chapter-4 business information system (bis) · chapter-4 business information system ... it...

Contact on twitter- @tweetopians

CHAPTER-4 BUSINESS INFORMATION SYSTEM (BIS)

INTRODUCTION-

➢ It is a preferred software engine for the development of IT

➢ It can be defined as system integrating IT, people & business.

IT as a key business enabler-

➢ Information influences the way an org operates

➢ The right information, if it is transported to right person, in the right fashion, & at the right time,

can progress & guarantee organizational effectiveness & competence

Information Systems (IS)-

➢

➢ INFORMATION-

Data is a raw fact, which is analysed to produce useful & meaningful output, called information

➢ SYSTEMS-

In it, data is used as the input for a process that creates information as output. Generic system has

5 components: Input, Process, Output, Feedback & Control.

➢ IS refers to the interaction between people-processes-technology (PPT). People need technology to

process the information in fast & accurate manner.

➢ IS is a combination of people, hardware, software, data & networks that processes data &

information for a specific purpose

➢ Major components of the IS model-

People Resources

Specialists- system analysts, Software developers, system operators End users- anyone else who uses IS

Hardware Resources

Machines- computers, video monitors, printers, optical scanners, magnetic disk drives Media- floppy disks, magnetic tapes, optical disks, plastic cards, paper forms

Software Resources

Programs- OS programs, spreadsheet/ payroll/ word processing programs Procedures- data entry, error correction, pay-check distribution

Data Resources Product descriptions, customer records, employee files, inventory databases

Network Resources

Communication media, communications processors, network access, control software

Information Products

Management reports & business documents using text & graphics displays, auto responses, & paper forms

➢ IS must be able to-

Have large information storage capacity & also provide faster access

Provide support for decision-making

Grant a competitive edge

Ensure fast & accurate processing of data

Offer faster communication & exchange of information

Reduce information redundancy

➢ Backbone of IS-www, internet, or within a business, LAN, along with ERP, SCM, eCRM, E-commerce

DATA

(Raw Facts) ANALYSE INFORMATION

(USEFUL MEANINGFUL)


➢ Role of IS in business

It provides org with skill-full business processes, helping them being more successful & competitive

Type of IS-

➢ Strategic-Level Systems-

Used to track & deal with strategic issues, assists in long-range planning

Principle area is track changes in external envt & match them with internal envt of org

➢ Management-level systems-

used for monitoring, controlling, decision-making, administrative activities

can deal with “what-if” type questions

➢ Knowledge-level systems-

Supports discovery, processing, storage of knowledge & data workers

Controls flow of paper work & enable group working

➢ Operational-level systems-

Supports in tracking elementary activities & includes tracking customer order, invoices, etc

Ensure that business procedures are being followed

➢ Who uses IS?

At strategic level, senior managers – explain corporate level of SM chapter 2

At management level, middle managers- explain business level of SM chapter 2

At knowledge level, knowledge & data workers

▪ Includes knowledge & data workers who are selected, recruited & trained in special

manner comparative to non-knowledge workers

▪ Knowledge residing in their heads is most precious resource for org

At operational level, operational managers- explain functional level of SM chapter 2

Transaction Processing System (TPS)-

➢ Def- a type of IS that collects, stores, modifies & retrieves the day-to-day transactions of an org

➢ Eg- airline reservation system, railway reservation system, banking systems, etc

➢ Transaction Processing Cycle-

Data Entry

▪ It captures business data

▪ The recording /editing of data needs to be quickly & correctly captured for proper

processing

▪ Eg- it can be collected at POS terminals by bar code scanning & credit card readers

Transaction Processing

▪ It processes data in two basic ways: batch processing, real-time processing (online

processing)

▪ Refer audit – EDP audit to define above two

Database Maintenance

▪ Must be updated by its TPS so that they are always correct & updated

▪ It ensures that changes are reflected in data records stored in org’s database

Document & Report Generation

▪ Produces a variety of documents & reports

▪ Eg of documents include purchase orders, sales receipt, invoices, etc

➢ Attributes of TPS- (mnemonic- HEAT)


High Volume Rapid Processing- it is designed to process transactions instantaneously, with

an immediate effect

Equivalence- transactions are processed in the similar format every time to ensure that full

effectiveness is achieved

Access Control- it ensures that unauthorized people are not permissible to influence or

transform the transaction process

Trustworthiness- it is capable of processing transactions rapidly, yet at the same time

conduct several checks to make certain that data integrity is preserved.

