IT(information technology)
- Hardware - actual physical computer, mouse keypad
- Software - systems and programs that process data and turn that data into information
- Network - The communication media, allows more than one computer to share data with other computers
- People - job titles can vary, but functions tend to stay the same, and some functions can also be outsourced if the company wishes
- Data/Information - Data: Raw facts i.e a quantity a name a dollar amount
Information: Data that has been processed and organized
Accounting Information System(AIS)
- a type of MANAGEMENT accounting system(helps management have information to make decisions), may also be partly a transaction processing system and partly a knowledge system.
- a well designed system should leave an “audit trail” and allows the user to trace a transaction from a source document and vouch from the ledger back to the source documents.
- a proper Accounting information system should classify information and be set up to assist the auditor with the assertions(i.e cutoff)
Coding
Sequence - a list of transactions where we do not want duplicates and gaps in sequential numbers
Block- anytime a block of numbers are used to group similar items( 100-199 refers to assets, 200-299 refers to liabilities)
Group - different groups of numbers have different meanings, like a phone number(first numbers refer to area code, second group refers to specific number)
Chart of accounts
-allows the business to customize classification of data in the ways that best meet the information requirements of the business
Batch Procesing
- When master files are only updated periodically, such as daily
- taking similar individual transactions and putting them into a group or batch, and updating them periodically
Online Real-Time processing(OLRT)
- when the master files are immediately updated in real time
Query
- a request for specific data(i.e today’s sales), get it from asking the database to get an answer(what are today’s sales?)
Centralization processing enviroments
- to a level of Degree, Headquarters may process certain data, while stores are decentralized and process other data
Reports
Periodic reports - produced routinely on a periodic basis Exception Reports - produced when a specific condition or exception occurs(i.e customer who's credit balance is greater than the credit limit) Demand Reports(aka pull report) - user has to pull report from the system or software, tell the system you want/demand a report on something Ad-hoc report - one that does not currently exist but can be created on demand without the need of a software developer. Creating a custom report that the software does not already have.
More Reports
Push Reports - if a report window displays up-to-date reports every time an end user logs into a computer network, system automatically pushes current report to person, system generated but not scheduled
Dashboard Report - present summary information report that aids management action. More visual for quick reference
XBRL report - XBRL tags DEFINE the data. For example, tags could indicate the taxonomy used(GAAP or IFRS) the currency, the time period, as well as the definition of the element.
- A macro could be written that would pull tagged information from financial statements(like current assets or current liabilities) and then calculate the current ratio for you.
Categories of business information systems
Transaction Processing Systems(TPS) - process and record the routine daily transactions necessary to conduct a business
Management Information Systems(MIS) - provides users predefined reports that support effective business decisions, helping with daily or monthly decisions
Decision Support Systems(DSS) - an extension of MIS that provides interactive tools to support decision making. More specific than MIS. i.e tells you how much inventory you should order for example by using more advanced tools
Executive Information Systems(EIS) - senior executives with immediate and easy access to internal and external information to assist in STRATEGIC decision making i.e long term
Systems Development Life Cycle(SDLC)
- a framework for controlling and planning the activities associated with systems development
- like a waterfall, one step followed by another to plan the system
Prototyping Model
Alternative to SDLC, an approximation of a final system is built and tested and reworked as necessary until final system is complete
Steps in System Development
A DITTO
- Systems analysis - define the nature and scope of teh project and needs of the users
- Design - Conceptual: deciding how we’ll meet the needs. See what software needs to be bought, developed or outsourced
Physical design:determine hardware to acquire, write computer programs, design database etc. - Implementation and Conversion - put into place and construct physical design items
- Training
- Testing
- Operations and Maintenance
Participants in Business Process Desgin
Management - providing support and encouragement for development projects, clear signal that user needs are met
Accountants - plays 3 different roles :
- Accounting Information System - since we will be using information generated from it let you know information needs and system requirements
- help manage system development
- take an active role in designing system controls, and monitoring and testing
Information Systems Steering Committee - plan and oversee the information systems function and make sure the system moves in the right direction and “gets done”
Project Development Team - responsible for the successful design and implementation of the business system
External parties - may need to seek their input
IT Control Objectives (memorize)
COBIT - framework that provides a set of measures, indicators, processes and best practices to maximize the benefit of information technology
1) Business Objectives - might include effective decision support, efficient transaction processing, compliance with reporting requirements
2) Governance Objectives - IT governance: strategic alliance, value delivery(promises made by the organization to meet certain needs of users), Resource Management, Risk Management, Performance Measurement
*3)Information Criteria: ICE RACE I - Integrity C -Confidentiality E - Efficiency R - Reliability A- Availability C- Compliance E- Effectiveness
4) IT Resources
*5) Domains and processes of COBIT PO AIDS ME PO - plan and organize AI - acquire and implement DS - deliver and support ME - monitor and evaluate
Role of technology systems in monitoring controls
1.General Controls - ensure and organizations control environment is stable and well maintained overall
Application Controls - prevent, detect, and correct Transaction error and fraud and are more specific
- Input controls - data and source data is entered correctly and numbered appropriately
- Process controls - data matching: take 2 or more items of data and match them to show they check or agree
file labels: external labels are readable by humans, internal labels are readable by computers
4,5,6. Zero footing, system double checks before erasing something, user does reconciliation to make sure information correct
Segregation of Duties IT
System analyst - a) internally developed system - determines system requirements, designs overall system, and determines what type of network will be needed
b) purchased system - integrate with existing internal and purchased applications, and provide training to end users
Computer programmer - a) Application programmer/ Software developer(engineer) - responsible for writing and/or maintaining application programs
b) System programmer - responsible for installing, supporting, monitoring and maintaining the operating system. May also support capacity planning functions
Computer Operator - schedule and run the processing jobs, can be automated(no need for person)
File Librarian - store and protect programs and tapes from damage and unauthorized use(mostly automated nowadays)
Data Librarian - custody of and maintains the entity’s data and ensures it is only released to those who are authorized
Security Administrator - responsible for the assignment of initial passwords and the rules for maintaining them
System Administrator a) Database administrator - responsible for maintaining and supporting the database software, and performing certain security functions. DIfferent from data librarian works on OVERALL DATABASE and librarian works on specific data in database.
b) Network administrator - support computer networks
c) web administrator - responsible for company website
Data Input Clerk - prepare, verify and input data to be processed
Hardware Technician - sets up hardware and troubleshoots hardware problems
End user - workers in an organization who enter data into a system or use the information processed by it
Son-father-grandfather concept
- most recent file = son, and so on
- take old file + todays transactions equals new file which is then stored separately on the master file
Mirroring - backup every transaction on a separate computer
UPS
Uninterrupted Power Supply - backup generator battery
Data Encryption
- electronic commerce
- using a password or a digital key to scramble a readable or plain text message into an unreadable or cypher message
Digital Certificates - an electronic document created by a trusted party that which certifies the identity the owners of a particular public key
PKI’s( public key infrastructure) mange these keys
Passwords
- require a minimum of 7-8 characters
- feature 3 of 4 characteristics (symbols, uppercase, lowercase, numbers)
- best to change at least every 90 days
Policies
- most crucial element in a corporate information security infrastructure and must be considered long before information technology is acquired and deployed
Program Level Policy - mission statement of IT security
Program Framework Policy - the IT security strategy
E-commerce vs. E-business
E-commerce - the specific electronic completion of an exchange of buying and selling
E-business - more general and broad refers to any business done through an electronic form
