worm
Counter Measure andlegal/regulatory requirements (v) RoundingDown
Risk The probability / vi. Dependenceonvendorsdueto (vi) SalamiTechniques
likelihood that a threat outsourcingof ITservices (vii) TrapDoors:
vii. Vendorrelated concentrationrisks
agent may mount a vii. Segregationof Duties (SoD) (viii) Spoofing
specific attack against a ix. Externalthreatsleadingto (ix) AsynchronousAttacks
particular system. cyberfrauds/crime
x. Higherimpactdueto intentionalor Data Leakage Subversive Attacks
unintentional actsof internalemployees Wire-Trapping Piggybacking
xi. Newsocialengineeringtechniques
3
HIT THE BULLS EYE
RISKS MANAGEMENT STRATEGIES

Risk Analysis
Risk Analysis is defined as the process of identifying security risks
and determining their magnitude and impact on an organization.
Tolerate/Accept the risk Terminate/Eliminate the risk
Transfer/Share the risk Treat/mitigate the risk
RISK MANAGEMENT
ENTERPRISE RISK MANAGEMENT (ERM)
Align risk Link growth, risk Enhance risk
Enterprise Risk Management (ERM) may be defined as a appetite and return response
process affected by an entity’s Board of Directors, and strategy decisions
management and other personnel, applied in strategy Minimize Identify and Provide integrated
setting and across the enterprise. operational manage responses to
surprises and cross-enterprise multiple risks
losses risks
Seize Rationalize
opportunities capital
ERM Framework Components
Internal Environment Objective Event
Setting Identification
Risk Assessment Risk Control
Response Activities
Information and Monitoring
Communication
4
CA INTERMEDIATE
CONTROLS
Control is defined as policies, procedures, practices and organization structure that are designed to provide reasonable
assurance that business objectives are achieved and undesired events are prevented or detected and corrected.
ImportanceofIT Controls Application of IT Control KeyindicatorsofeffectiveIT cobntrols FramwasofIT controlasperSA315 LimitationsofInternalControlSystem
(i) They enable enterprise (a)InformationTechnologyGeneralControls(ITGC) • abilityto executeandplannew internal control policies and procedures. • Management’s consideration
to achieve objectives; • Information SecurityPolicy work suchasITinfrastructure SA315 defines the system of Internal that thecostof aninternal
• Administration, Access,andAuthentication Control as “the process designed, control doesnot exceed
(ii) They help in • Developmentprojects that are
mitigating risks. • Separationof keyITfunctions implemented and maintained by those theexpectedbenefitsto be
• Management of SystemsAcquisition and deliveredontimeandwithin
charged with governance, management derived.
budget
Implementation and other personnel to provide reasonable • mostinternal controls do
• ChangeManagement • Ability to allocateresources assurance about the achievement of an not tendto bedirectedat
• Backup,Recovery andBusinessContinuity predictably. entity’s objectives regarding reliability transactionsof unusual nature,
• ProperDevelopmentandImplementation of of financial reporting, effectiveness and thereasonablepotential for
ApplicationSoftware • Clear communicationto
efficiency of operations, safeguarding of human error.
• Confidentiality,Integrity andAvailability of Software management of keyindicatorsof
assets, and compliance with applicable • Thepossibilityof
anddatafiles effectivecontrols
laws andregulations”. circumventionof internal
• Incidentresponseandmanagement • Theability to protect againstnew controls through collusion
Subpostofcomponentsof IT controlas
• Monitoring of ApplicationsandsupportingServers vulnerabilitiesandthreats
perSA315 with employeesor with
• ValueAddedareasof ServiceLevelAgreements
• Theefficient useof acustomer partiesoutsidetheentity.
(SLA) I. Control Environment
• UsertrainingandqualificationofOperations support centeror helpdesk. • apersonresponsiblefor
II. RiskAssessment exercisinganinternalcontrol
personnel • Heightened security awareness on
III. Control Activities could abusethat responsibility
(b)Application Controls the part of the users and a security
• Manipulationsby
ApplicationControls arecontrols whichare consciousculture. IV. Information andCommunication
management with respect
implementedin anapplicationto prevent or detect and V. Monitoringof Controls to transactionsor estimates
correct errors.
andjudgmentsrequiredin
thepreparationof financial
statements.
5
HIT THE BULLS EYE
RISKS AND CONTROLS FOR SPECIFIC BUSINESS PROCESSES Inventory Cycle – Risks and Controls
The Inventory Cycle is a process of accurately tracking the on-hand
Business Processes -Risks and Controls inventory levels for an enterprise.
The typical phases of the Inventory Cycle for Manufacturers are as follows:
The The The finished goods
Based on Control Levels of Control Ordering Production and delivery
phase phase phase
Preventive Detective Configuration Masters
Corrective Transaction MastersInventory Page35 Transactions-Inventory Page35
Power to Pay (P2P) – Risk and Controls

Procure to Pay (Purchase to Pay or P2P) is the process of obtaining
and managing the raw materials needed for manufacturing a product or Human Resources – Risksand Controls
providing a service. The Human Resources (HR) life cycle refers to human resources
management and covers all the stages of an employee’s time within a
specific enterprise and the role the human resources department plays at
Masters-P2P(ReferMat page- 31) Transactions-P2P(Refer Mat page- 31) each stage.
Stagesof HR Cycle
Order to Cash (O2C) – Risks and Controls
• Recruiting and On-boarding • Orientation and Career Planning
Order to Cash (OTC or O2C) is a set of business processes that involve • Career Development • Termination or Transition
receiving and fulfilling customer requests for goods or services.
Custome Order Delivery Invoicing Collections Accounting

r Order Fulfilment Note Configuration HR Page - 38 Masters HR Page 39
Masters-O2C(Refer Mat 33) Transactions-O2C(Refer Mat page- 31)
6
CA INTERMEDIATE
Human Resources – Risksand Controls General Ledger – Risksand Controls

The Human Resources (HR) life cycle refers to human resources General Ledger (GL) process refers to the process of recording the
management and covers all the stages of an employee’s time within a transactions in the system to finally generating the reports from financial
specific enterprise and the role the human resources department plays at transactions entered in the system.
each stage. 1. Entering financial transactions into the system
2. Reviewing Transactions
Fixed Assets – Risks and Controls 3. Approving Transactions
Fixed Assets process ensures that all the fixed assets of the enterprise 4. Posting of Transactions
are tracked for the purposes of financial accounting, preventive 5. Generating Financial Reports
maintenance, and theft deterrence.
• Procuring an asset • Registering or adding an asset
Steps in General ledger process Flow
• Adjusting the Assets • Transferring the Assets
• Depreciating the Assets • Disposing the Assets
Configuration GL Masters GL Transactions GL

page - 42 page - 43 page - 42
Masters HR Page - 40 Transactions FA Page 39
7
HIT THE BULLS EYE
Diagrammatic Representation of Business Processes

A Flowchart is a diagram that describes a process or operation. It includes multiple steps, through which the process «flows» from start to finish.
Flowcharting Symbols
The two most common types of boxes in a flowchart are as follows:
• A processing step, usually called activity and denoted as a rectangular box. • A decision usually denoted as a diamond.
Advantages of Flowcharts Limitations of Flowchart
Quicker grasp of Complex logic

Effective Analysis Communication Modification Reproduction
relationships
Link between
Documentation Efficient coding Program Debugging conditions and actions Standardization
Efficient program Identifying

Establishing Controls
maintenance Responsibilities
Data Flow Diagrams (DFDs)

Data Flow Diagrams are used to graphically represent the flow of data in a business information system from one place to another.
Simple Flow chart of Sales
DFD basically provides an overview of:
• What data a system process; • What transformations are performed; • What data are stored; • What results are produced and where they flow.
8
CA INTERMEDIATE
Main symbols used in DFD
Process Data flow External Agent Data Store Real time link
Diagrammatic Representation of Spcific Business Processes
Order to Cash Purchaseto Pay/Procureto Pay

Customer Order (Refer Figurebelow) • UserDepartment
AccountsPayable (AP)
Fulfilment • Procurement Department(PD) APwill do a
• Sales and Marketing (SM)
(Refer Figure below) “Three-way match”
• OrderFulfilment • Vendor
• Manufacturing • Receivables of PO/GRN/VI
• Stores
9
HIT THE BULLS EYE
REGULATORY
Information
AND
Technologyn Act,
COMPLIANCE
2000 (IT Act)
REQUIREMENTS The
Companies
Act, 2013
This can be explained by the

following instance :
Section134
Section134
Section143, ofthe
134oftheCompanies CompaniesAct 2013,
Act, 2013on“Financial on“Powersandduties
statement,Board’s ofauditorsandauditing
report,etc.” standards”states
inter alia: • Traditional Theft • Hacking
10
CA INTERMEDIATE
[Section 43A] Compensation for failure to

A Computer
protect data • [Section 65] Tampering with
Related Offences
Computer Source Document • [Section 66]
Computer Related Offences
Computer Related Offences • [Section 66B]
•Harassment via fake public
profile on social networking Punishment for dishonestly receiving stolen
site • Email Account Hacking computerresourceor communicationdevice
•Credit Card Fraud • Web • [Section 66C] Punishment for identity theft
Defacement • Introducing •[Section 66D] Punishment for cheating by
Viruses, Worms, Backdoors, personation by using computer resource •
Rootkits, Trojans, [Section 66E] Punishment for violation of
and Bugs •
privacy • [Section 66F] Punishment for
Cyber Terrorism
Online sale of illegal Articles
• Cyber• Pornography cyber terrorism • [Section 67] Punishment
• Phishing and Email Scams for publishing or transmitting obscene
•Theft of Confidential material in electronic form • [Section 67A]
Information • Source Code Punishment for publishing or transmitting
Theft of material containing sexually explicit
act, etc. in electronic form • [Section 67B]
Punishment for publishing or transmitting
of material depicting children in sexually
explicit act, etc. in electronic form.
Advantages of Cyber Laws Privacy of Online Date Sensitive Personal Data Information (SPDI)
11
HIT THE BULLS EYE
What is a system? What is a Process?
“a set of detailed methods, procedures