➢ TPS Qualifiers- transactions made by system must pass the ACID Test

Atomicity

▪ it means that a transaction is either recorded in full or not at all recorded

▪ it ensures that transactions take place in their entirety

▪ if one account is debited but other is not credited, it doesn’t qualify as transaction

▪ eg- transfer of funds is counted as transaction, if both debit from one & credit to

another account takes place

Consistency

▪ TPS exists within a set of operating rules

▪ If integrity constraint states that all transactions of the database must have positive

value, then, any transaction with negative value would be refused

Isolation

▪ Transactions must appear to take place in seclusion

▪ It must take place simultaneously

▪ Eg- in case of transfer of funds, debit & credit of respective accounts must occur

simultaneously. Funds can’t be credited to an a/c before debiting from another a/c

Durability

▪ Once transactions are completed, they can’t be undone

▪ A log will be created to document all completed transaction, so that even TPS failure

would not affect it

Office Automation Systems (OAS)-

➢ It is the amalgamation of hardware, software & other resources used to smoothen the progress of

communication & increase efficiency

➢ It means using computer & software to digitally generate, collect, store, manipulate, relay office

information needed for accomplishing basic tasks & goals

➢ Activities comprised by OAS-

Exchange of Information

Management of administrative documents

Handling of numerical data

Meeting, planning & management of work schedules

➢ Some examples of Office Automation Applications-

Word Processing- it performs many tasks automatically which are necessary to prepare

typed/printed documents

Electronic Mail- it allows users to send, store & retrieve messages using terminals & storage

devices

Voice Mail- it stores audio messages digitally & convert them back upon retrieval


Video Conferencing- it uses television equipment to link geographically dispersed

conference participants

Knowledge Management System (KMS)-

➢ Information & Knowledge are the key elements of this economy

➢ A firm’s competitive gain depends on its knowledge processing, i.e., what it knows; how it uses &

how fast it can know something new.

➢ KMS refers to any kind of IT system that stores & retrieves knowledge, improves collaboration,

locates knowledge sources, mines repositories for hidden knowledge, or enhances the KM process

➢ Two broad types of knowledge are-

➢ Explicit knowledge is that which can be easily formalized, & hence, easily available across the org..

It is represented as spoken words, written material & compiled data. It is codified, easy to

document, transfer & reproduce.

➢ Tacit knowledge resides in just few person & hasn’t been captured by org or made available to

others. It is represented as intuition, beliefs, values that individuals form based on their experience.

It is personal, experimental, context-specific, difficult to communicate & document

➢ Tacit knowledge provides strategic edge to org

➢ Link between information & knowledge-

Information is an important resource to org, which is necessarily subjective

Knowledge is derived from information & represents information with a potential use

retained for reference in future decision situations.

Same data may be interpreted differently by different people, depending on their existing

knowledge.

Information is piecemeal & fragmented---knowledge is structured & often universal

Information is timely & even short-lived---knowledge is for enduring significance

Information is a flow of messages---knowledge is stock. (information may affect the stock of

knowledge by adding to it, restructuring it, changing it in any way)

Information is acquired by being told---knowledge can be acquired by thinking

Information is “know-what”---knowledge is “know-how”.

➢ Knowledge Discovery and Data Mining (KDD)

It, fundamentally deals with ways & means of capturing & making obtainable knowledge of

the experts to others, in electronic form.

It also assists us establish, contact, and, communicate with experts on various subjects.

Knowledge worker/intellectual worker/brain worker, is a key intellect who is employed

owing to his/her acquaintance of a subject matter, rather than their ability to perform

manual labour

Brain worker, includes, Computer Programmers, systems analysts, lawyers, scientists

➢ Why Knowledge has gained so much momentum in recent times?

