basic subsystems in the ais expenditure cycle human resources production cycle revenue cycle...
TRANSCRIPT
Basic Subsystems in the AIS
ExpenditureCycle
HumanResources
ProductionCycle
RevenueCycle
FinancingCycle
General Ledger & Reporting System
The Value Chain
Primary Activities
InboundLogistics
OutboundLogistics
Operations
Marketingand Sales
Service
The Value Chain
Support Activities
Infrastructure
HumanResources
Technology
Purchasing
The Value System
• The value chain concept can be extended by recognizing that organizations must interact with suppliers, distributors, and customers.
• An organization’s value chain and the value chains of its suppliers, distributors, and customers collectively form a value system.
The Systems Development Life Cycle
• What are the five steps in the systems development life cycle (SDLC)?
1. Systems analysis
2. Conceptual design
3. Physical design
4. Implementation and conversion
5. Operations and maintenance
The Systems Development Life Cycle
Systems Analysis
Conduct initial investigation
Conduct system survey
Conduct feasibility study
Determine information needs and system requirements
Deliver systems requirements
Feasibility analysis and decision points
The Players
• Who are the people involved in developing and implementing AIS?– management– accountants– information systems steering committee– project development team– systems analysts and programmers– external players
Planning Techniques
A B
C
E
D
F
Critical path A,B,E,F
Planning Techniques
____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
Activity Week Starting12345678
Project Planning Chart (Sample Gantt Chart)
Feasibility Analysis
• What are some capital budgeting techniques?– payback period– net present value (NPV) – internal rate of return (IRR)
Ways to obtain an AISPurchase
(Pre-written)
Build
(Customized)
Lease
(Pre-written)
Canned Software
Turnkey
(H/W & S/W)
In-house Developed
Out-sourced
(External)
Application Service Provider (ASP)
“Modified” Canned
Software
I.S. Developed
End-user Developed
(EUD)
Threats to AIS• Natural and political disasters:
– fire / heat / floods / earthquakes / winds / war
• S/W errors & Equipment Malfunctions:– H/W failures / power outages / data transmission errors
• Unintentional acts:– accidents / lost data / human & logic errors /systems that do
not meet company needs
• Intentional acts:– Sabotage / computer fraud / embezzlement
Physical Access Controls
• How can physical access security be achieved? – placing computer equipment in locked rooms and
restricting access to authorized personnel
– having only one or two entrances to the computer room
– requiring proper employee ID
– requiring that visitors sign a log
– installing locks on PCs
Logical Access Controls
• Users should be allowed access only to the data they are authorized to use and then only to perform specific authorized functions.
• What are some logical access controls?– passwords
– physical possession identification
– biometric identification
– compatibility tests
Protection of PCs and Client/Server Networks
• Many of the policies and procedures for mainframe control are applicable to PCs and networks.
• The following controls are also important:– Train users in PC-related control concepts.– Restrict access by using locks and keys on PCs.– Establish policies and procedures.– Portable PCs should not be stored in cars.– Back up hard disks regularly.– Encrypt or password protect files.– Build protective walls around operating systems.– Use multilevel password controls to limit employee access to
incompatible data.
Internet Controls• Caution when conducting business on the Internet:
– the global base of people that depend on the Internet– the variability in quality, compatibility, completeness, and
stability of network products and services– access of messages by others– security flaws in Web sites– attraction of hackers to the Internet
• Controls used to secure Internet activity:– passwords– encryption technology– routing verification procedures– Firewall = a barrier between the networks that does not allow
information to flow into and out of the trusted network.
Principles of a Reliable System
1. Security of the system against unauthorized physical and logical access.
2. Availability of the system when needed.
3. Maintainability of the system as required without affecting its availability, security, and integrity.
4. Integrity of the system to ensure that processing is complete, accurate, timely, and authorized.
Segregation of Duties Withinthe Systems Function
• Organizations must implement compensating control procedures.
• Authority & responsibility must be clearly divided among the following functions:1 Systems analysis
2 Programming
3 Computer operations
4 Users
5 AIS library
6 Data control
Segregation of Duties
Recording FunctionsPreparing source documents
Maintaining journalsPreparing reconciliations
Preparing performance reports
Custodial FunctionsHandling cash
Handling assetsWriting checks
Receiving checks in mail Authorization FunctionsAuthorization of
transactions
Data Flow Diagrams
• A data flow diagram (DFD) graphically describes the flow of data within an organization.