A Process is defined as a sequence of
and routines created to carry out a
events that
specific activity, perform a duty, or solve a
problem”. uses inputs to produce outputs.
1
HIT THE BULLS EYE
CONCEPTS IN COMPUTERIZED
ACCOUNTING SYSTEMS
A Master
of Data Module - Accounting
Non-Master Data Module - Accounting
master data is relatively • Memorandum
permanent data that is not It is adatawhich is expected • Contra • Payment
• Purchase Order
expected to change again to change frequently, again • Receipt
and again and is not a • Sales Order • Stock Journal
and again. • Journal • Sales
permanent data. • Purchase • Physical Stock
• Accounting Master Data
• Delivery Note
• Inventory Master Data
Our Personal Master Data • Credit Note
• Payroll Master Date • Debit Note • Receipt Note
• Statutory Master Data • Attendance • Payroll
2
CA INTERMEDIATE
III. Voucher Number IV. Accounting Flow V. Types of Ledgers

A Voucher Number or a Document
Number is a unique identity of
any voucher/document. Let us
understand some peculiarities about
voucher numbering.
• Voucher number must be unique. Ledgers

• Every voucher type shall have a Transactions
separate numbering series. • A Humans
voucher number may have prefix or Voucher Entry Debit Balance CreditBalance
suffix or both
•All vouchers must be numbered Posting
serially Asset Expense Income Liability
• All vouchers are recorded in Software Balancing

chronological order and hence
voucher recorded earlier must have Profit &LossAccount
Trial Balance
an earlier number.
Profit & Loss Account Balance Sheet

BalanceSheet
VI. Voucher Number
• Income • Expense • Asset • Liability
3
HIT THE BULLS EYE
B. Installed Applications v/s

A. Working of any software Cloud-based Applications
(i) Front End and Back End

• Installation and Maintenance
These two words are used by 3 Layers of Application
software people again and again. • Accessibility
• Front End – It is part of the overall
Application Operating Databas • Mobile Application
software which actually interacts with
Layer Layer e Layer
the user who is using the software. • Data Storage
• Back End – It is a part of the overall Three Tier architecture
software which does not • Data Security
directly interact with the user but
interact with Front End only. • Performance
• Flexibility
4
CA INTERMEDIATE
NON-INTEGRATED
SYSTEM
• Human Resource • Accounting • Marketing • Production • Purchase

•Logistics • Quality Control non-integrated environment where all the
departments are working independently and using their own set of data
Functions covered by ERP

• Human Resources• Supply Chain Management• CustomerRelationship
Management • Financials • Manufacturing functions• Warehouse Management
Some of the well-known ERPsin the market today
include SAP, Oracle, MFG Pro, and MS Axapta
ERP SYSTEM
ERP is an enterprise-
Date WarehouseModulein ERPSystem
wide information system
Data Warehouse is a module that can be accessed by an organization’s customers,
designed to coordinate all
suppliers and employees. It is a repository of an organization’s electronically stored
the resources, information, centralized data.
and activities needed The process of transforming data into information and making it available to the user
to complete business in atimely manner to makeadifference is known asData Warehousing.
processes such as order
fulfilment or billing. BenefitsofanERPSystem
• Information integration• Reductionof Lead-time• On-timeShipment• Reductionin CycleTime
• Improved Resource utilization • Better Customer Satisfaction • Improved Supplier Performance
• Increased Flexibility • Reduced Quality Costs • Better Analysis and Planning Capabilities
• Improvedinformationaccuracyanddecision-makingcapability • Use of LatestTechnology
5
HIT THE BULLS EYE
Risks an
• People Aspect • Process Aspect • Technological Aspect • Implementatio • Post

(a)Change (a)Program (a) Software Functionality n Aspect Implementation
Management Management (b)Technological (a) Lengthy (b) Aspect
(b) Training (b)Business Process Obsolescence Insufficient Funding (c) (a) Lifelong
(c)Staff Turnover (d ) Reengineering (BPR) (c) Enhancement and Data Safety commitment
Top Management Upgrades (d) Application (d) Speed of Operation
Support (e) Portfolio Management (e) Speed of Operation
Consultants (f) Data Access
6
CA INTERMEDIATE
Role Base
• MAC
Role-Based Access Control is an • DAC
approach to restricting system access
to authorized users. (i) Create – Allows to create data;
MAC criteria are defined by the system (ii) Alter – Allows to alter data;
administrator, strictly enforced by the (iii) View – Allows only to view
Operating System and are unable to data;
be altered by end users.
and
DAC involves physical or digital
measures and is less restrictive than (iv) Print – Allows to print data.
other access control systems as it
offers individual’s complete control
over the resources they own.
7
HIT THE BULLS EYE
BUSINESS
PROCESSMODULESAND
THEIRINTEGRATION WITH
FINANCIAL
AND
ACCOUNTING
SYSTEMS
• What is a • Business Process Flow • ERP - Business

Business Process Modules (BPM)
Process? A Business Process is a • Trading Business
A Business Process consists prescribed sequence of work • Manufacturing Business
of a set of activities that are steps performed to produce • Service Business
performed in coordination a desired result for an
in an organizational and organization.
technical environment.
Trial
Ledger Balance
Journal THE
ACCOUNTING
PROCESSFLOW Adjusted
Source
Document Trial
Balance
Closing Financial
Entries Statement
8
CA INTERMEDIATE
FUNCTIONAL MODULES OF ERP

• Financial ccounting • Quality Management
• Controlling • Plant Maintenance
• Sales & Distribution • Project System
• Human Resource ERPMODULES • Supply Chain

• Production Planning • CRM
• Materials Management
• Financial Accounting Module • Controlling Module • Sales and Distribution Module Sales and Distribution
The key features of this module are as under: Key features of this module
are as under:
•Tracking of flow of financial data across
the organization in a controlled manner • Cost Element Key features of Sales and Sales and Distribution Process:
and integrating all the information for Accounting Distribution Module are • Pre-Sales Activities
effective strategic decision making. • discussed as under:
• Cost Centre Accounting • Sales Order
Creation of Organizational Structure • Setting up Organization
• Activity-Based- • Inventory Sourcing
• Financial Accounting Global Structure
Accounting • Material Delivery
Settings • General Ledger Accounting • Assigning Organizational Units
• Tax Configuration & Creation and • Billing
• Internal Orders • Defining Pricing Components
Maintenance of House of Banks. • Receipt from Customer /
• Product CostControlling • Setting up sales document
•Account Payables, accounts receivable, Payment
types, billing types, and tax-
fixed assets, general ledger and cash • Profitability Analysis related components;
management, etc. • Account Receivables • • Profit Centre Accounting • Setting up Customer master
Asset Accounting. • Integration with Sales data records and configuration.
and Distribution and Materials Management.
9
HIT THE BULLS EYE
• Human Resource (HR) Module

• Production Planning (PP) Module
Recruit RecordTime Payvia Payroll
Hire andExpenses processes Issueof Raw Conversio Conversion into Stock Transfer
Material from n into
MaintainPersonal Finished Goods to Godown
Personnel Maintain Data andFamily Recordin Stores WIP
Development BenefitsPlan Member/Dependent g
Information Education
Changeof Leaveof Termination

Changeof Pay Position Absence
•Material Management (MM) • Quality Management Module • Plant Maintenance Module

Module Material Management
• Quality Planning • Quality Control •Plant Maintenance (PM) is afunctional module which handles the maintaining of
(MM) Module
• Quality Assurance • Quality Improvement equipmentandenables efficient planning of production and generationschedules.
•PurchaseRequisitionfrom
• Masterdataandstandardsaresetforquality management; • Objectives ofPlantMaintenanceModule
Production Department• Evaluation •SetQuality Targetstobemet;• Quality management •Toachieve minimum breakdown andto keep the plant in good working condition
of Requisition • Asking for Quotation planis prepared; • Define howthosequality targets atthelowest possible cost.
•Asking for Quotation• Evaluation will bemeasured;• Taketheactions neededtomeasure •Tokeep machines and otherfacilities in aconditionthatpermitsthem tobeused at
of Quotations• PurchaseOrder quality; • Identifyquality issuesandimprovementsand their optimum (profit making) capacity without any interruption or hindrance.
changesto bemade;• In case any change is needed in •Toensurethe availability of themachines, buildings andservicesrequired by other
•Receipt of Material • Issueof
theproduct,changerequestsaresent;• Reportonthe sections of the factory for the performance of their functions at optimum return on
Material • PurchaseInvoice overall level of quality achieved; and• Quality is checked investmentwhetherthis investmentbein material, machineryor personnel.
• Payment to Vendor atmultiple points, for example-inwards of goodsat •Equipment Master • Equipment/Plant Maintenance • Plant Maintenance (PM)
warehouse,manufacturing, procurement, returns. Reports
10
CA INTERMEDIATE
• Project SystemsModule • Process of Supply Chain

Project Systems Module This is an integrated project A Supply Chain is a network of autonomous or semi-
management tool used for planning and managing autonomous business entities collectively responsible
projects and portfolio management for procurement, manufacturing, and distribution
activities associated with one or more families of
🢫 Project Request 🢫 Create Templates
related products.
🢫 Create Project 🢫 Create Planning
🢫 Budgeting and Release 🢫 Raw Materials 🢫 Supplier 🢫 Manufacturing
🢫 Project Implemen-tation 🢫 Consumer 🢫 Customer/Retailer
🢫 Project Completion 🢫 Distribution🢫 Project Completion
• Key Benefits of CRM Module • Integration Points of all

Customer Relationship Management (CRM) Module Integration Points
Customer Relationship Management is a system which aims at • Material Management Integration with Finance and Controlling (FICO)
improving the relationship with existing. Key benefits of a CRM • Human Resource Module Integration with Finance and Controlling
module are as under.
• Material Management Integration with Production Planning (PP)
• Improved customer relations • Increase customer revenues • Material Management Integration with Sales and Distribution (SD)
• Maximize up-selling and cross-selling • Better internal • Material Management Integration with Quality Management (QM)
communication • Optimize marketing
• Material Management Integration with Plant Maintenance (PM)
11
HIT THE BULLS EYE
REPORTING SYSTEM AND MANAGEMENT INFORMATION SYSTEMS (MIS)
• Reporting System • Management Information System (MIS) • Type of Information in a

