IT (KL) - Prepared by Bhaskar Cahkrabarty & Md. Sazedul Kabir From ACNABIN

Page | 1

Prepared By: Bhaskar Chakraborty Md. Sazedul Kabir ACNABIN

Information Technology

It Knowledge

SUMMARY OF STUDY MANUAL

Page | 2


TABLE OF CONTENTS

Chapter Page No. 1. Information Within Organization 3-6 2. Information Technology Architecture 7-14 3. Management of IT 15-21 4. Communication And IT 23-30 5. Internal Control in Computer Based Business Systems 31-38

Page | 3


CHAPTER 1 INFORMATION WITHIN ORGANIZATION

1. Data: (Page 20) Data is the raw materials of information. A data processing system processes

data into information. 2. Information: (Page 20) Information is the data that has been processed into a form that is

meaningful to the recipient and is of real or perceived value in current or progressive decision. 3. Value of information: (Page 21) Information is of high value if it is –

Reliable (accurate) Clean Complete Right quantity – avoiding intimidating overload Relevant – and perceived as relevant by the receiver

4. Usefulness of data:

Companies that sell product may mail order need to keep up to date lists of name and addresses of customers who may be interested in making a purchase. This data is very valuable and can be sold to other “like” companies. What would make this list become of little value?

What could be added to the data so that it can be kempt up to date? Is the cost of keeping data up to date, accurate and complete worthwhile to the

company?

5. Difference between data and information: (Page 23) Data can be in the form of numbers, characters, symbols or even pictures. A collection of these data which conveys some meaningful idea is information. SL Data Information 1 Raw, unanalyzed facts, figures and events Useful knowledge derived from the data. 2 Data is unprocessed instructions. If data is processed will become information. 3 Data is material Information is gathering all material to be it. 4 Data is raw material for data processing.

Data relates to fact, event and transactions.

Information is data that has been processed in such a way as to be meaningful to the person who receives it. It is anything that is communicated.

5 Data is raw material which is unprocessed for data processing. It is normally entered by input devices into computer and it can be in any form, useable or not. It does not bring meaning, some of them is even in computer language.

Information is data that has been processed, it can be useful for the person receiving since it brings meaning. It can be understood by human and normally convey by output devices to people.

6. Importance of information: (Page 25) Information technology is fundamental to the success

of any business. The information that is collected and/or assembled in any business is as valuable a resource as capital or people. Information may be processed, summarized and analyzed by computers before being used by managers as the basis for decision making.

Page | 4


Information must be – Accurate Complete Up-to-date

7. Impact of information systems on organization and business firms: (Page 25) From the

point of view of economics, IT changes both the relative costs of capital and the costs of information. Information systems technology can be viewed as a factor of production that can be substituted for traditional capital and labor. IT also obviously affects the cost and quality of information and changes the economics of information. Information technology helps firms contract in size because it can reduce transaction costs – the costs incurred when a firm buys on the market pace what it cannon make itself. Information technology, especially the use of networks, can help firms lower the cost of market participation (transaction costs), making it worthwhile for firms to contract with external suppliers instead of using internal sources.

8. Relationship between information and organization: Information system and organization

has a complex two-way relationship. This complex two-way relationship is mediated by many factors, not the least of which are the decisions made or not made by managers. Other factors mediating the relationship include the organizational culture, structure, politics, business process and environment.

9. Attributes of useful and effective information: (Page 29) Availability Purpose Mode and format Decay Rate Frequency Completeness Reliability Cost Benefit Analysis Validity Quality Transparency Value Of Information

10. How do organizations differ? (Page 36)

Ownership Control Activity Profit Or Non-Profit Orientation Size Legal Status Source Of Finance Technology

11. Decision Support System: (Page 39) DSS can be defined as a system that provides tools to

managers to assist them in solving semi structured and unstructured problems in their own somewhat personalized way. A DSS is not intended to make decisions for managers, but rather to

Page | 5


provide managers with a set of capabilities that enables them to generate the information required by them in making decisions. Examples of DSS in Accounting are:

Cost Accounting System Capital Budgeting System Budget Variance Analysis System General Decision Support System

12. Characteristics of DSS: (Page 40)

They support semi structured or unstructured decision making; They are flexible enough to respond to the changing needs of decision makers; and They are easy to use.

13. Components of DSS: (Page 40) Four basic components –

The users: The user of a decision support system is usually a manager with an unstructured or semi-structured problem to solve.

Databases: Databases contain both routine and non-routine data from both internal and external sources.

Planning languages: Two types of planning languages. General purpose planning languages allow users to perform many routine tasks. Special purpose planning languages are more limited in what they can do. But they usually do certain jobs better then the general purpose planning languages.

The model base: It is the brain of the DSS because it performs data manipulations and computation with the date provided to it by the user and the database.

14. Information Systems at different levels of management: (Page 44)

Top management: Tactical decisions by the top management are dependent on the information passed from middle management. —— EIS, MIS, DSS

Middle Management: At the middle level of management the decision making process starts. Inputs from different internal and external information sources are collected and processed for strategic decisions. —— MIS, DSS

Lower Level management: All types of inputs available from various sources are collected. No decision making process is carried out at this level. —— TPS

TPS Lower Level Management MIS Mid Level Management DSS Mid Level Management ESS/EIS Top Level Management

15. Transaction Processing System: (Page 45) TPS at the lowest level of management is an

information system that manipulates data from business transactions. A TPS involves the following activities:

Capturing date to organize in files or databases Processing of files/databases using application software Generating information in the form of reports Processing of queries from various quarters of the organization

16. Management Information Systems (MIS): (Page 46 & 49) It is an integrated user-machine

system designed for providing information to support operational control, management control and decision making functions in an organization. A good MIS provides managers with

Page | 6


appropriate information at the right time. It also presents information in the right amount of detail according to the level of management.

