chapter-4 business information system (bis) · chapter-4 business information system ... it...
TRANSCRIPT
Contact on twitter- @tweetopians
CHAPTER-4 BUSINESS INFORMATION SYSTEM (BIS)
INTRODUCTION-
➢ It is a preferred software engine for the development of IT
➢ It can be defined as system integrating IT, people & business.
IT as a key business enabler-
➢ Information influences the way an org operates
➢ The right information, if it is transported to right person, in the right fashion, & at the right time,
can progress & guarantee organizational effectiveness & competence
Information Systems (IS)-
➢
➢ INFORMATION-
Data is a raw fact, which is analysed to produce useful & meaningful output, called information
➢ SYSTEMS-
In it, data is used as the input for a process that creates information as output. Generic system has
5 components: Input, Process, Output, Feedback & Control.
➢ IS refers to the interaction between people-processes-technology (PPT). People need technology to
process the information in fast & accurate manner.
➢ IS is a combination of people, hardware, software, data & networks that processes data &
information for a specific purpose
➢ Major components of the IS model-
People Resources
Specialists- system analysts, Software developers, system operators End users- anyone else who uses IS
Hardware Resources
Machines- computers, video monitors, printers, optical scanners, magnetic disk drives Media- floppy disks, magnetic tapes, optical disks, plastic cards, paper forms
Software Resources
Programs- OS programs, spreadsheet/ payroll/ word processing programs Procedures- data entry, error correction, pay-check distribution
Data Resources Product descriptions, customer records, employee files, inventory databases
Network Resources
Communication media, communications processors, network access, control software
Information Products
Management reports & business documents using text & graphics displays, auto responses, & paper forms
➢ IS must be able to-
Have large information storage capacity & also provide faster access
Provide support for decision-making
Grant a competitive edge
Ensure fast & accurate processing of data
Offer faster communication & exchange of information
Reduce information redundancy
➢ Backbone of IS-www, internet, or within a business, LAN, along with ERP, SCM, eCRM, E-commerce
DATA
(Raw Facts) ANALYSE INFORMATION
(USEFUL MEANINGFUL)
Contact on twitter- @tweetopians
➢ Role of IS in business
It provides org with skill-full business processes, helping them being more successful & competitive
Type of IS-
➢ Strategic-Level Systems-
Used to track & deal with strategic issues, assists in long-range planning
Principle area is track changes in external envt & match them with internal envt of org
➢ Management-level systems-
used for monitoring, controlling, decision-making, administrative activities
can deal with “what-if” type questions
➢ Knowledge-level systems-
Supports discovery, processing, storage of knowledge & data workers
Controls flow of paper work & enable group working
➢ Operational-level systems-
Supports in tracking elementary activities & includes tracking customer order, invoices, etc
Ensure that business procedures are being followed
➢ Who uses IS?
At strategic level, senior managers – explain corporate level of SM chapter 2
At management level, middle managers- explain business level of SM chapter 2
At knowledge level, knowledge & data workers
▪ Includes knowledge & data workers who are selected, recruited & trained in special
manner comparative to non-knowledge workers
▪ Knowledge residing in their heads is most precious resource for org
At operational level, operational managers- explain functional level of SM chapter 2
Transaction Processing System (TPS)-
➢ Def- a type of IS that collects, stores, modifies & retrieves the day-to-day transactions of an org
➢ Eg- airline reservation system, railway reservation system, banking systems, etc
➢ Transaction Processing Cycle-
Data Entry
▪ It captures business data
▪ The recording /editing of data needs to be quickly & correctly captured for proper
processing
▪ Eg- it can be collected at POS terminals by bar code scanning & credit card readers
Transaction Processing
▪ It processes data in two basic ways: batch processing, real-time processing (online
processing)
▪ Refer audit – EDP audit to define above two
Database Maintenance
▪ Must be updated by its TPS so that they are always correct & updated
▪ It ensures that changes are reflected in data records stored in org’s database
Document & Report Generation
▪ Produces a variety of documents & reports
▪ Eg of documents include purchase orders, sales receipt, invoices, etc
➢ Attributes of TPS- (mnemonic- HEAT)
Contact on twitter- @tweetopians
High Volume Rapid Processing- it is designed to process transactions instantaneously, with
an immediate effect
Equivalence- transactions are processed in the similar format every time to ensure that full
effectiveness is achieved
Access Control- it ensures that unauthorized people are not permissible to influence or
transform the transaction process
Trustworthiness- it is capable of processing transactions rapidly, yet at the same time
conduct several checks to make certain that data integrity is preserved.