A Report simply means presentation of information An MIS report is a tool that managers use to evaluate MIS Report
in proper and meaningful way. The basic purpose of business processes and operations. • Relevant • Timely
any Financial and Accounting system is to give right
• Accurate • Structured
information at right point of time to right people for
right decision making
What is a MIS Report Who uses MIS Report

•Business managers at all levels of an organization, from • MIS automatically collect data from various areas within a business.
assistant managers to executives, rely on reports generated from •Many large businesses have specialized MIS departments, whose
these systems to help them evaluate their businesses’ only job is to gather business information and create MIS reports.
12
CA INTERMEDIATE
DATA ANALYTICS AND BUSINESS INTELLIGENCE
• Data Analytics • Types of Data Analytics Applications

•Theprocessof examiningdatasetsto drawconclusions about theinformation DataAnalytics methodologiesinclude Confirmatory Data Analysis (CDA), which applies
theycontain,increasinglywiththeaidofspecializedsystemsandsoftware. Exploratory Data Analysis (EDA), which statistical techniques to determine whether hypotheses
•Data Analytics predominantly refers to an assortment of applications, from aims to find patterns and relationships in about adata set are True or False.
basic Business Intelligence (BI), reporting and Online Analytical Processing data. Qualitative Data Analysis: The qualitative approach is
(OLAP) to various forms of advanced analytics. Quantitative Data Analysis: This more interpretive - it focuseson understanding the content
involves analysis of numerical data of non-numerical data like text, images, audio and video,
•Data Analytics initiatives can help businesses increase revenues, improve
with quantifiable variables that can be including common phrases, themes and points of view.
operational efficiency, optimize marketing campaigns and customer service
compared or measuredstatistically. PredictiveAnalytics, BigData Analytics,
efforts,respondmorequickly to emergingmarkettrendsandgainacompetitive
edge over rivals - all with the goal of boosting business performance. Data Mining, MachineLearning Text mining
Application Areas Inside the Data Analytics

SomeApplication areasof Data Analytics are asfollows: Data Analytics applications involve more than just analysing data. Particularly
• Data Analytics initiatives support awide variety of business uses. on advanced analytics projects, much of the required work takes place upfront, in
• E-commerce companies and marketing services providers do click stream analysis collecting, integrating and preparing data and then developing, testing and revising
to identify website visitors who are more likely to buy aproduct or service basedon analytical models to ensure that they produce accurate results.
navigation and page-viewing patterns. Data Collection
• Mobile network operators examine customer data to forecast so that they can Find and FixData Quality Problem
take steps to prevent defections to business rivals; to boost customer relationship
A data scientist builds an analytical model, using predictive modelling tools or other
managementefforts.
analytics softwareandprogramminglanguagessuchasPython,Scala,RandSQL.
• Healthcare organizations mine patient data to evaluate the effectiveness of
treatments for cancer and other diseases. Building Analytical Model
13
HIT THE BULLS EYE
BUSINESS INTELLIGENCE (BI)

Business Intelligence (BI) is a technology-driven process for analysing data and presenting actionable
information to help corporate executives, business managers and other end users make more informed
business decisions.
Reasons for Business Intelligence Benefits of Business Intelligence

• The position of the firm in comparison • BI improves the overall performance of the company using it. The potential benefits
to its competitors. of business intelligence programs include –
• Changes in customer behaviour and ⚫ accelerating and improving decision making;
spending patterns. ⚫ optimizing internal business processes;
• The capabilities of the firm. ⚫ enhancing communication among departments while coordinating activities;
• Market conditions future trends, ⚫ increasing operational efficiency;

demographic and economic ⚫ driving new revenues; and
information. ⚫ gaining competitive advantages over business rivals.
• The social, regulatory and political • BI systemscan also help companiesidentify market trends and spotbusiness problemsthat need to
environment. be addressed.
• What the other firms in the market are • BIsystemshelpinenhancingcustomerexperience,allowingforthetimelyandappropriateresponse
doing. to customer problems and priorities.
14
CA INTERMEDIATE
BUSINESS INTELLIGENCE TECHNOLOGY
Business Intelligence combines abroad setof data analysis applications, including ad hoc analysis and querying, enterprise reporting, Online Analytical Processing
(OLAP), mobile BI, real-time BI, operational BI, cloud and software asa service BI, open-source BI, collaborative BI and location intelligence.
BI programs can also incorporate forms of advanced analytics, such as data mining, predictive analytics, text mining, statistical analysis and big data analytics.
Business Intelligence data typically is stored in a data warehouse or smaller data marts that hold subsets of a company’s information.
Business intelligence is sometimes used interchangeably with business analytics;
15
HIT THE BULLS EYE
BUSINESS REPORTING AND FUNDAMENTALS OF XBRL
WhyisBusinessReportingImportant?
Business Reporting 🢫 Organizations communicate with
• Effective and transparent business reporting allows organizations
their stakeholders about:
Business Reporting or Enterprise Reporting 🢫 to present a cohesive explanation of their business and helps them
• mission, vision, objectives, and
engage with internal and external stakeholders, including customers,
• The public reporting of operating and financial strategy;
employees, shareholders, creditors, and regulators.
data by a business enterprise or the regular • governance arrangements and
provision of information to decision-makers within risk management; • High-quality business reporting is at the heart of strong and sustainable
• trade-offs between the shorter- organizations, financial markets, and economies.
an organization to support them in their work.
and longer-term strategies; and • As organizations fully depend on their stakeholders for sustainable
• Organizations conduct a wide range of reporting, • financial, social, and success,it isin their interest to providethemwith high-qualityreports.
including financial and regulatory reporting; environmental performance • Many organizations are increasingly complex, and have larger
Environmental, Social, and Governance (ESG) (how they have fared against economic, environmental, andsocial footprints.
reporting (or sustainability reporting); and their objectives in practice).
• High-quality reports also promotebetter internal decision-making.
increasingly integrated reporting.
16
CA INTERMEDIATE
APPLICABLE REGULATORY AND COMPLIANCE REQUIREMENTS
General – Applicable to all irrespective Regulatory Compliance and Accounting Systems Accounting and Tax Compliance or Only Tax Compliance
of anything. Regulatory compliance and accounting systems 1. Easeof software operation
Specific – Applicable to specific type of are closely connected with each other. Most of 2. Features and facilities
businesses only. business systems. the regulatory compliance requires accounting 3. Time and efforts required
data and accounting data comes from accounting 4. Accuracy
systems 5. Cost
17
HIT THE BULLS EYE
INFORMATION
SYSTEMS
Steps of Information Systems Steps of Information Systems

• InformationSystem(IS)is acombination of people, •INPUT (Business problems in the form of data,
hardware, software, communication devices, information, instruction, opportunities)
network and data resources that processes (can be •PROCESSING (Software, Programs, people,
storing, retrieving, transforming information) data communication, equipment)
and information for a specific purpose.
•OUTPUT (Solution to problems in the form of
•This information system model highlights the reports, graphics, calculations, voices)
relationships among the components and activities of
•STORAGE (Memory for storing and retrieving
information systems.
information
1
BULL EYESBOOKLET
COMPONENTS OF
INFORMATION
• People Resources • Computer System • Hardware

InputDevices Hardware is the
❖ From the helpdesk to the system programmers all the way
tangible portion of
up to the Chief Information Officer (CIO), all of them are ProcessingDevices our computer systems;
essential elements of the information systems. Hardware something we can
People are the most important element in most Computer- DataStorageDevices
❖ touch and see i.e., the
Compute
based Information Systems. OutputDevices physical components
r System
❖ The people involved include users of the system and of technology.
OperatingSystemSoftware
information systems personnel, including all the people
Software
who manage, run, program, and maintain the system. Application Software
2
BULL EYESBOOKLET
COMPONENTS OF
INFORMATION
• Input Devices • Processing Devices • Primary Memory • Secondary Devices

Also known as Main Memory or Cache memory
Devices through which we Used to process data using program
Internal Memory, it is directly
interact with the systems and instructions, manipulate functions, To bridge the huge differences of speed
accessed by the processor
include devices like Keyboard perform calculations, and control between the Registers and Primary
using data bus.
for text-based input; other hardware devices. memory, the Cache Memory is introduced.
❖ Control Unit (CU) Secondary memory devices are non-
volatile, have greater capacity (they are
❖ Arithmetic and Logical Unit
available in large size), greater economy
(ALU)
(the cost of these is lesser compared to
❖ Processor Registers register and RAM) and slow speed (slower
• accumulators in speed compared to registers or primary
• address registers storage).
• miscellaneous Cache memory is a smaller, extremely
fast memory type built into a computer’s
Central Processing Unit (CPU) and that acts
as a buffer between RAM and the CPU.
3
BULL EYESBOOKLET
Output Devices Output Devices
Computer systems provide output (a) Operating System Software (b) Application Software
to decision makers at all levels An Operating System (OS) is a set of computer programs that manages Application Software is the category
in an enterprise to solve business
computer hardware resources and acts as an interface with computer of programs that do some useful
problems, the desired output may
applications programs. processing or task for the user.
be in visual, audio or digital forms.
Types of Output Devices: Activities are executed by Operating systems Application Suite like MS Office 2010
• Textual Output • Performing hardware functions • User Interfaces which has MS Word, MS Excel, MS
• Graphical outputs • Hardware Independence • Memory Management Access, etc.
• Tactile output
• Task Management • Networking Capability
• Audio output
• Logical Access Security • File management
• Video output
Output Devices
Data Database Data base Management Systems (DBMS)