17. Activities of a Manager: (Page 46) Determination of organizational objectives and developing plans to achieve them, Securing and organizing the human and physical resources so that these objectives could

be accomplished, Exercising adequate controls over the functions Monitoring the results to ensure that accomplishments are proceeding according to plan.

18. Executive Information Systems (EIS): (Page 46) It is sometimes referred to as an executive

support system (ESS) is a DSS that is designed to meet the special needs of top-level managers. Any distinction between the two usually is because executive support systems are likely to incorporate additional capabilities such as electronic mail.

19. Types of Information: (Page 48) Two different types –

Internal information: Information that has been generated from the operations of the organization at various functional areas. The internal information gets processed and summarized from junior to top most level of management.

External information: The external information is collected from the external environment of the business organization. External information is considered to affect the organizational performance from outside the organization.

20. Passive and Interactive Information System: (Page 49)

Passive Information System: Passive information systems are systems that will answer queries based on the data that is held within them, but the data is not altered. Example – Electronic encyclopedia.

Interactive Information System: An interactive system is one that data can be entered for processing which may alter the contents of the database. Example – Stock control system in a supermarket.

21. Batch Processing and Rapid Response Processing: (Page 51)

Batch Processing: A batch processing system is used when the output does not have to be produced immediately. Other factors are that the application will tend to use a large amount of data that processing will tend to be of the same type for each set of data and that human intervention is not necessary.

Rapid Response Processing: Rapid response processing referred to as real time processing. Real time processing can be thought of as being used in process control where the results of the process are used to inform the next input. The classic example is the airline booking systems. (Page 51)

22. Knowledge-based system: (Page 52) A knowledge-based system (KBS) is a system where all

the expert human knowledge covering particular topic is brought together and made available to the user through a computer system which uses the facts in its knowledge base by applying rules that may sensibly be applied to the knowledge. (Page 52)

23. Types of knowledge-based systems: (Page 53) Three types -

Diagnostic: The user interface gives a series of questions, each of which has a limited number of possible answers, each one of which leads to another question. Gradually the

Page | 7


amount of data in the knowledge base is reduced until there is only a small amount of relevant data which must provide the answer to the query.

Advice Giving: An advice giving system is one that follows some process being done and then offers advice on how to proceed if something needs to be done or goes wrong.

Decision Making: A decision making knowledge based system is a system which understands what is happening in a system and has been given enough rules to be able to make and carry out decisions without further intervention.

Page | 8


CHAPTER 2 INFORMATION TECHNOLOGY ARCHITECTURE

1. Information System: (Page 76) Information system is a mechanism that helps people to

collect, store, organize and use information. Information system can be defined technically as a set of interrelated components that process, store and distribute information to support decision making and control in an organization. In addition to support decision making, coordination and control, information system may also help managers and workers analyze problems, visualize complex subjects and create new problems.

2. Information system from functional perspective: (Page 77) Sales and marketing system: The sales and marketing system is responsible for

selling the organization’s product or services. This system deals with: o Order processing o Pricing Analysis o Sales trend forecast

Manufacturing and production system: Manufacturing and production system is

responsible for actually producing the firm’s goods and services. This system deals with: o Machine control o Production planning o Facilities location

Finance and accounting system: The finance system is responsible for managing the

firm’s assets and accounting system is responsible for maintaining and managing the firm’s financial records. This system deals with:

o Accounts receivable o Budgeting o Profit planning

Human resource system: the human resource is responsible for attracting, developing

and maintaining the firm’s workforce. This system deals with: o Training and development o Compensation analysis o Human resources planning

3. Information system from constituency perspective: (Page 81)

Executive Support system: ESS addresses non-routine decisions requiring judgment, evaluation and insight because there is no agreed-on procedure for arriving at a solution. It is designed to incorporate data about external events, such as tax laws or competitors. They filter, compress and track critical data, displaying the data of greater importance to senior managers.

Decision Support System: DSS support non-routine decision making for middle management. They focus on problems that are unique and rapidly changing for which the procedures for arriving at a solution may not be fully predefined in advance.

Management Information System: MIS summarizes and report on the company’s basic operations using data supplied by TPS.

Transaction Processing System: TPS is a computerized system that performs and records the daily routine transactions necessary to conduct business, such as sales order entry, hotel reservations, payroll, employee record keeping and shipping.

Page | 9


4. System: (Page 82) System is a collection of some integrated components that works to accomplish a specific task. A system must satisfy the following properties:

Each system consists of several components There must be a logical relation between the components The components of a system should be controlled in a way such that the specific task can

be accomplished.

5. Components of System: (Page 82) Hardware: The physical components of a computer system, such as electronic,

magnetic and mechanical devices. Software: Software is the collection of computer programs, procedures and

documentation that performs different tasks on a computer system. Software performs the function of the program it implements, either by directly providing instructions to the computer hardware or by serving as input to another piece of software.

Humanware: Humanware is hardware and software that emphasizes user capability and empowerment and the design of the user interface.

Data/Information: The smallest unit of information is known as data. Data is some raw facts that are not arranged in any specific order.

6. Types of Hardware: (Page 83)

Motherboard: Central or primary circuit board. Central Processing Unit: Interprets instructions and process data in computer

programs. Random Access Memory: allows the stored data to be accessed in any order. Basic Input Output System: BIOS prepare the software programs to load, execute

and control the computer. Power Supply: supplies electrical energy to an output load. Video Display Controller: converts the logical representations of visual information

into a signal that can be used as input for a display medium. Computer Bus: used to transfer data or power between computer component inside a

computer. CD-Rom drive: contains data accessible by a computer. Zip Drive: Medium capacity removable disk storage system. Hard Disk: The non-volatile data storage system that stored data on a magnetic surface

layered unto hard disk platters.

7. Classification of Software: (Page 85) According to the working principle, software can be classified into two classes:

A. System software: is computer software designed to operate the computer hardware and to provide and maintain a platform for running application software.