➢ TPS Qualifiers- transactions made by system must pass the ACID Test
Atomicity
▪ it means that a transaction is either recorded in full or not at all recorded
▪ it ensures that transactions take place in their entirety
▪ if one account is debited but other is not credited, it doesn’t qualify as transaction
▪ eg- transfer of funds is counted as transaction, if both debit from one & credit to
another account takes place
Consistency
▪ TPS exists within a set of operating rules
▪ If integrity constraint states that all transactions of the database must have positive
value, then, any transaction with negative value would be refused
Isolation
▪ Transactions must appear to take place in seclusion
▪ It must take place simultaneously
▪ Eg- in case of transfer of funds, debit & credit of respective accounts must occur
simultaneously. Funds can’t be credited to an a/c before debiting from another a/c
Durability
▪ Once transactions are completed, they can’t be undone
▪ A log will be created to document all completed transaction, so that even TPS failure
would not affect it
Office Automation Systems (OAS)-
➢ It is the amalgamation of hardware, software & other resources used to smoothen the progress of
communication & increase efficiency
➢ It means using computer & software to digitally generate, collect, store, manipulate, relay office
information needed for accomplishing basic tasks & goals
➢ Activities comprised by OAS-
Exchange of Information
Management of administrative documents
Handling of numerical data
Meeting, planning & management of work schedules
➢ Some examples of Office Automation Applications-
Word Processing- it performs many tasks automatically which are necessary to prepare
typed/printed documents
Electronic Mail- it allows users to send, store & retrieve messages using terminals & storage
devices
Voice Mail- it stores audio messages digitally & convert them back upon retrieval
Contact on twitter- @tweetopians
Video Conferencing- it uses television equipment to link geographically dispersed
conference participants
Knowledge Management System (KMS)-
➢ Information & Knowledge are the key elements of this economy
➢ A firm’s competitive gain depends on its knowledge processing, i.e., what it knows; how it uses &
how fast it can know something new.
➢ KMS refers to any kind of IT system that stores & retrieves knowledge, improves collaboration,
locates knowledge sources, mines repositories for hidden knowledge, or enhances the KM process
➢ Two broad types of knowledge are-
➢ Explicit knowledge is that which can be easily formalized, & hence, easily available across the org..
It is represented as spoken words, written material & compiled data. It is codified, easy to
document, transfer & reproduce.
➢ Tacit knowledge resides in just few person & hasn’t been captured by org or made available to
others. It is represented as intuition, beliefs, values that individuals form based on their experience.
It is personal, experimental, context-specific, difficult to communicate & document
➢ Tacit knowledge provides strategic edge to org
➢ Link between information & knowledge-
Information is an important resource to org, which is necessarily subjective
Knowledge is derived from information & represents information with a potential use
retained for reference in future decision situations.
Same data may be interpreted differently by different people, depending on their existing
knowledge.
Information is piecemeal & fragmented---knowledge is structured & often universal
Information is timely & even short-lived---knowledge is for enduring significance
Information is a flow of messages---knowledge is stock. (information may affect the stock of
knowledge by adding to it, restructuring it, changing it in any way)
Information is acquired by being told---knowledge can be acquired by thinking
Information is “know-what”---knowledge is “know-how”.
➢ Knowledge Discovery and Data Mining (KDD)
It, fundamentally deals with ways & means of capturing & making obtainable knowledge of
the experts to others, in electronic form.
It also assists us establish, contact, and, communicate with experts on various subjects.
Knowledge worker/intellectual worker/brain worker, is a key intellect who is employed
owing to his/her acquaintance of a subject matter, rather than their ability to perform
manual labour
Brain worker, includes, Computer Programmers, systems analysts, lawyers, scientists
➢ Why Knowledge has gained so much momentum in recent times?