Altering business surroundings- Now rapid change means speedy knowledge obsolescence,

so need is there to manage it before it disappears without leaving a trace

Burgeon Connections- Extremely dispersed operations, global expansion, continual change-

none of these would have been possible if it was not possible to deploy knowledge officially

& deliberately. Interactive networks can put knowledgeable people in stroke through

communication & technologies

Globalisation- For innovation & due to existing stiff competition, now companies have

started selling knowledge in addition


Modification in organisational composition- The new organisational arrangement is that of

“Virtual Org”, which is used to integrate far flung operations & knowledge discovery in

databases is required

Management Information Systems (MIS)-

➢ it refers to the data, equipment & computer programs that are used to develop information for

managerial use

➢ It provides accurate, timely, & meaningful data for management planning, analysis & control to

optimize growth of org.

➢ It is primarily dependent upon information

➢ It is being used for superior management & scientific decision-making

➢ It aims at meeting the information needs of managers

➢ It is an integrated application-

serves all departments within an enterprise

evolves out of manufacturing industry, & implies use of packaged software rather than

proprietary software

➢ Eg- airline reservation, bank operations, train reservation, etc

Decision Support System (DSS)-

➢ It is a computer-based information system that supports business or organisational decision-making

activities

➢ It serves the management operations, & planning levels of an org (usually mid & higher level) &

helps to make decisions

➢ It helps to facilitates a manager in making operational decisions, but the ultimate burden of

responsibility lies with the manager.

➢ Two types of planning languages that are commonly used in it are-

General purpose planning languages allows user to perform many routine task. Eg- the

languages in most electronic spreadsheet.

Special purpose planning languages are more limited in what they can do, but they usually

do certain jobs better than the general-purpose planning languages. Eg- SAS

➢ Basic components of DSS are-

Users- The user is usually a manager

One or more databases- Databases contain both routine and non-routine data

Model Base- It is the brain of DSS as it performs data manipulations & computations with

the data provided to it by the user and database

➢ It usually does not make the decision itself, but to a certain extent, present information in a way

that helps in making an informed and well-organised decision

Executive Information Systems (EIS)/ Executive Support Systems (ESS)-

➢ It is not a piece of hardware/software, but an infrastructure that provides up-to-the-minute

operational data, the typical information mix, gathered & sifted (examined) from various databases.

➢ It differs from a DSS, in that, it is targeted at executives & not managers

➢ Features of EIS are-

It is designed for top management

It is easy to use

It presents information in condensed view


It accesses org’s databases and data external to the organisation

SPECIALIZED SYSTEMS-

➢ Enterprise Resource Planning (ERP)-

➢ For org, management & flow of information were just as important as materials & inventory

management

➢ ERP systems integrate internal & external management information across an entire org-may it be

finance/accounting, manufacturing, CRM, etc

➢ Rationale of ERP- to make flow of information easy between all business functions in the interior

boundaries of org & control the connections to exterior stakeholders

➢ It is a complete software solution package for enhancing the performance in large orgs & meeting

their requirements with ease

➢ Eg- SAP.

➢ Customer Relationship Management (CRM)-

➢ Customer is a sovereign and decisive in modern day businesses

➢ Acquiring new clients is far costlier than retaining the old profitable customers

➢ The main objective is to retain loyal customers & this has led to the emergence of CRM

➢ CRM is the parameter of identifying, magnetizing, & preserving the most valuable customers (who

will prolong to pay money even when there exists competitive alternatives) to prolong profitable

growth in a regulated environment

Mechanisms of CRM-

Customer is the source of the company’s profit and future growth

Relationship involves continuous bi-directional communication & managing this relationship

is mutually beneficial

Management- The customer information collected & analysed continuously is transformed

into corporate knowledge that leads to activities that take advantage of the information &

market opportunities

➢ Analytical CRM definition- Use customer understanding to perform effective relationship

management

Benefits-

generates customer loyalty

raises a market intelligence enterprise

integrated relationship

smoothens the progress to capture, consolidate, analysis, & enterprise-wide dissemination

of data from existing and potential customers

➢ Supply Chain Management

➢ Refer SM

Components of SCM-

Procurement/Purchasing- begins with purchase of parts, components, or, services. It must

ensure that right items are delivered in right quantities at right location on right time

scheduled at minimum (right) cost (Right-time, customer, price, place, products)