System Management Software o Operating System o Database Management System o Network Management System

System Support Software o System Utility o System Performance o System Security Monitor Program

System Development Software

Page | 10


o Programming Language Translator o Programming editor and tools o CASE (Computer Aided System Engineering

B. Application software: is computer software designed to help user to perform singular

or multiple related specific tasks. It resides above systems software, because it is unable to run without the operating system and system utilities.

Word Processing Software Database Software Spreadsheet Software Multimedia Software Presentation Software Enterprise Software Information Worker Software Educational Software Simulation Software Current Access Software

From commercial perspective software can be classified into three major classes:

A. Commercial software: Commercial software requires payment before it can be used and includes all the program’s features, with no restrictions or time limits.

B. Freeware/ Open source: Freeware is free to use and does not require any payment from the user. Open-source software (OSS) is computer software that is available in source code form for which the source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change and improve the software.

C. Shareware: Shareware is software that is distributed free on a trial basis with the understanding that the user may need or want to pay for it later.

8. Difference between shareware and freeware:

Unlike shareware, freeware can be downloaded for free. Freeware may end up being shareware, because the developer is offering the source

code for a limited period of time. 9. Firmware: (Page 92) In computing, firmware is software that is embedded in a hardware

device. Firmware boots up computerized or digital devices, as ROM chips are non-volatile, meaning they do not require a power source to hold their contents. Perhaps the most familiar firmware is the basic input output device (BIOS) chip. The BIOS chip on a computer motherboard holds instructions that, upon powering up, initialize the hardware, ensure components are working, and finally roll out the operating system to take over.

ROM= Read only memory EPROM= Erasable programmable ROM EEPROM= Electronically EPROM.

10. Process of Building Humanware: (Page 92) Define users and what they really want to do Identify tasks they will need to do or capabilities they will want Specify usability objectives for each task or capability Build a prototype of the user interface

Page | 11


Test and verify or correct the prototype Provide the prototype and usability objectives to the program designers and coders Test the code against the prototype and objectives and if necessary, redesign or recode

the software Test the product with users or valid test subjects and revise as necessary Get feedback from users and continually improve the product.

11. Data structure: Data structure is the structure how data is organized in logical or mathematical

model or a particular organization of data. Array: A[1], A[2], A[3],……., A[N], Record: A record is a collection of related data items, each of which is called a filed or

attribute.

12. Data Analysis: (Page 96) Data analysis is a process in which raw data is ordered and organized so that useful information can be extracted from it. Over the course of the data analysis process, the raw data is ordered in a way which will be useful. Charts, graphs and textual write-ups of data are all forms of data analysis. These methods are designed to refine and distill the data so that one can glean interesting information without needing to sort through all of the data on their own.

13. Data Validation: (Page 96) Data validation is the process of ensuring that a program operates on clean, correct and useful data. It uses routines, often called “validation rules” or “check routines”, that check for correctness, meaningfulness and security of data that are input to the system.

14. Data Validation Methods: (Page 97)

Allowed Character Check Consistency Checks Control Totals Data Type Checks File Existence Checks Format Or Picture Check Limit Check Logic Check Missing Data Test Range Check Uniqueness Check

15. Database Management System: (Page 99) A database management system (DBMS) is

designed to manage a large body of information. It aids in the storage, manipulation, reporting, management, and control of data.

16. Features of DBMS: (Page 99) Query Ability Back Up And Replication Rule Enforcement Security Computation Change And Access Logging

Page | 12


Automated Optimization 17. Advantages and disadvantages of DBMS: (Page 101)

Advantages:

Reduced data redundancy Reduced updating errors and increased consistency Greater data integrity and independence from applications/programs Improved data access to users through use of host and query languages Improved data security Reduced data entry, storage and retrieval costs Facilitated development of new applications/programs

Disadvantages:

Database systems are complex, difficult and time-consuming to design Substantial hardware and software start-up costs Damage to database affects virtually all applications programs Extensive conversion costs in moving from a file-based system to a database system Initial training required for all programmers and users.

18. Processing Techniques: (Page 102) 6 types -

Batch Processing Distributed Processing Real time processing Timesharing Multiprogramming Multiprocessing

19. Batch Processing: (Page 102) In a batch processing group of transactions is collected over a

period of time, entered, processed and then the batch results are produced. Batch processing requires separate programs for input, process and output. It is an efficient way of processing high volume of data. Example - End of day reporting; printing etc.

Advantages:

It allows sharing of computer resources among many users and programs It shifts the time of job processing to when the computing resources are less busy It avoids idling the computing resources with minute-by-minute manual intervention and

supervision By keeping high overall rate of utilization, it better amortizes the cost of a computer,

especially an expensive one.

20. Distributed Processing: (Page 103) A distributed system consists of multiple autonomous computers that communicate through a computer network. Distributed processing implies that processing will occur on more than one processor in order for a transaction to be completed. In other words, processing is distributed across two or more machines and processes are most likely not running at the same time i.e. each process performs part of an application in a sequence. Advantages:

Each computer can be used to process data like a decentralized system.

Page | 13


It allows greater flexibility in placing true computer power at the location where it is needed;

It facilitates quick and better access to data and information especially where distance is a major factor;

Better computer resources are easily available to the end users; The availability of multiple processors in the network permits peak load sharing and

provides backup facilities in the event of equipment failure. Disadvantages:

There is lack of proper security controls for protecting the confidentiality and integrity of the user programs and data that are stored online and transmitted over network channels.

It is not possible to link different equipments produced by different vendors into a smoothly functioning network;

Due to decentralization of resources at remote sites, management from a cental point becomes very difficult.

21. Real time processing: (Page 104) In a real time processing, there is a continual input, process

and output of data. Data has to be processed in a small stipulated time period (real time), otherwise it will create problems for the system.