Altering business surroundings- Now rapid change means speedy knowledge obsolescence,
so need is there to manage it before it disappears without leaving a trace
Burgeon Connections- Extremely dispersed operations, global expansion, continual change-
none of these would have been possible if it was not possible to deploy knowledge officially
& deliberately. Interactive networks can put knowledgeable people in stroke through
communication & technologies
Globalisation- For innovation & due to existing stiff competition, now companies have
started selling knowledge in addition
Contact on twitter- @tweetopians
Modification in organisational composition- The new organisational arrangement is that of
“Virtual Org”, which is used to integrate far flung operations & knowledge discovery in
databases is required
Management Information Systems (MIS)-
➢ it refers to the data, equipment & computer programs that are used to develop information for
managerial use
➢ It provides accurate, timely, & meaningful data for management planning, analysis & control to
optimize growth of org.
➢ It is primarily dependent upon information
➢ It is being used for superior management & scientific decision-making
➢ It aims at meeting the information needs of managers
➢ It is an integrated application-
serves all departments within an enterprise
evolves out of manufacturing industry, & implies use of packaged software rather than
proprietary software
➢ Eg- airline reservation, bank operations, train reservation, etc
Decision Support System (DSS)-
➢ It is a computer-based information system that supports business or organisational decision-making
activities
➢ It serves the management operations, & planning levels of an org (usually mid & higher level) &
helps to make decisions
➢ It helps to facilitates a manager in making operational decisions, but the ultimate burden of
responsibility lies with the manager.
➢ Two types of planning languages that are commonly used in it are-
General purpose planning languages allows user to perform many routine task. Eg- the
languages in most electronic spreadsheet.
Special purpose planning languages are more limited in what they can do, but they usually
do certain jobs better than the general-purpose planning languages. Eg- SAS
➢ Basic components of DSS are-
Users- The user is usually a manager
One or more databases- Databases contain both routine and non-routine data
Model Base- It is the brain of DSS as it performs data manipulations & computations with
the data provided to it by the user and database
➢ It usually does not make the decision itself, but to a certain extent, present information in a way
that helps in making an informed and well-organised decision
Executive Information Systems (EIS)/ Executive Support Systems (ESS)-
➢ It is not a piece of hardware/software, but an infrastructure that provides up-to-the-minute
operational data, the typical information mix, gathered & sifted (examined) from various databases.
➢ It differs from a DSS, in that, it is targeted at executives & not managers
➢ Features of EIS are-
It is designed for top management
It is easy to use
It presents information in condensed view
Contact on twitter- @tweetopians
It accesses org’s databases and data external to the organisation
SPECIALIZED SYSTEMS-
➢ Enterprise Resource Planning (ERP)-
➢ For org, management & flow of information were just as important as materials & inventory
management
➢ ERP systems integrate internal & external management information across an entire org-may it be
finance/accounting, manufacturing, CRM, etc
➢ Rationale of ERP- to make flow of information easy between all business functions in the interior
boundaries of org & control the connections to exterior stakeholders
➢ It is a complete software solution package for enhancing the performance in large orgs & meeting
their requirements with ease
➢ Eg- SAP.
➢ Customer Relationship Management (CRM)-
➢ Customer is a sovereign and decisive in modern day businesses
➢ Acquiring new clients is far costlier than retaining the old profitable customers
➢ The main objective is to retain loyal customers & this has led to the emergence of CRM
➢ CRM is the parameter of identifying, magnetizing, & preserving the most valuable customers (who
will prolong to pay money even when there exists competitive alternatives) to prolong profitable
growth in a regulated environment
Mechanisms of CRM-
Customer is the source of the company’s profit and future growth
Relationship involves continuous bi-directional communication & managing this relationship
is mutually beneficial
Management- The customer information collected & analysed continuously is transformed
into corporate knowledge that leads to activities that take advantage of the information &
market opportunities
➢ Analytical CRM definition- Use customer understanding to perform effective relationship
management
Benefits-
generates customer loyalty
raises a market intelligence enterprise
integrated relationship
smoothens the progress to capture, consolidate, analysis, & enterprise-wide dissemination
of data from existing and potential customers
➢ Supply Chain Management
➢ Refer SM
Components of SCM-
Procurement/Purchasing- begins with purchase of parts, components, or, services. It must
ensure that right items are delivered in right quantities at right location on right time
scheduled at minimum (right) cost (Right-time, customer, price, place, products)
Operations- Here, the org must transform inputs & produce products/services that meet
the needs of its consumers, in an efficient and effective manner
Distribution- it involves several activities, eg, logistics, warehousing, CRM
Integration- it is critical that all participants in service chain recognise the entirety of the
service chain
Contact on twitter- @tweetopians
➢ Relationship between ERP, CRM, & SCM-
ERP improves & streamline internal business processes
CRM attempts to enhance the relationship with customers
SCM aims to facilitate collaboration between org, suppliers, manufacturers, distributors &
partners
SCM deals with suppliers & CRM deal with customers, so as to retain existing & creating new
customers & providing them value by working efficiently throughout supply chain. SCM &
CRM can do this with the help of ERP to integrate the two so as to help them achieve their
goals
➢ Human Resource Management Systems (HRMS)/ HR Information Systems (HRIS)-
➢ It refers to the systems & processes at the intersection between HRM & IT.