Operations- Here, the org must transform inputs & produce products/services that meet

the needs of its consumers, in an efficient and effective manner

Distribution- it involves several activities, eg, logistics, warehousing, CRM

Integration- it is critical that all participants in service chain recognise the entirety of the

service chain


➢ Relationship between ERP, CRM, & SCM-

ERP improves & streamline internal business processes

CRM attempts to enhance the relationship with customers

SCM aims to facilitate collaboration between org, suppliers, manufacturers, distributors &

partners

SCM deals with suppliers & CRM deal with customers, so as to retain existing & creating new

customers & providing them value by working efficiently throughout supply chain. SCM &

CRM can do this with the help of ERP to integrate the two so as to help them achieve their

goals

➢ Human Resource Management Systems (HRMS)/ HR Information Systems (HRIS)-

➢ It refers to the systems & processes at the intersection between HRM & IT.

➢ Modules of HRMS-

➢ Workforce Management - to effectively manage labour rules, ensure compliance, control labour

cost & expenses

➢ Time & Attendance Management- gathers standardized time & work related efforts

➢ Payroll Management- it automates manual payroll functions; facilitate calculations of salary &

deductions, etc.; eliminates errors & frees up HR staff for more productive task. Data is generally

fed from the human resources and time keeping modules

➢ Training Management- it tracks training locations, registered attendees, progress of employees

through these programs, examines the results of courses taken, reschedule specific courses,

updates skill profile

➢ Compensation Management- it attracts & retains talented employees to sustain a competitive

position

➢ Recruitment Management- it helps in hiring the right people with the right target skills

➢ Personnel Management- it comprises of HR master-data, personnel administration, recruitment

and salary administration

➢ Organizational Management- it includes organisational structure, staffing schedules & job

description

➢ Employee Self Service (ESS)- it allows employees to query HR related data, perform some HR

transactions over the system. Employees may query their attendance record from the system

without asking the information from HR personnel.

➢ Analytics- it extracts HR related data for use with other business intelligence platforms to better

predict the impact of employee turnover on future output

➢ Core Banking Systems (CBS)-

➢ Most banks use core banking applications to sustain their operations where CORE stands for

“Centralised Online Real-time Environment”

➢ It may be defined as the set of basic software components that manage the services provided by a

bank to its customers through its branches

➢ The absolute bank's branches access application from centralised data centres

➢ These systems are running 24X7, to support Internet banking, Global operations, and real-time

transactions via ATM, Internet, phone and debit card

➢ Computer Software is developed to perform core banking operations like, recording of transactions,

passbook maintenance, & interest calculations on loans & deposits, customer records, balance of

payments & withdrawal

➢ Egs of Core Banking Products-

Infosys’ Finacle-


It is a comprehensive business solution addressing all the core needs of banks.

Banks can provide customers with relevant information & right offerings, presented at the

right time, through the right channel

Its key modules are-

Enterprise Customer Information enables banks to create & maintain single source of

customer information files, across multiple host systems

Consumer Banking supports offering, (eg, savings & checking accounts, provision for

personal & auto-finance) & adds other services, if needed (eg- multi-currency accounts, top-

up deposits, master term deposits, top-up loans, revolving loans and securitization)

Corporate Banking includes commercial lending essential, eg, multi-currency disbursements

& repayment, corporate deposits, commercial lending, & corporate payments, etc.

Trade Finance presents an end-to-end solution for the trade finance needs of a bank &

supports multi-currency processing of trade products, eg, documentary credit, forward

contract, letter of guarantee, etc,

Origination simplifies & strengthens the complete credit life-cycle

Dashboards provides user experience by enabling availability of frequently used functions

on a single console

Nucleus FinnOne

It comes with a wide variety of integrated applications that cover different aspects of global

web banking

These applications include a loan origination system that automates & manages processing

of many types of loans, a credit card application system with strong credit and fraud

detection tools, & multilingual web-based collection service

Oracle’s FLEXCUBE-

Banks using Oracle FLEXCUBE can take advantage of the high-fidelity reports provided by

the system for better management & operational controls

It provides the ability to create or modify products rapidly, helping banks respond quickly to