• It is used to document existing systems and to plan and design new ones.
• There is no ideal way to develop a DFD.
Disaster Recovery Plan
• Every organization should have a disaster recovery plan to restore data processing capacity smoothly and quickly as possible.
• Objectives of a recovery plan:1 Minimize the extent of the disruption, damage, and loss.
2 Temporarily establish an alternative means of processing information.
3 Resume normal operations as soon as possible.
4 Train and familiarize personnel with emergency operations.
Disaster Recovery Plan• A sound disaster plan should contain the
following elements:1 Priorities for the recovery process2 Backup data and program files3 Specific assignments4 Complete documentation5 Backup computer and telecommunications facilities
• reciprocal agreements• hot and cold sites
• Questions need to be asked:– Who needs access to what information? – When do they need it?– On which systems does the information reside?
Disaster Recovery Plan
• There are other aspects of disaster recovery planning that deserve mention:
• The recovery plan is incomplete until it has been satisfactorily tested by simulating a disaster.
• The recovery plan must be continuously reviewed and revised to ensure that it reflects current situation.
• The plan should include insurance coverage.
Why Fraud Occurs
• Three conditions are necessary for fraud to occur:1 A pressure or motive2 An opportunity3 A rationalization
General Controls• General controls ensure that overall computer
system is stable and well managed:1. Developing a security plan2. Segregation of duties within the systems function3. Project development controls4. Physical access controls 5. Logical access controls6. Data storage controls7. Data transmission controls8. Documentation standards9. Minimizing system downtime10. Disaster recovery plans11. Protection of personal computers & client/server networks12. Internet controls
E-Business Interactions• E-business encompasses an
organization’s external interactions with its:– Suppliers– Customers– Investors– Creditors– The government– Media
Categories of E-Business
Type of E-Business Characteristics
Interactions between individuals & organizations:
B2C (Business to Consumers)
•Organization-individual
•Smaller dollar value
•One-time or infrequent transactions
•Relatively simple
Inter-organizational e-business:
B2B (Business to Business): B2G (Business to Government)
B2E (Business to Education)
•Inter-organizational
•Larger dollar value
•Established, on-going relationships
•Extension of credit by seller to customer
•More complex
Use of E-Business• E-business includes the use of IT to redesign its
internal processes.• For organizations in many industries, engaging in
e-business is a necessity.• Engaging in e-business in and of itself does not
provide a competitive advantage.• However, e-business can be used to more
effectively implement its basic strategy and enhance the effectiveness and efficiency of its value-chain activities.
E-Business Success Factors
• The degree to which e-business activities fit and support the organization’s overall business strategy.
• The ability to guarantee that e-business processes satisfy the three key characteristics of any business transaction– Validity
– Integrity
– Privacy
E-Business Success Factors
• Implementation of an EDI must overcome the following threats:– Choosing an inappropriate technology– Unauthorized system access– Tapping into data transmission– Loss of data integrity– Incomplete transactions– System failures
EncryptionThere are two principal types of encryption systems:
– Single-key systems: Same key is used to encrypt and decrypt the message
• Simple, fast, and efficient• Example: the Data Encryption Standard (DES) algorithm
– Public Key Infrastructure (PKI): Uses two keys:• Public key is publicly available and usually used to encode
message• Private key is kept secret and known only by the owner of that
pair of keys. Usually used to decode message
Types of Networks
• The private portion can be further divided into two subsets:
1 Local area network (LAN) — a system of computers and other devices, such as printers, that are located in close proximity to each other.
2 Wide area network (WAN) — covers a wide geographic area.
Types of Networks
• What is an Intranet?
• The term Intranet refers to internal networks that connect to the main Internet.
• They can be navigated with the same browser software, but are closed off from the general public.
• What are Extranets?
Company A
AISVPN
equipmentISP
Internet
Types of Networks
• Companies build a virtual private network (VPN) to improve reliability and security, while still taking advantage of the Internet.
Network Configuration Options
• Local area networks (LANs) can be configured in one of three basic ways:
1 Star configuration
2 Ring configuration
3 Bus configuration
Network Configuration Options
• Wide area networks (WANs) can be configured in one of three basic ways:
1 Centralized system
2 Decentralized system
3 Distributed data processing
Network Configuration Options
In a centralized WAN, all terminals and other devices are connected to a central corporate computer.