➢ Modules of HRMS-
➢ Workforce Management - to effectively manage labour rules, ensure compliance, control labour
cost & expenses
➢ Time & Attendance Management- gathers standardized time & work related efforts
➢ Payroll Management- it automates manual payroll functions; facilitate calculations of salary &
deductions, etc.; eliminates errors & frees up HR staff for more productive task. Data is generally
fed from the human resources and time keeping modules
➢ Training Management- it tracks training locations, registered attendees, progress of employees
through these programs, examines the results of courses taken, reschedule specific courses,
updates skill profile
➢ Compensation Management- it attracts & retains talented employees to sustain a competitive
position
➢ Recruitment Management- it helps in hiring the right people with the right target skills
➢ Personnel Management- it comprises of HR master-data, personnel administration, recruitment
and salary administration
➢ Organizational Management- it includes organisational structure, staffing schedules & job
description
➢ Employee Self Service (ESS)- it allows employees to query HR related data, perform some HR
transactions over the system. Employees may query their attendance record from the system
without asking the information from HR personnel.
➢ Analytics- it extracts HR related data for use with other business intelligence platforms to better
predict the impact of employee turnover on future output
➢ Core Banking Systems (CBS)-
➢ Most banks use core banking applications to sustain their operations where CORE stands for
“Centralised Online Real-time Environment”
➢ It may be defined as the set of basic software components that manage the services provided by a
bank to its customers through its branches
➢ The absolute bank's branches access application from centralised data centres
➢ These systems are running 24X7, to support Internet banking, Global operations, and real-time
transactions via ATM, Internet, phone and debit card
➢ Computer Software is developed to perform core banking operations like, recording of transactions,
passbook maintenance, & interest calculations on loans & deposits, customer records, balance of
payments & withdrawal
➢ Egs of Core Banking Products-
Infosys’ Finacle-
Contact on twitter- @tweetopians
It is a comprehensive business solution addressing all the core needs of banks.
Banks can provide customers with relevant information & right offerings, presented at the
right time, through the right channel
Its key modules are-
Enterprise Customer Information enables banks to create & maintain single source of
customer information files, across multiple host systems
Consumer Banking supports offering, (eg, savings & checking accounts, provision for
personal & auto-finance) & adds other services, if needed (eg- multi-currency accounts, top-
up deposits, master term deposits, top-up loans, revolving loans and securitization)
Corporate Banking includes commercial lending essential, eg, multi-currency disbursements
& repayment, corporate deposits, commercial lending, & corporate payments, etc.