22. Timesharing: (Page 105) A processing system with a number of independent, relatively low speeds, online, simultaneously usable stations. Each station provides direct access to the CPU. Advantages:

Reduces CPU idle time Offers computing facility to small users Provides advantages to quick response Reduces the output of paper Avoids duplication of software

Disadvantages:

Question of security Problem of reliability Problem of data communication Question of overhead involved

23. Multiprogramming: (Page 107) It means that there are a number of programs available to the

CPU (store in main memory) and that a portion of one is executed, then a segment of another and so on. Requirements:

Large Memory Memory protection Program status preservation Proper job mix

Advantages:

Increased throughput

Page | 14


Lowered response time

24. Multiprocessing: (Page 107) The term multiprocessing is used to describe interconnected computer configurations or computers with two or more independent CPUs that have the ability to simultaneously execute several programs. Advantages:

It improves the performance of computer system by allowing parallel processing of segments of programs.

It facilitates more efficient utilization of all the other devices of the computer system. It provides a built-in backup.

Disadvantages:

A very sophisticated operating system is required to schedule, balance and coordinate the input, output and processing activities of multiple CPUs.

A large main memory is required for accommodating the sophisticated operating system along with several users programs.

Such systems are very expensive.

25. Difference between Multiprogramming and Multiprocessing: (Page 108) SL Multiprogramming Multiprocessing 1 Multiprogramming is the interleaved

execution of two or more process by a single CPU computer system.

Multiprocessing is the simultaneous execution of two or more process by a computer system having more than one CPU.

2 It involves executing a portion of one program, then a segment of another etc. in brief consecutive time periods.

Multiprocessor makes it possible for the system to simultaneously work on several segments of one or more programs.

26. Security: (Page 109) Security refers to the policies, procedures and technical measures used to

prevent unauthorized access, alteration, theft or physical damage to information systems.

27. Control: (Page 109) Control consists of all the methods, policies and organizational procedures that ensure the safety of the organization’s assets, the accuracy and reliability of its accounting records and operational adherence to management standards.

28. Malicious Software: (Page 109) Malicious software programs are referred to as malware and include a variety of threats such as computer viruses, worms and Trojan horses.

29. Different Types of Malicious Software: (Page 109)

Backdoor or Trapdoor: Allows those who know access bypassing usual security procedures.

Logic bomb: Activated when specified conditions met e.g. presence/absence of some file, particular date/time, and particular user.

Virus: Once a virus is executing, it can perform any function, such as erasing files and programs.

Worms: A program that can replicate itself and send copies from computer to computer across network connections.

Trojan horse: When invoked perform some unwanted or harmful functionality. Zombie: Program which secretly takes over another networked computer.

Page | 15


30. Hackers and Cyber-vandalism: (Page 113)

Hacker: A hacker is an individual who intends to gain unauthorized access to a computer system.

Cracker: A hacker is criminal intent. Spoofing: Hackers attempting to hide their true identities often spoof or misrepresent

themselves by using fake e-mail addresses or masquerading as someone else. Sniffer: A sniffer is a type of eavesdropping program that monitors information traveling

over a network. Distributed Denial of Service (DDos): In a DDos attack, hackers flood a network

server or web server with many thousands of false communications or requests for services to crash the network.

31. Technologies and tools to provide security: (Page 114)

Access control: Access control software is designed to allow only authorized users to use systems or to access data using some method of authentication.

Firewalls: The firewall acts like a gatekeeper who examines each user’s credentials before access is granted to a network.

Intrusion detection system: It features full time monitoring tools placed at the most vulnerable points or hot-spots of corporate networks to detect and deter intruders continually. The system generates an alarm if it finds a suspicious or anomalous event.

Antivirus software: Antivirus software is designed to check computer systems and drives for the presence of computer viruses.

32. E-commerce: (Page 116) Electronic Commerce is the process used to distribute, buy, sell or

market goods and services, and the transfer of funds online, through electronic communications or networks. Example: Amazon.com

33. Characteristics of e-commerce: (Page 116) Business Oriented: E-commerce is business oriented, as it is the purchasing, selling

and exchanging of goods and services. Convenient Service: Customers will no longer be confined by geographical constraints

in receiving services. System Extendable: For e-commerce an extendable system is the guarantee of system

stability. Online Safety: Online safety is the first priority of e-commerce. Co-ordination: E-commerce is the process of coordination between employees,

customers, manufacturers, suppliers and business partners.

34. Benefits of e-commerce: (Page 118) Increases Sales Decreases Costs Provides Price quotes Increases profits Expands the size of the market from regional to national or national to international Contracts the market Reaches to a narrow market

Page | 16


35. Limitations of e-commerce: (Page 119) A. Technical Limitations

Costs of technological solution Some protocol are not standardized around the world Insufficient telecommunication bandwidth Software tools are not fixed but constantly evolving Integrating digital and non-digital sales and production information Access limitations of dial-up, cable, ISDN, wireless Some vendors require certain software to show features on their pages which in not

common in the standard browser used by the majority Difficulty in integrating e-commerce infrastructure with current organizational IT systems.

B. Non-technical Limitations

Customer fear of personal information being used wrongly Customer expectations unmet Vulnerability to fraud and other crimes Lack of trust and user resistance Limitations to support services Non-accessibility outside of urban/suburban areas Higher employee training required People’s resistance to change People not used to faceless/paperless/non-physical transactions.

Page | 17


CHAPTER 3 MANAGEMENT OF IT

1. Phases Of Policy Evolution Process: (Page 126)

Enterprise’s Organizational Structure And Business Process Techniques System Requirements Analysis Policy Definition And Specification Policy Analysis And Translation Policy Distribution And Enforcement Policy Monitoring And Maintenance Reverse Engineering

2. Categories/approaches of Organizational Management Process: (Page 129)

Work processes Behavioral processes Change processes

3. Summary of Management Process: (Page 131)

Key Issues Work Processes Behavioral Processes Change Processes Definition Sequence of activities

that transform inputs into outputs.

Widely shared patterns of behavior and ways of acting/interacting.