market needs

It empowers universal banks with-

▪ superior web experience to self-service and assisted channels

▪ Improved bank staff productivity with intuitive, role-based dashboards

▪ Improved risk management & reporting

➢ Accounting Information System (AIS)-

➢ It is defined as a system of collection storage and processing of financial and accounting data that is

used by decision makers

➢ accountants and auditors need to be actively involved in evaluating which software to purchase

how to design the software system and implementation of the same

➢ collect and evaluate evidence to provide an opinion on the completeness and accuracy of

accounting information which is processed to produce the financial reports

➢ Its functions-

Collect & Store data-

▪ collect & store data about org’s business activities and transactions by capturing

transaction data from source documents and posting data from journal to ledgers.

▪ Control over Data Collection is improved by pre-numbering source document.

Record transaction

▪ Record transactions data into journals


▪ define journal

Safeguard assets of org

▪ provide adequate control to ensure that data are recorded and processed accurately

buy safeguarding organisational assets data and Systems

▪ it can be achieved by two important methods by providing adequate documentation

of all business activities and an effective segregation of duties.

➢ Its Key Components are-

People- AIS helps various system users, eg, accountants, consultants, business analysts,

managers, chief financial officers, & auditors, etc.

Procedures- It includes manual & automated methods for collecting, storing, retrieving, &

processing data

Data- It means information pertinent to org’s business, & includes, sales orders, customer

billing statements, sales analysis report, purchase requisitions, vendor invoices, general

ledger, payroll information, tax Information, etc

Software- It means computer programs that provide quality, reliability & security to the

company's financial data that may be stored, retrieved, processed & analysed

IT Infrastructure includes hardware, such as, personal computers, servers, printers, storage

media

Internal Controls (same as EDP Audit)

➢ AIS offers value and is very important part of value chain which means making it faster, more

reliable, providing better services, providing something in limited supply, providing enhanced

features or customizing it

➢ It impacts many areas, like, budgeting and planning, expenses management, revenue management,

cash and treasury management, payroll, sales, purchases, taxation, etc.

➢ Overview of AIS-

It is a system that brings together, records, stores, & processes data to fabricate information

from decision makers

it can use extremely developed technology, be a trouble-free paper-&-pencil system, or be

something in amid

It mandates to accumulate additionally stored data about events, resources, & agents

It makes available sufficient controls to make certain that the entity’s resources are

obtainable when needed, as well as, truthful and dependable

Transforms the data into information with the intention that management can exercise to

make verdict about events, resources & agents.

Artificial Intelligence (AI)-

➢ It is the vicinity of computer science focusing on creating machines that can fit into place on

behaviours that humans regard as intelligent

➢ A significant driver for any application of artificial intelligence is fresh & innovative code

➢ We need to break out of the “customized program for a specific application” mindset & begin

finding new ways to recycle code for new applications

➢ It is a research field that studies how to comprehend intelligent human behaviours on computer

➢ Its decisive objective is to make a computer that can discover, sketch, crack problems in parallel

➢ It can be applied on various purposes, like, expert systems, pattern recognition, natural language

processing, etc.

➢ Commercial applications (uses) of AI are-


Decision-support

Intelligent human-computer interface systems that can understand spoken language &

gestures & facilitate problem solving by supporting organisation wide collaboration to solve

particular problems

situation assessment & resource allocation software for uses that range from airlines and

airport to logistics centres

Information Retrieval

AI-based Intranet & Internet systems provides good amount of information in simple

presentation

Database mining for marketing trend analysis, financial forecasting, & maintenance cost

reduction and more

Virtual Reality

Automated animation interfaces that allow users to interact with virtual objects via touch

Robotics

Machine-vision inspection systems for gauging, guiding, identifying, and inspecting products

and providing competitive advantage manufacturing

Expert Systems-

➢ It is a computerized information system that allows non-experts to make decisions comparable to

those of an expert

➢ These are used for complex/ill-structured tasks that require experience & specialized knowledge in

narrow, specific subject areas

➢ It has leveraged its strengths to plan & execute a miscellaneous variety of projects for defense,

government, finance, telecom, engineering sectors, consulting services, etc.