Trade Finance presents an end-to-end solution for the trade finance needs of a bank &
supports multi-currency processing of trade products, eg, documentary credit, forward
contract, letter of guarantee, etc,
Origination simplifies & strengthens the complete credit life-cycle
Dashboards provides user experience by enabling availability of frequently used functions
on a single console
Nucleus FinnOne
It comes with a wide variety of integrated applications that cover different aspects of global
web banking
These applications include a loan origination system that automates & manages processing
of many types of loans, a credit card application system with strong credit and fraud
detection tools, & multilingual web-based collection service
Oracle’s FLEXCUBE-
Banks using Oracle FLEXCUBE can take advantage of the high-fidelity reports provided by
the system for better management & operational controls
It provides the ability to create or modify products rapidly, helping banks respond quickly to
market needs
It empowers universal banks with-
▪ superior web experience to self-service and assisted channels
▪ Improved bank staff productivity with intuitive, role-based dashboards
▪ Improved risk management & reporting
➢ Accounting Information System (AIS)-
➢ It is defined as a system of collection storage and processing of financial and accounting data that is
used by decision makers
➢ accountants and auditors need to be actively involved in evaluating which software to purchase
how to design the software system and implementation of the same
➢ collect and evaluate evidence to provide an opinion on the completeness and accuracy of
accounting information which is processed to produce the financial reports
➢ Its functions-
Collect & Store data-
▪ collect & store data about org’s business activities and transactions by capturing
transaction data from source documents and posting data from journal to ledgers.
▪ Control over Data Collection is improved by pre-numbering source document.
Record transaction
▪ Record transactions data into journals
Contact on twitter- @tweetopians
▪ define journal
Safeguard assets of org
▪ provide adequate control to ensure that data are recorded and processed accurately
buy safeguarding organisational assets data and Systems
▪ it can be achieved by two important methods by providing adequate documentation
of all business activities and an effective segregation of duties.
➢ Its Key Components are-
People- AIS helps various system users, eg, accountants, consultants, business analysts,
managers, chief financial officers, & auditors, etc.
Procedures- It includes manual & automated methods for collecting, storing, retrieving, &
processing data
Data- It means information pertinent to org’s business, & includes, sales orders, customer
billing statements, sales analysis report, purchase requisitions, vendor invoices, general
ledger, payroll information, tax Information, etc
Software- It means computer programs that provide quality, reliability & security to the
company's financial data that may be stored, retrieved, processed & analysed
IT Infrastructure includes hardware, such as, personal computers, servers, printers, storage
media
Internal Controls (same as EDP Audit)
➢ AIS offers value and is very important part of value chain which means making it faster, more
reliable, providing better services, providing something in limited supply, providing enhanced
features or customizing it
➢ It impacts many areas, like, budgeting and planning, expenses management, revenue management,
cash and treasury management, payroll, sales, purchases, taxation, etc.
➢ Overview of AIS-
It is a system that brings together, records, stores, & processes data to fabricate information
from decision makers
it can use extremely developed technology, be a trouble-free paper-&-pencil system, or be
something in amid
It mandates to accumulate additionally stored data about events, resources, & agents
It makes available sufficient controls to make certain that the entity’s resources are
obtainable when needed, as well as, truthful and dependable
Transforms the data into information with the intention that management can exercise to
make verdict about events, resources & agents.
Artificial Intelligence (AI)-
➢ It is the vicinity of computer science focusing on creating machines that can fit into place on
behaviours that humans regard as intelligent
➢ A significant driver for any application of artificial intelligence is fresh & innovative code
➢ We need to break out of the “customized program for a specific application” mindset & begin
finding new ways to recycle code for new applications
➢ It is a research field that studies how to comprehend intelligent human behaviours on computer
➢ Its decisive objective is to make a computer that can discover, sketch, crack problems in parallel
➢ It can be applied on various purposes, like, expert systems, pattern recognition, natural language
processing, etc.
➢ Commercial applications (uses) of AI are-
Contact on twitter- @tweetopians
Decision-support
Intelligent human-computer interface systems that can understand spoken language &
gestures & facilitate problem solving by supporting organisation wide collaboration to solve
particular problems
situation assessment & resource allocation software for uses that range from airlines and
airport to logistics centres
Information Retrieval
AI-based Intranet & Internet systems provides good amount of information in simple
presentation
Database mining for marketing trend analysis, financial forecasting, & maintenance cost
reduction and more
Virtual Reality
Automated animation interfaces that allow users to interact with virtual objects via touch
Robotics
Machine-vision inspection systems for gauging, guiding, identifying, and inspecting products
and providing competitive advantage manufacturing
Expert Systems-
➢ It is a computerized information system that allows non-experts to make decisions comparable to
those of an expert
➢ These are used for complex/ill-structured tasks that require experience & specialized knowledge in
narrow, specific subject areas
➢ It has leveraged its strengths to plan & execute a miscellaneous variety of projects for defense,
government, finance, telecom, engineering sectors, consulting services, etc.