Data, plural of Datum, are the raw A set of logically inter-related DBMS may be defined as a software that aid in organizing,
bits and pieces of information with no organized collection of data is controlling, and using the data needed by the application
context that can either be quantitative or referred as Database. program.
qualitative. Database Management Systems are Oracle, MySQL, SQL
Servers and DB2 etc. whereas Microsoft Access and Open
Office Base are examples of personal DBMS.
4
BULL EYESBOOKLET
Database Management Systems (DBMS)
• Advantages of DBMS
•Permitting Data Sharing • Minimizing Data Redundancy • Integrity can be • Disadvantages of DBMS
maintained • Program and File consistency • User-friendly Improved security • Cost • Security
• Achieving program/data independence • Faster Application Development
Networking and Communication System
• Telecommunication Network
• Computer Network Types of network
Telecommunication networks give an organization the
Computer Network is a collection
capability to move information rapidly between distant
of computers and other hardware
locations and to provide the ability for the employees, Connection Connectionless
interconnected by communication channels
customers, and suppliers to collaborate from anywhere, Oriented networks
combined with the capability to bring processing power that allow sharing of resources and
information. networks
to the point of the application.
5
BULL EYESBOOKLET
NETWORKING AND
COMMUNICATION
SYSTEM
• Issues in real world Network • Benefits of computer Network • Telecommunications my provide these
These real-world networks have helped model • Distributed nature of information values through the following impacts
computer networks. Each of these networks is • Time compression • Overcoming
• Resource Sharing • Computational Power
modelled to address the following basic issues: geographical dispersion • Restructuring
• Routing • Bandwidth • Resilience • Reliability • User Communication business relationships
6
BULL EYESBOOKLET
INFORMATION
SYSTEMS CONTROLS
•Information Systems •Some of the critical control lacking in a

•Is Control vis a vis Threats
Control - Purpose ?? computerized environment are as follows
Whenever a threat exploits a
The basic purpose of information system Lack of management understanding of IS risks and related
vulnerability, it gives rise to a controls;
controls in an organization is to ensure
that the business objectives are achieved; risk. Absence or inadequate IS control framework;
and undesired risk events are prevented, Absence or weak general controls and IS controls;
detected and corrected. Lack of awareness and knowledge of ISrisks and controls amongst
the business users and even IT staff;
This is achieved by designing and
Complexity of implementation of controls in distributed
effective information control framework computing environments and extended enterprises;
which comprise policies, procedures,
Lack of control features or their implementation in highly
practices, and organization structure technology driven environments; and
that gives reasonable assurances that the Inappropriate technology implementations or inadequate security
business objectives will be achieved. functionality in technologies implemented.
7
BULL EYESBOOKLET
CLASSIFICATION OF IS CONTROL
• Objective of Controls • Nature of is Resource • Audit Functions

(a) PREVENTIVE CONTROLS (b) DETECTIVE CONTROLS (c) CORRECTIVE CONTROLS
These controls prevent errors, omissions, or These controls are designed to detect errors, It is desirable to correct errors, omissions, or
security incidents from occurring. They are omissions or malicious acts that occur and report incidents once they have been detected. They are
basically proactive in nature. the occurrence. reactive in nature.
The main characteristics of Detective controls are Minimizing the impact of the threat;
A clear-cut understanding about the given as follows: Identifying the cause of the problem;
vulnerabilities of the asset; Clear understanding of lawful activities so that Providing Remedy to the problems discovered by
Understanding probable threats; anything which deviates from these is reported detective controls;
as unlawful, malicious, etc.;
Provision of necessary controls for probable An established mechanism to refer the reported Getting feedback from preventive and detective
threatsfrom materializing. unlawful activities to the appropriate person or controls;
group, whistle blower mechanisms Correcting error arising from a problem; and
Interaction with the preventive control to prevent Modifying the processing systems to minimize
such acts from occurring; and Surprise checks by future occurrences of the incidents.
supervisor.
• Environmental Controls
•Environmental Controls • Physical Access • Fire • Electrical Exposure • Water Damage
Controls • Logical Access Controls • Pollution Damage
8
BULL EYESBOOKLET
• Audit Functions
Controls for Fire Exposure

Both automatic and manual fire alarms Type of Fire Exposure
Different fire suppression techniques Smoke Detectors
Manual fire extinguishers Norms to reduce Electric Firing
Fireproof Walls, Floors and Ceilings surrounding the Computer Room Fire Extinguishers
Fire exits Fire Alarms
Regular inspection by Fire Department Regular Inspection and Raising awareness
The procedures to be followed during an emergency Documented and Tested Emergency Evacuation Plans
Documented and Tested Emergency Evacuation Plans
Smoke Detectors
Wiring Placed in Electrical Panels and Conduit
Electrical Exposures
These include risk of damages that may be caused due electrical faults.
Controls of Electrical Exposures • Electrical Surge Protectors • Un-interruptible Power System (UPS)/Generator
• Voltage regulators and circuit breakers • Emergency Power-Off Switch
Water Damage Water damage to a computer installation can be the outcome of water pipes burst.
Water Detectors • Strategically locating the computer room • Wherever possible have waterproof ceilings, walls and floors
Ensure an adequate positive drainage system exists; • Install alarms at strategic points within the installation; • In flood-prone areas, have the
installation above the upper floors but not at the top floor; • Water proofing; •Water leakage Alarms.
9
BULL EYESBOOKLET
Pollution Damage and others

The major pollutant in a computer installation is dust.
Controls For Pollution Damnages

• Power Leads from Two Substations
• Prohibitions against Eating, Drinking and Smoking within the Information Processing Facility
Physical Access Controls
Controls For Physical Access Controls
Cipher locks Bolting Door Electronic Personal Plastic Cards Identification Logging on Other Means of
(Combination Door Locks Door Locks Identification Badges Facilities Controlling
Locks) Numbers (PIN)
Manual Electronic
Logging Logging
• Video Cameras • Security Guards • Controlled Visitor Access • Bonded Personnel • Dead Man Doors/Man trap
• Non–exposure of Sensitive Facilities • Controlled Single Entry Point • Alarm System • Perimeter Fencing • Computer
Terminal Locks • Control of out of hours of employee-employees • Secured Report/Document Distribution Cart
10
BULL EYESBOOKLET
LOGICAL ACCESS CONTROL

These are the controls relating to logical access to information resources such as operating systems controls
• Technical Exposures • Asynchronous Attack

Technical exposures include unauthorized implementation or Data that is waiting to be transmitted are liable to unauthorized access called
modification of data and software. AsynchronousAttack.
🢫 Dada Diddling 🢫Bomb 🢫 ChristmasCard 🢫 Worm 🢫Rounding Down 🢫 Data Leakage 🢫 Subversive Attacks 🢫 Wire-Tapping 🢫 Piggybacking
🢫SalamiTechniques 🢫Trap Doors 🢫Spoofing
• Logical Access Violators

• Types of Logical Access Control
Intentional or accidental exposures of logical access control encourage technical exposures and
Asynchronous Attacks Logical Access Violators are often the same people who exploit physical 🢫User AccessManagement 🢫User Responsibilities
exposures, although the skills needed to exploit logical exposures are more technical and complex. 🢫NetworkAccessControl
They are mainly as follows: 🢫 OperatingSystemAccessControl 🢫 Application
and Monitoring
🢫 Hackers 🢫Employees(authorized or unauthorized) 🢫 Is Personnel 🢫 FormerEmployees 🢫EndUsers
UserAccessManagement UserResponsibility NetworkAccessControl OperatingSystemAccessControl Control whenmobile

• UserRegistration • Passworduse • Policy onuseof networkservices •Automatedterminalidentification • Terminal log-in •Theft of datacarried onthe
• Privilegemanagement • Unattendeduser •Enforced path• Segregationof procedures • AccessToken• AccessControlList disk drives of portable
•Userpassword equipment networks• Networkconnectionand •Discretionary AccessControl• Useridentification and computers is ahigh risk factor
management• routingcontrol • Security of network authentication • Passwordmanagementsystem• Use • Bothephysical andlogical
Review of user access services• Firewall • Encryption of systemutilities • Duressalarmtosafeguardusers access to thesesystemsis critical
• Call BackDevices • Terminal time out • Limitation of connectiontime
rights
11
BULL EYESBOOKLET
CLASSIFICATION BASED ON “INFORMATION

SYSTEMS FUNCTIONS”
•The Management Control • Systems Development Management Controls

Framework • Problem definition and Feasibility assessment
These functions provide All the stakeholders must reach to agreement on the problem and should understand the possible threats associated
a stable infrastructure in with possible solutions/systems related to asset safeguarding, data integrity, systemeffectiveness, and systemefficiency.
which information systems The feasibility assessment is done to obtain a commitment to change and to evaluate whether cost-effective solutions
can be built, operated, and are available to address the problem or opportunity that has been identified.
maintained on a day-to-day • Analysis of existing system
basis. •Studying the existing organizational history, structure, and culture • Studying the existing product and information
• Top Management Controls flows as the proposed system will be based primarily on current product and information flows.
• Planning • Organizing • This phase involves following activities
• Leading • Controlling • Elicitation of detailed requirements • Design of data/information flow • Design of Database and user interface
• Physical design • Design of the hardware/software platform
• Hardware/Software acquisition and procedures development
•To purchase the new application system or hardware, a request for a proposal must be prepared • Acceptance
Testing and Conversion: Acceptance Testing is carried out to identify errors or deficiencies in the system prior to its
final release into production use. • Operation and Maintenance : A formal process is required to identify and record
the need for changes to a system and to authorize and control the implementation of needed changes.
• Programming Management Controls

Phase of Program Development Life Cycle
• Planning • Design • Coding • Testing • Operation and Maintenance
12
BULL EYESBOOKLET
DATA ANALYTICS AND BUSINESS INTELLIGENCE
• Data Analytics • Types of Data Analytics Applications
•Theprocessof examining data setsto draw conclusions about the DataAnalytics methodologies Confirmatory Data Analysis (CDA), which applies
information they contain, increasingly with the aid of specialized systems include ExploratoryDataAnalysis statistical techniques to determine whether
and software. (EDA), which aimsto find patterns hypothesesabout adatasetareTrueor False.
•Data Analytics predominantly refers to an assortment of applications, from andrelationshipsin data. Qualitative Data Analysis:Thequalitative approach
basic Business Intelligence (BI), reporting and Online Analytical Processing QuantitativeDataAnalysis: This is more interpretive - it focuses on understanding
(OLAP) to various forms of advanced analytics. involves analysis of numerical the content of non-numerical data like text, images,
•Data Analytics initiatives can help businesses increase revenues, improve data with quantifiable variables audio and video, including common phrases,
operational efficiency, optimize marketing campaigns and customer service that canbecomparedor measured themes and points of view.
efforts, respondmorequickly to emergingmarkettrendsandgainacompetitive statistically. PredictiveAnalytics, BigDataAnalytics,
edge over rivals - all with the goal of boosting business performance. DataMining, MachineLearning Text mining
Application Areas Inside the Data Analytics