➢ It takes into consideration knowledge, facts & user interface with the help of knowledge engineer

to accomplish the task

➢ Its key components are-

Knowledge Base

The knowledge base of expert system encloses both realistic and heuristic knowledge

It includes the data, knowledge, relationships, rules of thumb, & decision trees used by

experts to solve a particular for problem

It is the computer equivalent of all the knowledge & insight that an expert or group of

experts develop through years of experience in their field

Realistic Knowledge is that knowledge of the job domain that is extensively shared,

characteristically found in textbooks & frequently agreed upon by experts

Heuristic Knowledge is the fewer rigorous, extra empirical, supplementary judgemental

knowledge of performance. It is not often discussed & is principally individualistic

Inference Engine

It contains the logic & reasoning mechanisms that simulate the expert logic process &

deliver advice

It uses data obtained from both the knowledge base & the user to make associations &

inferences, form its conclusions, & recommend a course of action

User Interface

It allows the user to design, create, update, use and communicate with the expert system

Explanation Facility

It provides the user with an explanation of the logic the ES used to arrive at its conclusion


Database of Facts

It holds user’s input about current problem by entering as much as they know about the

problem or inference engine may prompt for details or ask whether certain conditions exist

A database of facts is built up which the inference engine will use to come to a decision

The quality & quantity of data gained from the user will influence reliability of the decision

➢ Types of ES problem domains-

These are designed to deal with imprecise data/problems that have more than one solution

Using a technique called fuzzy logic, it can deal with imprecise data by asking for a level of

confidence.

A neural network uses computer circuitry to simulate the way in which a brain might process

information

➢ Types of ES-

In example-based system, developers enter case facts & results, which is converted to a

decision tree that is used to match the case at hand with those previously entered in the

knowledge based

In rule-based systems, data & decision rules are stored as “if-then rules”. The system asks

the user questions & applied if-then rules to the answers to draw conclusions & make

recommendations

In frame-based systems, all information about a topic is organized into logical units called

frames, which are similar to linked records in data files. Then, rules are established about

how to assemble or inter-relate the frames to meet the user's needs

Business Intelligence-

➢ Definition-

BI is the delivery of accurate, useful information to the appropriate decision-makers within

the necessary time frame to support effective decision making for business process.

It comprises information that contains patterns, relationships, & trends about customers,

suppliers, business partners, &, employees

It can handle large amounts of information to help identify & develop new opportunities

➢ Advantage-

To increase the amount of knowledge, orgs. can apply in real time and reduce the cost of

managing their business processes

It provides competitive market advantage & long term stability

➢ Business Intelligence Tools-

These tools are a type of software that is designed to retrieve, analyse, and report data

Key business Intelligence tools are-

Simple Reporting & Querying

It involves using the data warehouse to get response to the query- “tell me what happened”

Aim of BI is to turn operational data into meaningful knowledge, which requires BI to be

connected with enterprise data & all necessary data is available in one place in one common

format

Data warehousing (DW) provides a perfect architecture to combine all the data dispersed

There are reporting tools used to arrange information into a readable format & distribute it

to the people who they need it

Business Analysis-

It involves using the data to get response to the query- “tell me what happened & why”


It refers to presenting visualising data in a multidimensional manner

ELT (Extract, Transform, Load) tools bring in data from outside sources, transform it to meet

business specified operational needs & then load the results into the company database

Dashboards-

It involves using the information gathered from the data warehouse & making it available to

users as snapshots of many different things with the aim of getting response to the query-

“tell me a lot of things, but without too much effort”

It is a flexible tool, that can be bent into as many different shapes as per user requirements

It includes the collection of graphs, reports & KPIs

Scorecards-

It involves providing a visual representation of the enterprise strategy by taking critical

metrics & mapping them to strategic goals throughout the enterprise

It offers rich, visual gauge to display the performance of specific initiatives, business units,

or enterprise as a whole & individual goals in the context of larger enterprise strategy

Data Mining or Statistical Analysis-

It involves using statistical, AI, & related techniques to mine through large volumes of data

& providing knowledge without users even having to ask specific questions

It involves data analysis to discover useful patterns hidden in large volume of diverse data