Sequence of events over time.

Role Accomplish the work of the organization.

Infuse and shape the way work is conducted by influencing how individuals and groups behave.

Alter the scale, character, and identity of the organization.

Major Categories

Operational and administrative

Individual and interpersonal

Autonomous and induced, incremental and revolutionary.

Examples New product development, order fulfillment, strategic planning

Decision making, communication, organizational learning

Creation, growth, transformation, decline

4. Information System: (Page 133) An information system collects, processes, stores, analyzes

and disseminates information for a specific purpose. It processes the inputs by using technology such as PCs and produces outputs that are sent to users or to other systems via electronic networks.

5. Formal And Informal Information Systems: (Page 133) Formal Information Systems: Formal systems include agreed-upon procedures,

standard inputs and outputs, and fixed definitions. A company’s accounting system would be a formal information system that processes financial transactions.

Informal Information Systems: Informal systems take many shapes, ranging from an office gossip network to a group of friends exchanging letters electronically.

Page | 18


6. Computer Based Information System (CBIS): (Page 133) A computer based information system (CBIS) is an information system that uses computer technology to perform some or all of its intended tasks.

7. Components Of Information System: (Page 134)

Hardware Software Database Network Procedure People

8. Fundamental Roles of Information Systems In Business: (Page 135) There are three

major roles of the business applications of information systems: Support of its business processes and operations Support of decision making by its employees and managers Support of its strategies for competitive advantage

9. Information System Infrastructure: (Page 137) There are five major components of the

infrastructure: Computer hardware Software Networks and communication facilities (including the internets and intranets) Databases Information management personnel

10. Information System Architecture: (Page 137) Information technology architecture is a high-

level map or plan of the information assets in an organization including the physical design of the building that holds the hardware. It is a guide for current operations and blueprint for future directions. It assures managers that the organization’s IT structure will meet its strategic business needs.

11. Asset and types of IT asset: Asset: a resource with economic value that a company owns or controls with the expectations that it will provide future benefit. Fixed Asset: Tangible: Large CPU Server Intangible: Software with long term purchase contract Current Asset: Tangible: Monitor Intangible: Shareware

12. Asset life cycle:

Plan → Acquire → Deploy → Manage → Retire → Plan _____________ _______________ ____________ Control Audit Reconcile

Page | 19


13. IT Asset Management: (Page 142) ITAM is a process to control the day to day operation and

utilization of IT assets, ensuring that an organization realizes maximum efficiency from these assets and the employees using them.

14. Optimization of ITAM Program: (Page 143) To optimize an ITAM program, the following

considerations should be addressed: Link IT to business objectives Incorporate lifecycle processes and governance Avoid common mistakes

15. How Does ITAM Work: (Page 144) ITAM can help an organization:

Control IT purchases and deployment Compare its actual needs with contract terms and purchase history Avoid non-compliance and its associated legal risks Eliminate unnecessary purchases Determine optimum retirement dates for equipment nearing the end of its lifecycle

16. Benefits of IT asset management: (page 145)

Reduce it costs by better managing and administering your IT assets. Ensure software compliance by knowing what you have and what you use. Align it with business goals to support business decisions. Improve productivity by empowering the IT administration team to easily track and

manage assets and their changes. Detect unauthorized and illegal software by adopting a software usage policy and easily

detecting any policy deviations. 17. Evaluation of an IT Asset Management Solution: (page 147) When considering an ITAM

solution, look for the following: Efficient and accurate discovery of all IT assets, including routers, printers, servers,

laptops, PDAs and workstations A structured approach to software discovery across the company, with application, suite

and version recognition for both workstations and servers A centralized asset repository that houses the physical, contractual, and financial

information for each asset, along with information about software throughout the organization, including version, users and number of copies.

18. Misconceptions regarding ITAM: (page 147)

Methodology is first and foremost about technology The IT platform with the lowest-cost TCO is the best choice Soft costs don’t count

19. Software: (Page 149) The programs, routines and symbolic languages that control the

functioning of the hardware and direct its operation.

20. Types Of Software: (Page 150) System Software: System software helps to run the computer hardware and computer

system. It includes a combination of the following: device drivers, operating systems,

Page | 20


servers, utilities and window systems. Examples are- Microsoft Windows, Linux, and Mac OS X.

Programming Software: Programming software usually provides tools to assist a programmer in writing computer programs, and software using different programming languages in a more convenient way. The tools include – compilers, debuggers, interpreters, linkers and text editors.

Application Software: Application software allows end users to accomplish one or more specific task.

21. Organizational Complexities of Global ERP Implementation: (Page 152)

Business process standardization Understanding of local needs Localized delivery of employee communication and training Rely on your change agents Leverage performance measures

22. Problem Management: (Page 157) Problem management is a business function comprised of

people, processes, and tools organized and chartered to resolve customer problems.

23. Problem Management Process: (Page 157) Five core processes - Problem Identification Customer Validation Problem Logging Service Delivery Knowledge Capture And Sharing

24. Problem Management System: (Page 162) Problem management systems, or help desk

systems, have four primary functions: To capture request information To store that information in a common location To route and escalate the request as necessary, and To store and report metrics on the entire process

25. What is IT? (Page 167) Information technology is an umbrella term which covers a vast array of

computer disciplines that permit organizations to manage their information resources. Data processing and management information systems (MIS) are integral parts of existing IT services.

26. Components of Traditional Data Processing: (Page 167) Three main components - Data Entry: Day-to-day production data entry Operations: day-to-day maintenance, routine report generation, backup etc. Applications: Software development, maintenance and support.

27. Information Security: (Page 177) Information security is the security that data or information

is protected against harm from threats that will lead to its loss, inaccessibility, alteration, or wrongful disclosure. The protection is achieved through a layered series of technological and non-technological safeguards such as physical security measures, user identifiers, passwords, smart cards, biometrics, firewalls etc.