SomeApplication areasof DataAnalytics areasfollows: Data Analytics applications involve more than just analysing data. Particularly on
• DataAnalytics initiatives supportawide variety of businessuses. advanced analytics projects, much of the required work takes place upfront, in
• E-commerce companies and marketing services providers do click stream analysis collecting, integrating and preparing data and then developing, testing and revising
to identify website visitors who aremorelikely to buy aproduct or service basedon analytical models to ensurethat they produce accurate results.
navigation and page-viewing patterns. DataCollection
• Mobile network operators examine customer data to forecast so that they can FindandFixDataQualityProblem
take steps to prevent defections to business rivals; to boost customer relationship A data scientist builds an analytical model, using predictive modelling tools or other
managementefforts. analytics softwareandprogramminglanguagessuchasPython,Scala,RandSQL.
• Healthcareorganizationsminepatientdatatoevaluatetheeffectivenessof treatments
BuildingAnalyticalModel
for cancer andother diseases.
13
BULL EYESBOOKLET
Business Intelligence (BI) is a technology-driven process

BUSINESS for analysing data and presenting actionable information
INTELLIGENCE (BI) to help corporate executives, business managers and other
end users make more informed business decisions.
Reasons for Business Intelligence

• The position of the firm in comparison to its competitors.
• Changes in customer behaviour and spending patterns.
• The capabilities of the firm.
• Market conditions future trends, demographic and economic
information.
• The social, regulatory and political environment.
• What the other firms in the market are doing.
Benefits of Business Intelligence

• BI improves the overall performance of the company using it. The potential benefits
of business intelligence programs include –
⚫ accelerating and improving decision making;
⚫ optimizing internal business processes;
⚫ enhancing communication among departments while coordinating activities;
⚫ increasing operational efficiency;
⚫ driving new revenues; and
⚫ gaining competitive advantages over business rivals.
• BIsystemscanalsohelpcompaniesidentifymarkettrendsandspotbusiness problemsthatneedto
be addressed.
• BIsystemshelpinenhancingcustomerexperience,allowingforthetimelyandappropriateresponse
to customer problems and priorities.
14
BULL EYESBOOKLET
BUSINESS INTELLIGENCE (BI)

Business Intelligence (BI) is a technology-driven process for analysing data and presenting
actionable information to help corporate executives, business managers and other end users
make more informed business decisions.
Reasons for Business Intelligence Benefits of Business Intelligence

• The position of the firm in comparison to its competitors. • BI improves the overall performance of the company using it. The potential
• Changes in customer behaviour and spending patterns. benefits of business intelligence programs include –
• The capabilities of the firm. ⚫ accelerating and improving decision making;
• Market conditions future trends, demographic and economic ⚫ optimizing internal business processes;
information.
⚫ enhancing communication among departments while coordinating activities;
• The social, regulatory and political environment.
⚫ increasing operational efficiency;
• What the other firms in the market are doing.
⚫ driving new revenues; and
⚫ gaining competitive advantages over business rivals.
• BI systems can also help companies identify market trends and spot business
problems that need to be addressed.
• BI systems help in enhancing customer experience, allowing for the timely and
appropriate response to customer problems and priorities.
15
BULL EYESBOOKLET
BUSINESS INTELLIGENCE
TECHNOLOGY
Business Intelligence combines a broad set of data analysis applications, including ad hoc
analysis and querying, enterprise reporting, Online Analytical Processing (OLAP), mobile BI,
real-time BI, operational BI, cloud and software as a service BI, open-source BI, collaborative
BI and location intelligence.
BI programs can also incorporate forms of advanced analytics, such as data mining, predictive
analytics, text mining, statistical analysis and big data analytics.
Business Intelligence data typically is stored in a data warehouse or smaller data marts that
hold subsets of a company’s information.
Business intelligence is sometimes used interchangeably with business analytics;
16
BULL EYESBOOKLET
BUSINESS REPORTING
AND FUNDAMENTALS
OF XBRL
Business Reporting 🢫 Organizationscommunicate withtheir WhyisBusinessReportingImportant?

stakeholders about: • Effective and transparent business reporting allows organizations
Business Reporting or Enterprise Reporting 🢫 to present a cohesive explanation of their business and helps
• mission, vision, objectives, andstrategy; them engage with internal and external stakeholders, including
• the public reporting of operating and financial data
by a business enterprise or the regular provision of • governancearrangements and risk customers,employees,shareholders,creditors, and regulators.
information to decision-makers within an organization management; • High-quality business reporting is at the heart of strong and
to support them in their work. • trade-offs between the shorter- and sustainable organizations, financial markets, and economies.
longer-term strategies;and • As organizations fully depend on their stakeholders for sustainable
• Organizations conduct a wide range of reporting, success, it is in their interest to provide them with high-quality
including financial and regulatory reporting; • financial, social, and environmental
reports.
Environmental, Social, and Governance (ESG) performance (how they have fared
againsttheir objectives in practice). • Many organizations are increasingly complex, and have larger
reporting (or sustainability reporting); and increasingly economic, environmental, andsocial footprints.
integrated reporting. • High-quality reports also promotebetter internal decision-making.
17
BULL EYESBOOKLET
FUNDAMENTALS OF XBRL– XBRL(extensible Business Reporting Language)

is a freely available and global standard for exchanging business information.
What is XBRL 🢫 What does XBRL What is XBRL Tagging? What uses XBRL? Important features of
do? • XBRL Tagging is the process (i) Regulators XBRL
• XBRL is an open international
standard for digital business •XBRL makes by which any financial data (ii) Companies • Clear Definitions
reporting, managed by a global reporting more is tagged with the most (iii) Governments • Testable Business Rules
not for profit consortium, accurate and appropriate element in an
XBRL International. XBRL is more efficient. (iv) Data Providers • Multi-lingual Support
accounting taxonomy (a
used around the world, in (v) Analysts and
dictionary of accounting terms) • Strong Software Support
more than 50 countries. Investors
that best represents the data in
• XBRL provides a language in (vi) Accountants
which reporting terms can be addition to tags that facilitate
authoritatively defined. identification/classification
• XBRL is a standard-based way (such as enterprise, reporting
to communicate and exchange period, reporting currency,
business information between unit of measurement etc.).
business systems.
18
BULL EYESBOOKLET
APPLICABLE REGULATORY
AND COMPLIANCE
REQUIREMENTS
Regulatory Compliance and

Accounting and Tax Compliance
General – Applicable to all Accounting Systems
or Only Tax Compliance
irrespective of anything. Regulatory compliance
1. Ease of software operation
Specific – Applicable to specific and accounting systems
type of businesses only. business are closely connected 2. Features and facilities
systems. with each other. Most of 3. Time and efforts required
the regulatory compliance 4. Accuracy
requires accounting data and
5. Cost
accounting data comes from
accounting systems
19
BULL EYESBOOKLET
What is E-Commerce
E-Commerce:“Sale / Purchaseof goods/ services through electronic mode is e-commerce.”
Traditional Stepsof E-CommerceTransaction Benefits of E-Business Disadvantages of E-Marketing E-

Commerce vsE- STEP 1: Go to website (like www.snapdeal. i) Benefits to Customer E-Business
It is the processof
Market
Commerce com, www.flipkart.com, www.amazon.in / Individual/User marketing aproduct
Models
• Internet Connection
• Definition • Location etc.) and create your user ids (identifications). ii)Benefits to • High start-upcosts or serviceusing
• Size • Marketing Thosewho havesocialmedia ids, candirectly Business/ Seller •Legal issues • Some the Internet. Of
•Transaction link through those ids. iii)Benefits to business processes may course, information
Processing• Or Government never lend themselves on websites also
Availability for Go to Google Play Store in your hand-held to e-commerce• empowers
commercial device and download the special software Cultural impediments customers and helps
transactions needed for e-commerce transaction called as to e-business • Security the organizations
• Nature of purchase APP(Application).
Concerns to achieve their
• Customer interaction STEP 2: Select the type of product you wish objectives. For
• Business Scope to buy.
example - they can
• Information exchange STEP3: From the products listed, user needs compareprices of
• Payment • Delivery to select the correct product s/he needs to products by rival
of goods• Fraud • buy.
firms.
Process STEP4: User makesthe final choice and goes
• Profit Impact for makingpayment online.
STEP 5: At the time of making payment, e-
commercevendor showsall details including
the product being bought and the final
price of the same for review of the
customer and confirmation before final
payment.
1
BULL EYESBOOKLET
E-Market Models
Some relevant terms related to E-Commerce Business Models

e-marketing are as follows: (i) Business-to-Consumer (B2C) (ii)
•Portal • e – Shop (electronic shop/ Business-to-Business (B2B)
e-tailers) • e – Mall (electronic mall) (iii) Consumer-to-Consumer (C2C) (iv)
• e-auctions (electronic auctions) Consumer to Business (C2B)
• Buyer Aggregator • Virtual (v) Consumer to Government (C2G)
Community (vi) Government to Consumer (G2C)
• e-distribution • e-procurement (vii) Government to Consumer (G2G)
2
BULL EYESBOOKLET
Componentsof E-Commerce(PUVWII)
(a) Payment Gateway (d) Web Portal

(b) User (e) Internet/Network
(c) E-commerce Vendors (f) Technology Infrastructure
(i) Suppliers and Supply Chain Management (i) Computers, Servers, and Database
(ii) Warehouse operations (ii) Mobile Apps
(iii) Shipping and returns • Mobile store front module
(iv) E-Commercecatalogue and product display • Mobile ticketing module
(v) Marketing and loyalty programs • Mobile advertising and marketing module
•Mobile customer support and information
(vi) Showroom and offline purchase
module
(vii) Different Ordering Methods
• Mobile banking
(viii) Guarantees
(iii) Digital Library
(ix) Privacy Policy (iv) Data Interchange
(x) Security
3
BULL EYESBOOKLET
Architecture of Networked Systems
• Two Tier • Three Tier
Two-tier network Three Tier Client Server Architecture
• Presentation Tier (Client • Presentation Tier • Application Tier