➢ It takes into consideration knowledge, facts & user interface with the help of knowledge engineer
to accomplish the task
➢ Its key components are-
Knowledge Base
The knowledge base of expert system encloses both realistic and heuristic knowledge
It includes the data, knowledge, relationships, rules of thumb, & decision trees used by
experts to solve a particular for problem
It is the computer equivalent of all the knowledge & insight that an expert or group of
experts develop through years of experience in their field
Realistic Knowledge is that knowledge of the job domain that is extensively shared,
characteristically found in textbooks & frequently agreed upon by experts
Heuristic Knowledge is the fewer rigorous, extra empirical, supplementary judgemental
knowledge of performance. It is not often discussed & is principally individualistic
Inference Engine
It contains the logic & reasoning mechanisms that simulate the expert logic process &
deliver advice
It uses data obtained from both the knowledge base & the user to make associations &
inferences, form its conclusions, & recommend a course of action
User Interface
It allows the user to design, create, update, use and communicate with the expert system
Explanation Facility
It provides the user with an explanation of the logic the ES used to arrive at its conclusion
Contact on twitter- @tweetopians
Database of Facts
It holds user’s input about current problem by entering as much as they know about the
problem or inference engine may prompt for details or ask whether certain conditions exist
A database of facts is built up which the inference engine will use to come to a decision
The quality & quantity of data gained from the user will influence reliability of the decision
➢ Types of ES problem domains-
These are designed to deal with imprecise data/problems that have more than one solution
Using a technique called fuzzy logic, it can deal with imprecise data by asking for a level of
confidence.
A neural network uses computer circuitry to simulate the way in which a brain might process
information
➢ Types of ES-
In example-based system, developers enter case facts & results, which is converted to a
decision tree that is used to match the case at hand with those previously entered in the
knowledge based
In rule-based systems, data & decision rules are stored as “if-then rules”. The system asks
the user questions & applied if-then rules to the answers to draw conclusions & make
recommendations
In frame-based systems, all information about a topic is organized into logical units called
frames, which are similar to linked records in data files. Then, rules are established about
how to assemble or inter-relate the frames to meet the user's needs
Business Intelligence-
➢ Definition-
BI is the delivery of accurate, useful information to the appropriate decision-makers within
the necessary time frame to support effective decision making for business process.
It comprises information that contains patterns, relationships, & trends about customers,
suppliers, business partners, &, employees
It can handle large amounts of information to help identify & develop new opportunities
➢ Advantage-
To increase the amount of knowledge, orgs. can apply in real time and reduce the cost of
managing their business processes
It provides competitive market advantage & long term stability
➢ Business Intelligence Tools-
These tools are a type of software that is designed to retrieve, analyse, and report data
Key business Intelligence tools are-
Simple Reporting & Querying
It involves using the data warehouse to get response to the query- “tell me what happened”
Aim of BI is to turn operational data into meaningful knowledge, which requires BI to be
connected with enterprise data & all necessary data is available in one place in one common
format
Data warehousing (DW) provides a perfect architecture to combine all the data dispersed
There are reporting tools used to arrange information into a readable format & distribute it
to the people who they need it
Business Analysis-
It involves using the data to get response to the query- “tell me what happened & why”
Contact on twitter- @tweetopians
It refers to presenting visualising data in a multidimensional manner
ELT (Extract, Transform, Load) tools bring in data from outside sources, transform it to meet
business specified operational needs & then load the results into the company database
Dashboards-
It involves using the information gathered from the data warehouse & making it available to
users as snapshots of many different things with the aim of getting response to the query-
“tell me a lot of things, but without too much effort”
It is a flexible tool, that can be bent into as many different shapes as per user requirements
It includes the collection of graphs, reports & KPIs
Scorecards-
It involves providing a visual representation of the enterprise strategy by taking critical
metrics & mapping them to strategic goals throughout the enterprise
It offers rich, visual gauge to display the performance of specific initiatives, business units,
or enterprise as a whole & individual goals in the context of larger enterprise strategy
Data Mining or Statistical Analysis-
It involves using statistical, AI, & related techniques to mine through large volumes of data
& providing knowledge without users even having to ask specific questions
It involves data analysis to discover useful patterns hidden in large volume of diverse data
Eg- market segmentation- identify common features of customers buying same product
Tool used- Online Analytical Processing (OLAP) is a multi-dimensional analytical tool typically
used in data mining, that gathers & process vast amount of information into useful packets
➢ Business Reporting through MIS & IT-
Business reports are a type task which facilitates in scrutinizing a situation & pertain to
business theories to fabricate a variety of suggestions for development
It provides a platform for users to get immediate access to business information by using
simple analysis
These are routinely assigned to facilitate us to-
▪ accomplish conclusions about a trouble
▪ demonstrate short and excellent communication skills
▪ exhibit our analytical, reasoning, & evaluation skills in identifying & weighing up
potential solutions and outcomes
While analysing the business reports, classically, there is no thumb rule to reach conclusion
but numerous solutions, each associated with their own costs & benefits to an org.