Eg- market segmentation- identify common features of customers buying same product

Tool used- Online Analytical Processing (OLAP) is a multi-dimensional analytical tool typically

used in data mining, that gathers & process vast amount of information into useful packets

➢ Business Reporting through MIS & IT-

Business reports are a type task which facilitates in scrutinizing a situation & pertain to

business theories to fabricate a variety of suggestions for development

It provides a platform for users to get immediate access to business information by using

simple analysis

These are routinely assigned to facilitate us to-

▪ accomplish conclusions about a trouble

▪ demonstrate short and excellent communication skills

▪ exhibit our analytical, reasoning, & evaluation skills in identifying & weighing up

potential solutions and outcomes

While analysing the business reports, classically, there is no thumb rule to reach conclusion

but numerous solutions, each associated with their own costs & benefits to an org.

Benefits for micro-businesses & small to medium enterprises-

It is paperless lodgement, eliminating hassle of paperwork and associated costs

It electronically stores the reports securely in the accounting system

Forms pre-filled with information existing in accounting system, as well as, information held

by the government, saves valuable time

Ease of sharing between clients, accountant, tax agent, or bookkeeper for checking

Secure AUSkey authentication, which is a common authentication solution for business-to-

government online services

Same time validation gives faster response that any lodgement

Benefits for large business-

Single reporting language to report to government- eXtensible Business Reporting Language

(XBRL) is an international standards-based business reporting language developed by

accountants for financial reporting


It reduces cost by reduction in the cost of assembling, analysing, and providing data to

government

It streamlines the process of aggregating data by exploiting opportunities that exists across

different internal departments, or business units of a company

Secure AUSkey authentication lodges online security to a range of government agencies

Same-time validation gives rapid response that any lodgement has been received

Importance of Access and Privilege Controls-

➢ In order to safeguard software systems, procedures are developed & implemented for protecting

them from unauthorised modification, disclosure or destruction to ensure that information remains

accurate, confidential, & is available when required

➢ Access controls possess four general functions, which work together to grant access to resources &

constrains what a subject can do.

➢ These four general functions are-

Identify Management consists of one or more processes to verify the identity of a subject

attempting to access an object. It, however, does not provide 100% assurance of the

subject’s identity, but provides a level of probability of assurance, which depends on the

identification processes in place and their general trustworthiness

Authentication is inseparable from identity management. Where Identity management

includes designing & managing a subject’s identity, Authentication is the process of verifying

a subject’s identity at the point of object access

Authorization- Once a resource or network verifies a subject’s identity, the process of

determining what objects that subjects can access begins. It identifies what systems,

network resources, etc. a subject can access

Accountability- The object or some external resource logs all activity between subject &

object, stored for audits & sent to a log management solution, etc. They provides insight

into how will access control processes working, whether or not subjects abuse their access

➢ Approaches to Access Control-

➢ Two major approaches to establish access controls are-

Role-based Access Control (RBAC) largely eliminates discretion when providing access to

objects. Instead, administrators/automated systems place subjects into roles. Subjects

receive only rights & permissions assigned to those roles. When an employee changes jobs,

all the previous access is removed and the rights & permissions of the new role are assigned

Rules-based Access Controls (RAC) also takes into account the data affected, the identity

attempting to perform a task, & other triggers governed by business rules.

Eg of RAC- A manager has ability to approve his employees’ hours worked, however, when

he attempts to approve his own hours, a rule built into application compares employee

record & the user, sees they are same, & temporarily removes approval privilege. This is

dynamic & occurs at the time a transaction is attempted. This also sometimes called

dynamic RBAC

➢ Principle of Least Privilege

It is a fundamental principle of information security, which refers to give only those

privileges to user account, which are essential to that user’s work

Least User Access/Least-privileged User Account (LUA) refers that all user accounts at all

times should run with as few privileges as possible & also launch applications with as few

privileges as possible.