Application/Client Tier) • Database Tier
• Database Tier (Data Tier)
• Advantages of Three-Tier Systems
The Advantages of Two-Tier Systems •Clear separation of user-interface-con-
• system performance is higher trol and data presentation from applica-
•Since processing is shared between tion-logic
the client and server, more users could • Dynamic load balancing
interact with system. • Change management
• simple structure, it is easy to setup

Disadvantages of Three-Tier Systems
• Increased need for network traffic
Disadvantages of Two-Tier Systems management, server load balancing, and
Performance deteriorates if number of fault tolerance.
users’ increases. • Immature and are more complex.
Restricted flexibility and choice of DBMS • Maintenance tools are currently
inadequate for maintaining server libraries.
4
BULL EYESBOOKLET
RISKS AND CONTROLS RELATED TO ECOMMERCE
Risksof E-Commerce Controls in an Examplesof Controls Cyber Security

e-BusinessEnvironment RiskConsiderations
• Privacy and Security (a)Educating the participant
controls are necessary for all about the natureof risks. Risk Assessmentis always avery important
• Quality issues
persons in the chain, including the part and parcel of the audit procedures.
• Delay in goodsand Hidden Costs following: (b)Communication of
• Needs access to internet and lack organizational policies to its • Direct • Indirect
of personal touch • Users customers. Financial Impact Operational Impact
• Security and Credit • Sellers/Buyers/Merchants • Privacy Policies
card issues• • Government • Information security
Infrastructure
• Network Service Providers • Shipping and
• Problemof anonymity
billing policies
• Repudiation of contract • Technology
Service • Refund policies
• Lack of authenticity of
transactions • Data Lossor theft Providers (c)Ensure Compliance with
or duplication • Attack from Industry Body Standards
• Technology
hackers • Denial of Service
Service (d) Protect your
• Non-recognition of electronic Providers e-Commerce business
transactions • Lack of audit
trails • Problemof piracy • Logistics Service Providers from intrusion
• Payment Gateways • Viruses • Passwords

• Regular software updates
• Sensitive data
• Sensitive data
5
BULL EYESBOOKLET
The following principles help in

addressing key cyber security risks
in e-commerce:
• Network Diagram • Digital Assets • policy to protect the usability and integrity of network
• incidents of cyber security breach which occurred and the actions taken • Annual review by the CIO
• IT managers responsible for the safeguarding trained to perform the functions

• IT Security Policy circulated to all Employees • Periodical review of access rights to all IT resources
should be • approvals exist before the access is granted to any IT resources • employee awareness
campaigns focusing on methods of intrusion • baseline security configurations established by
the Company under any security standards • remote access logins are configured for two factors’
authentications • vulnerability scans or penetration testing performed by the Company
• Use of firewalls by the Company to allow internet activit
6
BULL EYESBOOKLET
GUIDELINES AND LAWS

GOVERNING ECOMMERCE
COMMERCIAL LAWS
GUIDELINES OF INFORMATION
GOVERNING E-COMMERCE
ECOMMERCE TECHNOLOGY ACT, 2000
Income Tax Act, 1961 (As Amended 2008)
•Billing • Product Companies Act, 2013
guarantee/warranty Foreign Trade (Development and
• Shipping • Delivery Regulation) Act, 1992
• Return • Payment The Factories Act, 1948
The Customs Act, 1962
The Goods and Services Tax
(GST) Act, 2017
Indian Contract Act, 1872
The Competition Act, 2002
Foreign Exchange Management
Act (FEMA 1999) RESERVE BANK OF
Consumer Protection Act, 1986 INDIA ACT, 1934
7
BULL EYESBOOKLET
THE FORCES BEHIND THE E-COMMERCE REVOLUTION

• Proliferation of Mobile Device • Convergence of Mobile
Telecommunication Network and the Internet
• Social Network • Biometrics
• Artificial Intelligence (AI) • Predictive Analysis
• Support of IT governing Laws
8
BULL EYESBOOKLET
DIGITAL PAYMENT
Digital Payment also known as Electronic Payment, is a
way of payment which is made through digital modes.
Advantages and
Different Types of disadvantages of
Digital Payments Digital Payments
(I) Traditional Methods of Digital Payment

Advantages of Digital Payments Disadvantages of Digital Payments
(a) Cards
• Easy and convenient • Difficult for a non-technical person
(i) Credit Card
• Pay or send money from anywhere • Risk of data theft
(ii) Debit Card
(iii) Smart Card • Discounts from taxes • Overspending
(b)Internet Banking • Written record • Disputed transactions
(II) New Methods of Digital Payment • Less Risk • Increased business costs
(a) UPI Apps • Competitive advantage to business
• The necessity of internet access
(b) Immediate Payment Service (IMPS) • Environment Friendly
(c) Mobile Apps
(d) Mobile Wallets
(e) Aadhar Enabled Payment Service (AEPS)
(f) Unstructured Supplementary Service Data (USSD)
(g) Mobile Banking
(h) Cryptocurrency
(i) e-Rupi
9
BULL EYESBOOKLET
COMPUTING TECHNOLOGIES
(i) Virtualization (ii) Application areas of Virtualization Types of Virtualization

• create a virtual version of a device • Server Consolidation • Disaster Hardware Virtualization Network Virtualization
or resource • cutting IT expenses Recovery • Testing and Hardware Virtualization Network Virtualization is a
• enhancing security training • Portable Applications or Platform Virtualization method of combining the
• increasing operational efficiency • Portable Workspaces refers to the creation of a available resources in a
• layer of abstraction between virtual machine that acts network by splitting up the
computer hardware systems and the like a real computer with available bandwidth into
software running on them an operating system. channels, each of which is
• logical view of computing independent from the others,
resources • Virtualization allows its’ and each of which can be
users to manipulate their systems’ assigned (or reassigned) to a
• Partitioning, which divides a particular server or device in
single physical server into multiple real time.
logical servers
10
BULL EYESBOOKLET
GRID COMPUTING
Storage Virtualization
Storage Virtualization is the apparent pooling of data from multiple storage devices, even different types of
storage devices, into what appears to be a single device that is managed from a central console.
BenefitsofGrid TypesofResources Application areasof Grid TypesofResources

Whatisgridcomputing?
Computing • Computation GridComputing Computing • Computation
•Grid Computingis acomputernetworkin which Security
eachcomputer’sresourcesaresharedwith every •Makinguseof • Storage • Civil engineers • Storage
other computerin thesystem. underutilizedresources. • insurancecompany • Secured • Communications
• Communications
•application service Single Sign- • Softwareand
•large numbersof computersconnectedto solvea • ResourceBalancing • Softwareandlicenses
complexproblem. provider • enterprise on Licenses • Special
• Parallel CPUCapacity •Special Equipement’s • Large-scale science equipment, capacities,
• serversorpersonalcomputersrunindependent tasks •Virtual resourcesand capacities architecture •Resource
andengineering architectures,and
•different computerswithin thesamenetworkshare virtual organisation andpolicies. Managemnet policies
• scientific research
oneor moreresources.turning acomputernetwork collaboration. • DataManagemnet
into apowerful supercomputer. • film industry
•Accessto additional • financial industry •Managemnet
•accessingagrid computingsystemwould look no
resources. andprotectionof
differentthanaccessingalocal machine’sresources.
• Reliability credentials
•Everyauthorizedcomputerwould haveaccessto
enormousprocessing powerandstoragecapacity. • Managment •Interoperability with
local security solutions
•ability to accumulatethepower of geographically
scatteredandheterogeneousresourcesto form • Standardization
acohesive resourcefor performinghigher level • Exportability
computations.
•Supportfor secure
•applying the resources of many computers in a groupcommunication
network to asingle problemat the sametime-usually
to a scientific or technical problem that requires a • Supportfor
great number of computer multiple
implementations
11
BULL EYESBOOKLET
CLOUD COMPUTING
What isCloudand Cloud Characteristicsof Advantagesof Drawbacksof CloudComputing

Computing? CloudComputing CloudComputing CloudComputing Environment
“The Cloud” refers to • Elasticity and Scalability • Achieve economies of • If Internet connection is lost
applications, services, and • Pay-per-Use • On-demand scale • Reduce spending on • Security is a major concern
data storage on the Internet. • On-demand • Resiliency technology infrastructure •
• it does not permit the
Cloud Computing simply •Multi Tenancy • Workload Globalize the workforce •
control on these resources as
means the use of computing Movement • Wide Range of Streamline business processes
these are not owned by the
resources as a service Network Access Capacities • Reduce capital costs •
user or customer.
through networks, typically Easy access to information/
the Internet. applications • Pervasive •customers may have to face
accessibility • Backup and restrictions on the availability
Recovery • Monitor projects of applications, operating
more effectively • Less systems, and infrastructure
personnel training is needed options.
•Minimize maintenance • Interoperability
and licensing software •
Load balancing • Improved
flexibility
12
BULL EYESBOOKLET
Cloud Computing Environment
Private Cloud Public Cloud

Also called Internal Cloudsor CorporateClouds,PrivateClouds caneither be The public cloud is the cloud infrastructure that is provisioned
private to an organization and managed by the single organization (On-Premises for open use by the general public.
Private Cloud) or can be managed by third party (Outsourced Private Cloud).
Characteristicsof Private Advantagesof Private limitation of Private Characteristicsof Public Advantagesof limitationsof
Cloud Cloud Cloud Cloud Public Cloud Public Cloud
• Secure• Central Control • It improves • invest in buying, • Highly Scalable • •widely usedin the development, • is security assurance
• Weak Service Level average server building, and managing Affordable • LessSecure deployment and managementof and thereby building trust
Agreements(SLAs) utilization the clouds independently. • Highly Available enterprise applications, at affordable amongthe clients is far
•It provides ahigh level Privatecloud resources costs
• Stringent SLAs from desired because
of security and privacy are not ascost-effective • allows the organizations to resourcesare shared
• It is small and controlled aspublic clouds and they deliver highly scalable and reliable
and maintained by the publicly
have weak SLAs. applications rapidly and at more
organization affordable costs • Further, privacy and
• Thereis no need for establishing organizational autonomy
infrastructure for setting up and are not possible
maintaining the cloud
•Public clouds can easily be
integrated with private clouds.
Strict SLAsare followed
• Thereis no limit for the number
of users
13
BULL EYESBOOKLET
Cloud Computing Environment
Hybrid Cloud Community Cloud