Page | 21


28. Why is Information System Security Important? (Page 177) Information System security is important for the protection of the interests of those relying on information, and the information systems and communications that deliver the information, from harm resulting from failures of availability, confidentiality, and integrity.

29. What Information is Sensitive? (Page 179) Strategic plans: Strategic plans are crucial to the success of a company. The

advantages of achieving insight into a competitor’s intentions can be substantial. Business Operations: Business operations consist of an organization’s process and

procedures, most of which are deemed to be proprietary. As such, they may provide a market advantage to the organization. A company’s client lists and the prices charged for various products and services can also be damaging in the hands of a competitor.

Finances: Financial information, such as salaries and wages, are very sensitive and should not be made public.

30. Establishing Better information Protection: (Page 180) These points may be considered – Not all data has the same value Know where the critical data resides

31. Information security objective: (Page 181) The following steps must be taken to ensure that

the organization’s information security objectives include: Implementing the plan Monitoring logs to verify compliance and identify problems Measuring the results Identifying potential improvements Refining processes and procedures

32. Components of Information Security: (Page 181) Information security comprises of three

component parts: Data Security IT Security Compute Security

33. Management of IT Security: (Page 183)

Vulnerability management Threat management Trust management Identity management Information technology control and audit Security monitoring Incident management

34. Vulnerability management: (Page 183) Vulnerabilities are “weakness or exposures in IT

assets or processes that may lead to a business risk or security risk. A vulnerability management process is needed to combat this risk. Once identified, the vulnerabilities need to be prioritized and implemented based on the risk of the particular issue.

35. Threat management: (Page 183) A threat management included virus protection, spam control, intrusion detection, and security event management.

Page | 22


36. Trust management: (Page 184) Trust management includes encryption and access controls. To

ensure cryptography is applied in conformance with sound disciplines, there has to be a formal policy on the use of cryptography that applies across the organization.

37. Identity management: (Page 185) Identity management is the process used to determine who

has access to what in an organization. It is also one of the most difficult areas to manage due to the number of functions that must work together to implement proper controls. Identity management should be a collaborative effort between information security, applications development, operations, human resources, contracts/procurement, and business groups to implement.

38. Information technology control and audit: (Page 185) Integrating all these systems with a

common identity management program can be costly and time consuming. Gartner Group recommends implementing identity management over time by first proving success with a single function or application.

39. Security monitoring: (Page 185) Computer systems handling sensitive, valuable or critical

information must securely log all significant computer security relevant events. Examples of computer security relevant events include password guessing attempts, attempts to use privileges that have not been authorized, modifications to production application software, and modifications to system software.

40. Incident management: (Page 186) To deal with security incidents that affect the installation in a disciplined manner, security incidents (e.g. malfunctions, loss of power or communications services, overloads, and mistakes by users or personnel running the installation, access violations) have to dealt with in accordance with a formal process. Such process has to apply to all forms of security incident.

41. Accounting software: (Page 187) Accounting software is application software that records and processes accounting transactions within functional modules such as accounts payables, accounts receivables, payroll and trial balance. It functions as an accounting information system.

42. Composition of accounting software: (Page 187) Accounting software is typically composed

of various modules, different sections dealing with particular areas of accounting. Among the most common are:

Core Modules

Accounts receivable Accounts payable General Ledger Billing Stock/inventory Purchase order Sales order Cash book

Non Core Modules

Debt collection

Page | 23


Electronic payment processing Expense Inquiries Payroll Reports

43. Categories of accounting software: (Page 188)

Small business/personal accounting software: Mainly for home users that use payable type accounting transactions, managing budgets and simple reconciliation. Examples –

ePeachtree MYOB Plus Small Business Manager

Low-end accounting software: it allows most general business accounting functions

to be performed. Many of the low end products are characterized by being “single-entry” products, as opposed to double entry system seen in many businesses. Examples –

BusinessVision 32 MAS 90 & MAS 200 QuickBooks Pro 2003

Middle-Market accounting software: It may be capable of serving the needs of

multiple national accountancy standards and allow accounting in multiple currencies. In addition to general accounting functions, the software may include integrated or add-on management information systems, and may be oriented towards one or more markets. Examples –

ACCPAC Great Plains (Microsoft) MAS 90 & MAS 200 Navision

High-end accounting software: It is frequently part of an extensive suite of software

often known as Enterprise Resource Planning or ERP software. The advantage of high-end solution is that these systems are designed to support individual company specific processes, as they are highly customizable and can be tailored to exact business requirements. Examples –

Axapta (Microsoft Software) e- Business Suite (Oracle) MAS 500

Vertical Market: Some business accounting software is designed for specific business

types e.g. banking, construction, medical, non-profit etc. It will include features that are specific to that industry.

44. Checklist for selecting accounting software: (Page 190) Checklist of questions and key

features need to be addressed: Ability to drill down from summary general ledger data to individual transactions? Ability to import and export data to and from spreadsheets and work processing

programs?

Page | 24


Ability to generate custom reports? Fast posting of large batches of transactions? Strong security? Adequate technical support? Retention of historical data and ability to compare current results to past results? Ability to match direct expenses with specific clients and projects? Ability to allocate indirect costs to individual projects? Ability to integrate customer management and ecommerce functions? Ability to flow data from the program into your tax software? Ability to add more users at a later data with minimal cost increases?

Page | 25


CHAPTER 4 COMMUNICATION AND IT

1. Definition of Data communication: (Page 197) Data communication is the function of

transporting data from one point to another Or, Communication system is the process of transferring messages from one point to another. Here the data sender and receiver are normally machines, particularly computer devices and transmission medium may be telephone lines, microwave links, satellite links etc.

2. What are the basic elements of a Communication system? (Page 197) There are three (3) elements of Communication system i.e. sender, medium and receiver.