WAN Configuration:
1. Centralized
2. Decentralized
3. Distributed
File-Oriented Approach
Applicationprogram #2
Applicationprogram #1
File # 1
Item A Item B Item C
File # 2
Item B Item D Item E
Database Approach
Applicationprogram #3
Applicationprogram #2
Databasemanagement
system
Applicationprogram #1
Item A Item B Item C Item D Item E
Database
Database Approach versus File-Oriented Approach
Minimum data redundancy
Fewer data inconsistencies
Standardized data format
No duplicated processing or storage
Allows cross-functional data analyses
Central data management / data security
Lower cost
Databases
• Database management system (DBMS) is the program that manages and controls access to the database.
• Database system is the combination of the database, the DBMS, and the application program that uses the database.
• Database administrator (DBA) is the person responsible for the database.
Logical & Physical Views of Data
A major advantage of database systems over file-oriented systems is that the database systems separate the logical and physical view of data:– Logical view: It is how the user or programmer conceptually
organizes and understands the data.
– Physical view: It refers to how and where the data are physically arranged and stored on disk, tape, CD-ROM, or other media.
The DBMS controls the database so that users can access, query, or update it without reference to how or where the data are physically stored.
Relational Databases
• A data model is an abstract representation of the contents of a database.
• The relational data model represents everything in the database as being stored in the form of tables.
• Technically, these tables are called relations.• Each row in a relation, called a tuple, contains
data about a specific occurrence of the type of entity represented by that table.
Schemas
• What are schemas?
• A schema describes the logical structure of a database.
• There are three levels of schemas:1 Conceptual-level schema2 External-level schema3 Internal-level schema
Schemas
• The conceptual-level schema is an organization-wide view of the entire database.
• The external-level schema consists of a set of individual user views of portions of the database, also referred to as a subschema.
• The internal-level schema provides a low-level view of the database.
Schema Levels:
1. Conceptual
2. External
3. Internal
The Data Dictionary
• What is a data dictionary?– It contains information about the structure of
the database.
• For each data element stored in the database, such as the customer number, there is a corresponding record in the data dictionary describing it.
Basic Requirements of the Relational Data Model
1 Primary keys must be unique.2 Every foreign key must either be null or have a
value corresponding to the value of a primary key in another relation.
3 Each column in a table must describe a characteristic of the object identified by the primary key.
4 Each column in a row must be single-valued.5 The value in every row of a specific column must be
of the same data type.6 Neither column order nor row order is significant.
Basic Subsystems in the AIS
ExpenditureCycle
HumanResources
ProductionCycle
RevenueCycle
FinancingCycle
General Ledger & Reporting System
Revenue CycleBusiness Activities
• What are the four basic revenue cycle business activities?
1 Sales order entry
2 Shipping
3 Billing and accounts receivable
4 Cash collections
• For each major business activity within a sub system, be able to identify:
• Opportunities for Using Information Technology
• Control Objectives, Threats, Exposures and Procedures
• Information Needs and Procedures for sub system
• See following Examples
Requesting goods: Opportunities for Using Information Technology
• online data entry instead of paper documents
• bar-code technology that facilitates the maintenance of accurate perpetual inventory records
• electronic data interchange (EDI)
• procurement cards
• Internet
Requesting goods
– stockouts
– purchasing too many or unnecessary goods
– purchasing goods at inflated prices
– purchasing goods of inferior quality
– purchasing from unauthorized vendors
– kickbacks
– receiving unordered goods
– errors in counting goods– theft of inventory– failure to take available
purchasing discounts– errors in recording and
posting purchases and payments
– loss of data
Threats:
Requesting goods
Exposures:– production delays and lost sales – increased inventory costs – cost overruns– inferior quality of purchased goods– inflated prices– violation of laws or import quotas– payment for items not received– inaccurate inventory records– loss of assets– cash flow problems– overstated expenses– incorrect data for decision making
– inventory control system
– vendor performance analysis
– approved purchase requisitions
– restricted access to blank purchase requisitions
– price list consultation
– budgetary controls
– use of approved vendor lists
– approval of purchase orders
– pre-numbered purchase orders
– prohibition of gifts from vendors
– incentives to count all deliveries
– physical access control– recheck of invoice
accuracy– cancellation of voucher
package
Requesting goods - Control procedures:
Expenditure Cycle Information Needs
• What are examples of additional information the AIS should provide?– efficiency and effectiveness of the purchasing
department
– analyses of vendor performance such as on-time delivery, quality, etc.
– time taken to move goods from the receiving dock into production
– percentage of purchase discounts taken