This is a combination of both at least one private (internal) and at least one public The community cloud is the cloud infrastructure that is provisioned for
(external) cloud computing environments - usually, consisting of infrastructure, exclusive use by a specific community of consumers from organizations
platforms, and applications. that have shared concerns
Characteristicsof Advantages of limitationsof Characteristicsof Advantagesof limitationsof

Hybrid Cloud Hybrid Cloud Hybrid Cloud CommunityCloud CommunityCloud CommunityCloud
• Scalable • Partially •It is highly scalable and •the security featuresare • Collaborative and • It allows establishing a • the autonomy of the
Secure• Stringent gives the power of both not asgood asthe private Distributive Maintenance low-cost private cloud. • It organization is lost and
SLAs• Complex Cloud private and public clouds. • It cloud and complex to • Partially Secure• Cost allows collaborative work on some of the security
Managemnt provides better security than manage Effective the cloud • It allows sharing featuresare not asgood as
the public cloud. of responsibilities amongthe the private cloud. It is not
organizations suitable in the case where
• It has better security than there is no collaboration.
the public cloud
14
BULL EYESBOOKLET
CLOUD COMPUTING SERVICE MODELS
Infrastructure as a Service (IaaS) Platform as a Service Software as a Service Other Cloud Service Models
IaaS, a hardware-level service, provides computing (PaaS) (SaaS) • Communication as a Service (CaaS)
resources such as processing power, memory, storage, PaaS provides the users SaaS provides ability to • Data as a Service (DaaS)
and networks for cloud users to run their application the ability to develop and the end users to access • Security as a Service (SECaaS)
on-demand deploy an application on an application over the • Identity as a Service (IDaaS)
the development platform Internet that is hosted and
provided by the service managed by the service
Characteristicsof IaaS Instances of IaaS
provider provider.
• Web access to the resources • Network asaService (NaaS)
• Centralized Management • Storage asaService (STaaS)
• Elasticity and Dynamic •DatabaseasaService Instancesof SaaS
Scaling • Sharedinfrastructure (DBaaS)• Backend asa • TestingasaService (TaaS)
• MeteredServices Service (BaaS)• Desktop asa • API asaService (APIaaS)
Service (DTaaS) • Email asaService (EaaS)
PERTINENT ISSUES RELATED TO CLOUD COMPUTING
• Threshold Plicy • Interoperability • Hidden Costs

• UnexpectedBehaviour • Security Issues• Legal Issues• Software
Development in Cloud• Bugs in Large-Scale Distributed Systems
15
BULL EYESBOOKLET
MOBILE
COMPUTING
Mobile Computing refers to the
technologythat allows transmissionof data
via a computer withouthaving
tobe connectedtoa fixed
physical link.
Components of Mobile Computing Working of Mobile Computing Benefits of Mobile Computing Limitations of Mobile
• Mobile Communication • The user enters or accesses data using the •work from anywhere as long as Computing
• Mobile Hardware application on hand-held computing they are connected to a network • Insufficient Bandwidth •
• Mobile Software device • Using one of several connecting • reduced the travelling time Security Standards • Power
technologies, the new data are transmitted from different locations or to the consumption • Transmission
from hand-held to site’s information system office and back • productivity interferences • Potential
where files are updated, and the new has been enhanced • enables the health hazards • Human
data are accessible to other system user • organization to improve the services interface with device
Now, both systems (hand-held and site’s offered to its customers • Increased
computer) have the same information and information flow • excellent
are in sync • The process works the same communication • remote access to
way starting from the other direction. work order details
16
BULL EYESBOOKLET
GREEN COMPUTING
Green Computing or Green IT refers to the study and
practice of environmentally sustainable computing or IT
Green Computing Best Practices Green IT Security Services and Challenges

• Develop a sustainable Green Computing plan • Evaluate the actual security mechanisms in order
• Recycle to assess their energy consumption
• Make environmentally sound purchase decisions • Building new security mechanisms by considering
• Reduce Paper Consumption the energy costs from the design phase
• Conserve Energy
17
BULL EYESBOOKLET
BRING YOUR OWN DEVICE (BYOD)

BYOD (Bring Your Own Device) refers to business policy that allows employees to use
their preferred computing devices, like smartphones and laptops for business purposes.
I. Advantages of BYOD 🢫 II. Emerging BYOD Threats 🢫

• Happy Employees • Lower IT Network Risks:
budgets • IT reduces support • ‘Lack of Device Visibility’
requirement • Early adoption of Device Risks:
new Technologies • Increased • ‘Loss of Devices’
employee efficiency Application Risks:
• ‘Application Viruses and
Malware’
Implementation Risks:
• ‘Weak BYOD Policy’
18
BULL EYESBOOKLET
WEB 3.0
The term Web 3.0, also known as the Semantic Web,
describes sites wherein the computers will generate raw
data on their own without direct user interaction.
Underlying Concept Components of Web 3.0 Web 4.0 called The Web 5.0
•Web 3.0 technology uses • Semantic Web • Web “Intelligent Web” is “The Telepathic Web/The
the “Data Web” Technology, Services autonomous, proactive, Symbionet Web” is set to be
which features the data content-exploring, self- highly complex future web
records that are publishable learning, collaborative, and generation, to be present
and reusable on the web content-generating agents after the year 2030 in which
through query-able formats. based on fully matured some things such as brain
semantic and reasoning implants are expected to be
technologies as well as popular.
Artificial Intelligence.
19
BULL EYESBOOKLET
Internet of Things
The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital
machines, objects, animals or people that are provided with unique identifiers and the ability to transfer
data over a network without requiring human-to-human or human-to-computer interaction.
Applications Risks
• All home appliances to be connected •Risk to user of these products • Risk to
and that shall create a virtual home user of these products • Technology Risk
•Office machines shall be connected • Environmental Risks due to Technology
through net • Governments can keep
track of resource utilizations/extra support
needed
•Wearables • Smart City • Industrial
Internet of Things • Connected Car
• Smart Retail • Smart Supply Chain
20
BULL EYESBOOKLET
Artificial Intelligence (AI)
A. Intelligence B. Machine learning

“The ability to use Machine learning
memory, knowledge, is the science and
experience, art of programming
understanding, computers so that they
reasoning, imagination can learn from data.
and judgement to solve
problems and adapt to
new situations”.
I. Applications II. Risks III. Controls

•Autonomous vehicles such as drones and self-driving •AI relies heavily on the input data. The incorrect • The set of controls in AI will
cars. • Medical diagnosis like in cancer research and input data sets in machine learning systems lead to be extremely complex because
predicting the chances of an individual getting ill by a incorrect identification and knowledge • With growing of the nature of processing
disease. • Creating art such as poetry by providing various technology, there has been increased dependence of of information and must be
suggestions to the writer. • Playing games such as chess human beings on AI for various critical functions and dealt adequately based on the
• Providing a real time quotation of export/import in services indifferent fields like medical, robotics, banking nature of the AI tool and the
finance • Detecting unusual credit card transactions facilities etc. • AI in long term may kill human skills of purpose, etc.
• Solving problems that either are too complex for traditional thinking the unthinkable.
approaches • Helps in discovering hidden patterns in data
through Data Mining.
21
BULL EYESBOOKLET
BLOCKCHAIN
• Blockchain, sometimes referred to as Distributed Ledger Technology (DLT) is a shared, peer-to-peer,
and decentralized open ledger of transactions system with no trusted third parties in between.
• A blockchain generally uses a chain of blocks, with each block
representing the digital information stored in public database (“the
chain”).
Working of any Applications Risks Controls

Blockchain transaction • Financial Services • conflict when monitoring controls are • Asopposed to traditional manual techniques,
• A transaction like sending • Healthcare designed for a blockchain. • The reliability computerized continuous monitoring techniques shall
money to someone is • Government • Travel of financial transactions is dependent be used to perform ongoing evaluations • Suitable data
initated. • Transaction Industry • Economic on the underlying technology and if this analytics proceduresshall bedeveloped to identify and
is broadcasted via the Forecasts underlying consensusmechanism hasbeen obtain relevant and quality data from the blockchain
network. • The network tampered with, it could render the financial • Communication methods shall be developed to
validates the transaction information stored in the ledger to be ensure that operational changes and updates relating to
using cryptography • The inaccurate and unreliable. • In the absence the use of blockchain are communicated • The unique
transaction is represented of any central authority to administer aspectsof blockchain such asconsensus protocols,
online as a block. • Block and enforce protocol amendments, there smartcontracts, and private keys, aswell asfactors
is added to the existing could be a challenge in the establishment relating to the ongoing health, governance, and overall
blockchain. • Transaction of development and maintenance of reliability of the blockchain in use;shall beassessed
is complete. process control activities. • As blockchain thoroughly • Both internal and external auditors shall
involves humongous data getting updated be engaged in discussions during the development
frequently, risk related to information or identification of a blockchain so as to make the
overload could potentially challenge the management understand the typical auditability issues
level of monitoring required. associated with using blockchain.
22
BULL EYESBOOKLET
CORE BANKING SYSTEMS
❖ INTRODUCTION
• Information Technology (IT).
• Global Business Opportunities.
• Financial Inclusions.
• Growth of Internet.
• Core Banking Systems (CBS).
❖ OVERVIEW OF BANKING SERVICES

I. Acceptance of Deposits
II. Granting of Advances
III. Remittances
o Demand Drafts
o Mail Transfer
o Electronic Fund Transfer
a) Real Time Gross Settlement (RTGS)
b) National Electronic Funds Transfer (NEFT)
c) Immediate Payment Service (IMPS)
IV. Collections
V. Clearing
o ECS Credit
o ECS Debit
VI. Letters of Credit and Guarantees
VII. Credit Cards
VIII. Debit Cards
IX. Other Banking Services
o Back operations
o Retail Banking
o High Net-worth Individuals (HNI).
o Specialized Services.
a) Loan
b) Underwriting
c) Life Insurance
d) Non-life Insurance
❖ OVERVIEW OF CORE BANKING SYSTEMS (CBS)
Some CBS Software are:

i. Finacle
ii. FinnOne
iii. Flexcube
iv. BaNCS
v. BankMate
vi. Back Office
vii. Data Warehouse
viii. Credit-Card System
ix. Automated Teller Machines (ATM)
x. Central Server
xi. Mobile Banking/Internet Banking and Phone Banking
xii. Branch Banking
❖ CORE FEATURES OF CBS