A Sender (source) which creates the message to be transmitted. A medium which carries the message A receiver (Destination) which receives the message

3. What are the ways/modes of data transmission modes? (Page 197) There are three ways

or modes for transmitting data from one point to another. These are simplex, half-duplex and full-duplex.

Simplex: If transmission is simplex, communication can take place in only one direction.

Half-duplex: This system can transmit data in both directions but only in one direction

at a time. This is the most common type of transmission for voice communications because only one person is supposed to speak at a time.

Full-duplex: This system allows information to flow simultaneously in both directions on

the transmission path.

4. What are the methods for delivering information? Or, How information is delivered?

(Page 198) There are three basic methods of delivering information. These are Unicast, Broadcast and Multicast.

Unicast: This is a type of transmission in which information is sent from only one sender to only one receiver. This is between one-to-one nodes. For e.g. Unicast transmission are HTTP, SMTP, Telnet, SSH, POP3.

Sender Receiver

Sender or (Receiver)

Receiver or (Sender)

Or

Sender and (Receiver)

Receiver and (Sender)

And

Page | 26


Broadcast: This is type of transmission in which information is sent from just one

computer but is received by all the computers connected to the network. For Ex. DHCP server and ARP ( address resolution protocol)

Multicast: This transmits a single message to a selected group of recipients. This is a

type of transmission or communication in which there is only one sender and the information sent is meant for a set of receivers.

5. What are the differences among unicast, broadcast and multicast? (Page 200)

Unicast: One-to-one, from one source to one destination. Broadcast: One-to-all, from one source to all possible destinations. Multicast: One-to-many, from one source to multiple destinations expressing an interest

in receiving the traffic. 6. What is Computer network? (Page 201) A computer network is a system of interconnected

computers. The computers of a network communicate with one another and share applications, data, voice and video and hardware components.

7. Classify the different types of Network? (Page 201) According to geographical area there

are three types of computer networks i.e. Local area network, Metropolitan area network and Wide area network.

A. Local area network (LAN):

A local area network (LAN) is a group of computers within a small area such as house, office or school which is connected each other.

Page | 27


All computers/ workstations connected on the LAN can communicate with one another. This allows users to share data, share expensive resources like printers and scanners, and communicate via email and instant messaging.

Most current LANs run on Ethernet and use the IEEE 802.3 protocol for communication.

B. Metropolitan area network (MAN): MAN is a computer network usually spanning a campus or a city which typically connect a few local area networks using high-speed technologies. It provides efficient connections to a wide area network (WAN). This network size falls intermediate between LANs and WANs. It usually covers an area

between 5 and 50km range. A MAN (like WAN) is not generally owned by a single organization. A MAN often acts as a high speed network to allow sharing of regional resources.

C. Wide area network (WAN): A WAN is a telecommunications network, usually used for connecting computers that spans a wide geographical area. WAN can be used to connect cities, states or even countries. It is used by large organizations.

8. What are the advantages and disadvantages of a LAN? (Page 202)

Advantages:

1. Workstations can share peripheral devices like printers. This is cheaper than buying a printer for every work stations.

2. Workstations do not necessarily need their own hard disk or CD-ROM drives. 3. User can save their work centrally on the networks file server. 4. Users can communicate with each other and transfer data between workstations very

easily. 5. One copy of each application package such as a word processor, spreadsheet etc. can be

loaded onto the file and shared by all users.

Disadvantages: 1. Special security measures are needed to stop users from using programs and data that

they should not have access to. 2. Networks are difficult to set up and need to be maintained by skilled technicians. 3. If the file server develops a serious fault, all the users are affected.

9. How WAN works? (Page 204)

WANs are either point to point, involving a direct connection between two sites or operate across packet-switched networks, in which data is transmitted in packets over shared circuits.

Point-to-point WAN service providers include both local telephone companies and long distance carriers.

10. Differences between LAN and WAN? (Page 204)

Key issues LAN WAN Covering areas

A LAN is restricted to a limited geographical coverage of a few kilometers.

WAN spans greater distances and may operate nationwide or even worldwide.

Cost to The cost to transit data in a LAN is The cost to transmit data may be very

Page | 28


transmit negligible since the transmission medium is owned by the user organization

high because the transmission medium used is leased lines or public systems such as telephone lines, microwave and satellite links.

Connections The computers, terminals and peripheral devise are usually physically connected with wires.

There may not be a direct physical connection between various computers.

Speed Data transmission is much higher in LAN than WAN. Typically transmission speeds in LANs are 0.1 to 100 mega bits per second.

The data transmission speed is normally of the order of 1800 to 9600 bits per second.

Data error Fewer data transmission errors Higher data transmission errors. 11. What are the different types of computer network as per STRUCTURE? (Page 205)

There are 3 different types of computer network. Centralized network Distributed network Hybrid network

12. What are the uses/ benefits of computer network? (Page 205) Computer network provides

many benefits Simultaneous access to program and data Sharing peripheral devices like printers, scanners etc. Personal communication using e-mail Making backup of information Aiding communication by teleconferencing and video-conferencing

13. Which devices are used in the network? (Page 205) The using devices are -

Router, Switch, Repeater, Bridge and Hub.

14. Router: A router is a device that forwards data packets along networks. It is connected to at

least two networks, commonly two LANs and WANs or a LAN and its ISP’s network. When data is sent between locations on one network or from one network to another network the data is always seen and directed to the correct location by router. It has a back side of router. The wide router would look similar but lack of antenna. A router may have

The port to internet connects to a modem Each of the ports to LAN can be used to connect to a computers adapter. The plug to power transformer always connects to the power transformer that shipped

with the product. The reset button is used to undo all the settings you made to the router.

15. Switch: A switch is a small hardware device that joins multiple computers together within one

local area network (LAN). Network switches are capable of inspecting data packets as they are received, determining the source and destination device of each packet and forwarding them

Page | 29


appropriately. A network switch can support 10/100 MBPS or 10/100/1000 MBPS port transfer rates.