Benefits for micro-businesses & small to medium enterprises-
It is paperless lodgement, eliminating hassle of paperwork and associated costs
It electronically stores the reports securely in the accounting system
Forms pre-filled with information existing in accounting system, as well as, information held
by the government, saves valuable time
Ease of sharing between clients, accountant, tax agent, or bookkeeper for checking
Secure AUSkey authentication, which is a common authentication solution for business-to-
government online services
Same time validation gives faster response that any lodgement
Benefits for large business-
Single reporting language to report to government- eXtensible Business Reporting Language
(XBRL) is an international standards-based business reporting language developed by
accountants for financial reporting
Contact on twitter- @tweetopians
It reduces cost by reduction in the cost of assembling, analysing, and providing data to
government
It streamlines the process of aggregating data by exploiting opportunities that exists across
different internal departments, or business units of a company
Secure AUSkey authentication lodges online security to a range of government agencies
Same-time validation gives rapid response that any lodgement has been received
Importance of Access and Privilege Controls-
➢ In order to safeguard software systems, procedures are developed & implemented for protecting
them from unauthorised modification, disclosure or destruction to ensure that information remains
accurate, confidential, & is available when required
➢ Access controls possess four general functions, which work together to grant access to resources &
constrains what a subject can do.
➢ These four general functions are-
Identify Management consists of one or more processes to verify the identity of a subject
attempting to access an object. It, however, does not provide 100% assurance of the
subject’s identity, but provides a level of probability of assurance, which depends on the
identification processes in place and their general trustworthiness
Authentication is inseparable from identity management. Where Identity management
includes designing & managing a subject’s identity, Authentication is the process of verifying
a subject’s identity at the point of object access
Authorization- Once a resource or network verifies a subject’s identity, the process of
determining what objects that subjects can access begins. It identifies what systems,
network resources, etc. a subject can access
Accountability- The object or some external resource logs all activity between subject &
object, stored for audits & sent to a log management solution, etc. They provides insight
into how will access control processes working, whether or not subjects abuse their access
➢ Approaches to Access Control-
➢ Two major approaches to establish access controls are-
Role-based Access Control (RBAC) largely eliminates discretion when providing access to
objects. Instead, administrators/automated systems place subjects into roles. Subjects
receive only rights & permissions assigned to those roles. When an employee changes jobs,
all the previous access is removed and the rights & permissions of the new role are assigned
Rules-based Access Controls (RAC) also takes into account the data affected, the identity
attempting to perform a task, & other triggers governed by business rules.
Eg of RAC- A manager has ability to approve his employees’ hours worked, however, when
he attempts to approve his own hours, a rule built into application compares employee
record & the user, sees they are same, & temporarily removes approval privilege. This is
dynamic & occurs at the time a transaction is attempted. This also sometimes called
dynamic RBAC
➢ Principle of Least Privilege
It is a fundamental principle of information security, which refers to give only those
privileges to user account, which are essential to that user’s work
Least User Access/Least-privileged User Account (LUA) refers that all user accounts at all
times should run with as few privileges as possible & also launch applications with as few
privileges as possible.