➢ Real time processing
➢ Transactions are posted immediately.
➢ Database are updated simultaneously
➢ Centralized operations
➢ Merging of data
➢ Reduction in errors
❖ COMPONENTS AND ARCHITECTURE OF CBS
❖ CBS IT ENVIRONMENT
A. Database Server
B. Application Server
C. Automated Teller Machines (ATM) Channel Server
D. Internet Banking Channel Server (IBCS)
E. Internet Banking Application Server (IBAS)
F. Web Server
G. Proxy Server
H. Anti-Virus Software Server
❖ TECHNOLOGY COMPONENTS OF CBS

• Database Environment
• Application Environment
• Cyber Security
i. Network Security and Secure Configuration
ii. Application Security
iii. Data Centre and Disaster Recovery Centre.
iv. Online Transaction monitoring for fraud risk management
✓ Information flow
✓ Customer centric
✓ Regulatory compliance
✓ Resource optimization
❖ FUNCTIONAL ARCHITECTURE OF CBS
✓ Ranging from back front office to back-office
operations.
✓ Transactions at counters to online transactions up
to general ledger and reporting as required.
❖ INTERNET BANKING PROCESS

✓ Accessing the website of the bank.
✓ User is directed to secure web server.
✓ Protect the web server.
❖ E-COMMERCE TRANSACTION PROCESSING

✓ Advance payment
✓ Customers are required to enter password
as OTP.
✓ Customers are directed to merchant site.
❖ IMPLEMENTATION OF CBS
• Planning
• Approval
• Selection
• Design and develop or procured
• Testing
• Implementation
• Maintenance
• Support
• Updating
• Audit
❖ CBS RISKS, SECURITY POLICY AND CONTROLS

• Risks associated with CBS.
✓ Risk Management:
a. Operational Risk
▪ Transaction Processing Risk
▪ Information Security Risk
▪ Legal Risk
▪ Compliance Risk
▪ People Risk
b. Credit Risk
c. Market Risk
d. Strategic Risk
e. IT Risk
▪ Ownership of Data/ process

▪ Authorization process
▪ Authentication procedures
▪ Several software interfaces across diverse networks
▪ Maintaining response time
▪ User Identity Management
▪ Access Controls
▪ Incident handling procedures
▪ Change Management
• Security Policy
• Information Security
▪ Information Security Policies, Procedures and practices
▪ User Security Administration
▪ Application Security
▪ Database Security
▪ Operating System Security
▪ Network Security
▪ Physical Security
• Sample Listing of Risks and Controls w.r.t Information Security.

• Internal Control System in Bank.
a. Internal Controls in Banks’ Environment
b. IT Controls in Banks
c. Controls in Banks’ Application Software
▪ Configuration
✓ Defining access rules from various devices/terminals.
✓ Creation of user types
✓ Creation of customer type, deposit type, year-end process
✓ User access and privileges- configuration and its management.
✓ Password Management
▪ Masters
✓ Customer Master
✓ Employee Master
✓ Income Tax Master
▪ Transactions.
✓ Deposit transactions
✓ Advances transactions
✓ ECS transactions
✓ General Ledger
▪ Reports
✓ Summary of transactions of day.
✓ Daily General Ledger of day.
✓ Activity logging and review
✓ MIS report for each product or service
• Sample listing of Risks and Controls w.r.t Application Controls.
• CBS: Core Business Processes - Relevant Risks and Controls.
• Business process flow of Current and Savings Accounts (CASA)
a) Process Flow of CASA facility.
• Risks and Controls around the CASA Process.
• Business Process flow of Credit Cards.
(a) Process Flow of Issuance of Credit Card Facility.
(b) Process Flow of Sale - Authorization process of Credit Card Facility.
(c) Process Flow of Clearing & Settlement process of Credit Card Facility.
• Risks and Controls around the Credit Card Process.
• Business Process Flow of Mortgages.
(a) Types of Mortgage Loan: Home loan, Top-up Loan, Loans for Under Construction
Property.
(b) Process Description.
• Risk & Controls around the Mortgage Process.
• Business Flow of Treasury Process.
(a) Core areas of Treasury Operations:
(i) Front Office
(ii) Middle Office
(iii) Back Office Operations
(b) Process flow for Bank Treasury Operations.
• Risk & Controls around the Treasury Process.
• Loans and Trade Finance Process.
(a) Classification of Credit Facilities:
(i) Fund Based Credit Facilities.
(ii) Non-Fund Based Credit Facilities.
(I) Customer Master Creation in Loan Disbursement System.

(II) Loan Disbursal/Facility Utilization and Income Accounting.
• Summary of Credit and Non-Credit Facilities.

(b) Process flow for Fund based loans.
(c) Process flow for Non-fund-based loans.
(d) Risk and Controls in the Loans and Advances Process.
• Risk & Controls in the Loans and Advances Process.
❖ REPORTING SYSTEMS AND MIS, DATA ANALYTICS
AND BUSINESS INTELLIGENCE
✓ Risk Prediction for Basel III based on Artificial Intelligence.
❖ APPLICABLEREGULATORY AND COMPLIANCE
REQUIREMENTS
✓ Impact of Technology in Banking.
✓ Money Laundering.
I. Stages of Money Laundering:
1. Placement.
2. Layering.
3. Integration.
II. Anti-Money laundering (AML) using Technology.

III. Financing of Terrorism.
✓ Cyber Crimes.
✓ Banking Regulation Acts.
1) Negotiable Instruments Act-1881 (NI Act).
2) RBI Regulations.
▪ Monetary Authority.
▪ Regulator and supervisor of the financial system.
▪ Issuer of currency.
3) Prevention of Money Laundering Act (PMLA), 2002.
4) Information Technology Act, 2000.
A. Key Provisions of IT Act.
B. Sensitive Personal Data Information (SPDI).
C. Privacy Policy.
❖ CHAPTER II OFFENCE OF MONEY-LAUNDERING

Section 3. Offence of money-laundering.
❖ CHAPTER IV OBLIGATIONS OF BANKING COMPANIES,
FINANCIAL INSTITUTIONS AND INTERMEDIARIES
Section 12. Reporting entity to maintain records.
Section 13. Powers of Director to impose fine.
❖ CHAPTER X MISCELLANEOUS
Section 63. Punishment for false information or failure to give
information, etc.
Section 70. Offences by companies.
IV. Information Technology Act, 2000

A. Key provisions of IT Act
B. Sensitive Personal Data Information (SPDI)
C. Privacy Policy

EIS Bull&#39;s Eye Mat

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

EIS Bull&#39;s Eye Mat

Uploaded by

Copyright:

Available Formats

ENTERPRISE INFORMATION SYSTEM

Operational Processes (or Primary Processes)

Vision Business Cost Board Strategic Revenue Profit Budget

BusinessProcess Step1: Define

Risk and itsManagement Characteristics8 Risk Typesof Risks

RISKS MANAGEMENT STRATEGIES

ImportanceofIT Controls Application of IT Control KeyindicatorsofeffectiveIT cobntrols FramwasofIT controlasperSA315 LimitationsofInternalControlSystem

Power to Pay (P2P) – Risk and Controls

Custome Order Delivery Invoicing Collections Accounting

Masters-O2C(Refer Mat 33) Transactions-O2C(Refer Mat page- 31)

Human Resources – Risksand Controls General Ledger – Risksand Controls

Configuration GL Masters GL Transactions GL

Diagrammatic Representation of Business Processes

Advantages of Flowcharts Limitations of Flowchart

Quicker grasp of Complex logic

Efficient program Identifying

Data Flow Diagrams (DFDs)

Main symbols used in DFD

Diagrammatic Representation of Spcific Business Processes

Order to Cash Purchaseto Pay/Procureto Pay

This can be explained by the

[Section 43A] Compensation for failure to

What is a system? What is a Process?

“a set of detailed methods, procedures

III. Voucher Number IV. Accounting Flow V. Types of Ledgers

• Voucher number must be unique. Ledgers

• All vouchers are recorded in Software Balancing

Profit & Loss Account Balance Sheet

VI. Voucher Number

• Income • Expense • Asset • Liability

B. Installed Applications v/s

(i) Front End and Back End

• Human Resource • Accounting • Marketing • Production • Purchase

Functions covered by ERP

• People Aspect • Process Aspect • Technological Aspect • Implementatio • Post

• What is a • Business Process Flow • ERP - Business

FUNCTIONAL MODULES OF ERP

• Sales & Distribution • Project System

• Human Resource ERPMODULES • Supply Chain

FUNCTIONAL MODULES OF ERP

• Human Resource (HR) Module

Changeof Leaveof Termination

•Material Management (MM) • Quality Management Module • Plant Maintenance Module

FUNCTIONAL MODULES OF ERP

• Project SystemsModule • Process of Supply Chain

• Key Benefits of CRM Module • Integration Points of all

REPORTING SYSTEM AND MANAGEMENT INFORMATION SYSTEMS (MIS)

• Reporting System • Management Information System (MIS) • Type of Information in a

What is a MIS Report Who uses MIS Report

DATA ANALYTICS AND BUSINESS INTELLIGENCE

• Data Analytics • Types of Data Analytics Applications

Application Areas Inside the Data Analytics

BUSINESS INTELLIGENCE (BI)

Reasons for Business Intelligence Benefits of Business Intelligence

• Market conditions future trends, ⚫ increasing operational efficiency;

BUSINESS INTELLIGENCE TECHNOLOGY

BUSINESS REPORTING AND FUNDAMENTALS OF XBRL

APPLICABLE REGULATORY AND COMPLIANCE REQUIREMENTS

Steps of Information Systems Steps of Information Systems

• People Resources • Computer System • Hardware

• Input Devices • Processing Devices • Primary Memory • Secondary Devices

Output Devices Output Devices

Data Database Data base Management Systems (DBMS)

EIS Bull's Eye Mat

EIS Bull's Eye Mat