Software bugs may be exposed when applications do not work correctly

It is recognised as an important design consideration in enhancing the protection of data &

functionality from any kind of compromises towards security

Payment Mechanisms-

➢ In addition to conventional mode of payment (cash & cheques), past few years have seen the

speedy creation of plastic payment mechanism- credit cards, charge cards & debit cards

➢ in addition, consumers are also identifiable with payment mechanisms like, traveller’s cheques,

credit cheques & money orders

➢ payment gateway is fundamentally a service used to process credit card transactions when orders

are accepted online from clients

➢ in a way, it represents a physical POS (point-of-sales) terminal, which is set in every retail outlet

these days.

➢ Payment gateways use a special code for acquiring sensitive information like credit card numbers,

so that information passes securely

➢ Major types of electronic payments-

➢ Credit Cards-

➢ In credit card transaction, consumer presents preliminary proof of his ability to pay by presenting

his card number to merchant

➢ The merchant can verify this with bank & create a purchase slip for the consumer to endorse

➢ Merchant will, then, uses this purchase slip to collect funds from the bank, &,

➢ In next billing cycle, consumer receives a statement from bank with the record of a transaction

➢ How a credit card is processed? (explanation of above points)

Step 1- Authorization

After a merchant swipes the card, the data is submitted to merchant’s bank, called acquirer,

to request authorisation for sale.

The acquirer then routes the request to the card-issuing bank, where it is authorised/denied

And the merchant is allowed to process the sale

Step 2- Batching

At the end of the day, merchant reviews all the day’s sales to ensure they were authorised

and signed by the card holder

It then transmits all the sales at once, called a batch, to the acquirer to receive payment

Step 3- Clearing

After the acquirer receives the batch, it sends it through the card network, where each sale

is routed to the appropriate issuing bank

The issuing bank then subtracts its interchange fees, which are shared with the card

network, & transfers the remaining amount through the network back to the acquirer

Step 4- Funding

After receiving payment from the issuer, minus interchange fees, the acquirer subtracts its

discount fee & sends the remainder to the merchant

The merchant is now paid for the transaction and the card holder is billed

➢ Using a credit card to purchase over Internet follows same scenario, but on the Internet, added

steps must be taken to provide for secure transactions & authentication of both buyer & seller

➢ Visa and MasterCard, teamed up to develop a common standard to process credit card

transactions on the Internet, called the Secure Electronic Transaction (SET) standard

➢ Electronic Cheques-


➢ 2 systems developed to let consumers to use electronic cheques to pay web merchants directly-

Financial Services Technology Corporation (FSTC)-

It is a association of banks & clearing houses that has designed an electronic cheque

Modelled on the traditional paper cheque, this new cheque is initiated electronically & uses

a digital signature for signing & endorsing

User can use a single mechanism, the electronic cheque, to complete payments that vary

according to payee’s requirements

CyberCash-

It functions as a message to the sender’s bank to transfer funds

the message is given initially to the receiver who, in turn, endorses the cheque & presents it

to the bank to obtain funds

Merit- As sender, we can protect ourselves against fraud by encoding our account number

with the bank’s public key, thereby not revealing our account number to merchant

As with SET protocol, digital certificates can be used to authenticate the payer, the payer’s

bank, & the bank account

➢ Smart Cards-

➢ These have an embedded microchip instead of magnetic strip.

➢ The chip contains all the information a magnetic strip contains but offers the possibility of

manipulating the data & executing applications on the card

➢ Three Types of smart cards are-

Contact cards are smart cards that need to insert into a reader in order to work (Eg- ATMs)

Contactless cards don't need to be inserted into a reader, but just waving them near a

reader is just sufficient for the card to exchange data (Eg- Cards used to open door)

Combi/Hybrid cards contain both technologies & allow a wider range of applications

➢ Electronic Purses-

➢ It is another way to make payments over the net

➢ it is very similar to a prepaid card

➢ It can be used as an ATM card as well as a credit card

➢ While making purchases, customers pass their cards to a vendor’s point of sale terminal. No credit

check/signature is needed. Validation is done through a PIN Number

➢ Once transaction is complete, funds are deducted from card & transferred to vendor’s terminal

➢ Merchants can transfer value of accumulated transactions to their bank accounts by telephone as

frequently as they choose

➢ When value on a card is spent, consumers can load additional funds from their accounts to card

chapter-4 business information system (bis) · chapter-4 business information system ... it...

Documents