Contact on twitter- @tweetopians
Software bugs may be exposed when applications do not work correctly
It is recognised as an important design consideration in enhancing the protection of data &
functionality from any kind of compromises towards security
Payment Mechanisms-
➢ In addition to conventional mode of payment (cash & cheques), past few years have seen the
speedy creation of plastic payment mechanism- credit cards, charge cards & debit cards
➢ in addition, consumers are also identifiable with payment mechanisms like, traveller’s cheques,
credit cheques & money orders
➢ payment gateway is fundamentally a service used to process credit card transactions when orders
are accepted online from clients
➢ in a way, it represents a physical POS (point-of-sales) terminal, which is set in every retail outlet
these days.
➢ Payment gateways use a special code for acquiring sensitive information like credit card numbers,
so that information passes securely
➢ Major types of electronic payments-
➢ Credit Cards-
➢ In credit card transaction, consumer presents preliminary proof of his ability to pay by presenting
his card number to merchant
➢ The merchant can verify this with bank & create a purchase slip for the consumer to endorse
➢ Merchant will, then, uses this purchase slip to collect funds from the bank, &,
➢ In next billing cycle, consumer receives a statement from bank with the record of a transaction
➢ How a credit card is processed? (explanation of above points)
Step 1- Authorization
After a merchant swipes the card, the data is submitted to merchant’s bank, called acquirer,
to request authorisation for sale.
The acquirer then routes the request to the card-issuing bank, where it is authorised/denied
And the merchant is allowed to process the sale
Step 2- Batching
At the end of the day, merchant reviews all the day’s sales to ensure they were authorised
and signed by the card holder
It then transmits all the sales at once, called a batch, to the acquirer to receive payment
Step 3- Clearing
After the acquirer receives the batch, it sends it through the card network, where each sale
is routed to the appropriate issuing bank
The issuing bank then subtracts its interchange fees, which are shared with the card
network, & transfers the remaining amount through the network back to the acquirer
Step 4- Funding
After receiving payment from the issuer, minus interchange fees, the acquirer subtracts its
discount fee & sends the remainder to the merchant
The merchant is now paid for the transaction and the card holder is billed
➢ Using a credit card to purchase over Internet follows same scenario, but on the Internet, added
steps must be taken to provide for secure transactions & authentication of both buyer & seller
➢ Visa and MasterCard, teamed up to develop a common standard to process credit card
transactions on the Internet, called the Secure Electronic Transaction (SET) standard
➢ Electronic Cheques-
Contact on twitter- @tweetopians
➢ 2 systems developed to let consumers to use electronic cheques to pay web merchants directly-
Financial Services Technology Corporation (FSTC)-
It is a association of banks & clearing houses that has designed an electronic cheque
Modelled on the traditional paper cheque, this new cheque is initiated electronically & uses
a digital signature for signing & endorsing
User can use a single mechanism, the electronic cheque, to complete payments that vary
according to payee’s requirements
CyberCash-
It functions as a message to the sender’s bank to transfer funds
the message is given initially to the receiver who, in turn, endorses the cheque & presents it
to the bank to obtain funds
Merit- As sender, we can protect ourselves against fraud by encoding our account number
with the bank’s public key, thereby not revealing our account number to merchant
As with SET protocol, digital certificates can be used to authenticate the payer, the payer’s
bank, & the bank account
➢ Smart Cards-
➢ These have an embedded microchip instead of magnetic strip.
➢ The chip contains all the information a magnetic strip contains but offers the possibility of
manipulating the data & executing applications on the card
➢ Three Types of smart cards are-
Contact cards are smart cards that need to insert into a reader in order to work (Eg- ATMs)
Contactless cards don't need to be inserted into a reader, but just waving them near a
reader is just sufficient for the card to exchange data (Eg- Cards used to open door)
Combi/Hybrid cards contain both technologies & allow a wider range of applications
➢ Electronic Purses-
➢ It is another way to make payments over the net
➢ it is very similar to a prepaid card
➢ It can be used as an ATM card as well as a credit card
➢ While making purchases, customers pass their cards to a vendor’s point of sale terminal. No credit
check/signature is needed. Validation is done through a PIN Number
➢ Once transaction is complete, funds are deducted from card & transferred to vendor’s terminal
➢ Merchants can transfer value of accumulated transactions to their bank accounts by telephone as
frequently as they choose
➢ When value on a card is spent, consumers can load additional funds from their accounts to card