16. Repeater: A repeater is a device that receives a digital signal on an electromagnetic or optical transmission medium and regenerates the signal along the next leg of the medium. A series of repeaters make possible the extension of a signal over a distance. Repeater removes the unwanted noise in an incoming signal. Even if weak or distorted, it can be clearly perceived and restored. Because digital signals depend on the presence or absence of voltage, they tend to dissipate more quickly than analog signals and need more frequent repeating.

17. Bridge: A bridge device filters data traffic at a network boundary. Bridges reduce the amount of

traffic on LAN by dividing it into two segments. Bridges inspect incoming traffic and decide whether to forward or discard it.

18. Hub: A hub is a device where the entire connecting mediums come together. A hub is a medium

used to collect signals from the input line(s) and redistribute them in various available writings around a topology. Hub basically acts as signal splitter, it accepts signal through its input port and output it to the output ports.

19. Classification of Hubs: (Page 209) Three different types of HUBs exist i.e. passive, active and

intelligent. Passive hubs do not amplify the electrical signal of incoming packets before

broadcasting them out to the network. Active hubs do perform this amplification Intelligent hubs add extra features to active hub that are of particular importance of

business. 20. What is network topology? (Page 210) A network topology is how computers and other

devices are connected over a network. It describes the layout of wires, devices and routing paths.

21. Discuss the different type physical topologies? (Page 210) There are 6 different common topologies used in networks and other related topics. A. Linear bus topology:

This topology consists of a main run of cable with a terminator at each end. All nodes (file server, workstations) are connected to the linear table.

The bus topology was fairly popular in the early years of networking. It’s easy to set up but not to mention inexpensive. All devices on the bus topology are connected using a singe cable.

It is extremely important to note that both ends of the main cable need to be terminated. If there is no terminator, the signal will bounce back when it reaches the end.

Lastly the bus topology is commonly less common these days.

B. Ring topology: The ring topology is very a very interesting topology indeed. It is a lot more complex that

it may seem. It looks like just a bounch of computers connected in a circle. Beyond the scenes it is providing a collision free and redundant networking environment.

It is noted that since there is no end on a ring topology, no terminators are necessary. A frame travels along the circle, stopping at each node.

Page | 30


C. Star topology :

One of the most popular topologies for Ethernet LANs is the star and extended star topology. It is easy to set up and relatively cheap and it creates more redundancy than bus topology.

It works by connecting each node to a central device. This central connection allows us to have a fully functioning network even when other devices fail.

A star topology is designed with each node (file server, workstations, and peripherals) connected directly to a central network hub, switch or connector.

D. Tree (Expanded Star) topology: A tree topology combines characteristics of linear bus

and star topologies. It consists of group of star-configured workstations connected to a linear butch backbone cable. Tree topologies allow for the expansion of an existing network and enable schools to configure a network to meet their needs.

E. Hierarchical topology: This topology is much like the star topology, except that it doesn’t use a central node. Although Cisco prefers to call this Hierarchical. This type topology suffers from the same centralization flaw as the star topology. If the device that is on top of the chain fails, consider the entire network down.

F. Mesh topology: There are two types of mesh topology one is full mesh topology and another is partial mesh topology. The full-mess topology connects every single node together. This will create the most

redundant and reliable network around especially for large networks. If any link fails, we should always have another link to send data through.

The Partial-Mesh topology is much like the full mesh. Only we don’t connect each device to every other device on the network. Instead we only implement a few alternate routes.

17. Mention the advantages and disadvantages of linear Bus, Ring, Star and Tree

topology? (Page 210)

Advantages Disadvantages Bus Topology

1. Easy to connect a computer or peripheral to a linear bus

2. Requires less cable length than a star topology

1. Entire network shuts down if there is a break in the main cable

2. Terminator are required at both ends of the backbone cable

3. Difficult to identify the problem if he entire network shuts down

4. Not meant to be used as a stand – alone solution in a large building.

Page | 31


Ring Topology

1. It works well where there is no central site computer system. It is truly distributed data processing system

2. It is more reliable than a network because communication is not dependent on a single host computer

1. In this network, communication delay is directly proportional to a number of nodes in the network. Hence addition of new nodes in the network increases the communication delays.

2. The ring network is not as popular as star network because of its more complicated control software.

Star Topology

1. Easy to install and wire 2. If any of the local computers fail,

the remaining portion of the network is unaffected

3. Easy to detect faults and to remove parts

4. Transmission delays between two nodes do not increase by adding new nodes to the network because any two nodes may be connected via two links only.

1. Requires more cable length than a linear topology

3. The system crucially depends on the central node. If the host computer fails, the entire network fails.

Tree or Expanded Star

1. Point to point wiring for individual segments

2. Supported by several hardware and software vendors

1. Overall length of each segment is limited by the type of cabling used

2. If the backbone line breaks, the entire segment goes down

18. What factors should consider when choosing a topology for installing a Computer

Network? (Page 216) The following factors should consider when we are choosing a topology for installing a computer network.

Reliability of the entire system Expandability of the system Cost involved Availability of communication lines Delays involved in routing information from one node to another

Indeed, an organization usually use some sort of hybrid network, which is simply a combination network. The exact shape or configuration of the network depends on the needs and overall organizational structure of the computer involved.

19. What is network software? (Page 217) Network software is the data communication software

that is responsible for holding all data communications system together. It instructs computer system and devices as to exactly how the data is to be transferred from one place to another.

20. What does network software do? (Page 217) Software controls the operations of computer networks. The software that manages the resources of the network is often called the network operating system; servers in LANs rely on network operating systems such as Novell Network, IBM OS/2 warp server, Microsoft Windows NT server.

Page | 32


21. What is the communication software? (Page 217) A variety of communication software packages are available for micro-computers, especially for internet web browsing like Microsoft explorer, Mozilla Firefox, Microsoft access etc.

22. What are the functions of communication software? (Page 217) Several functions of

communication software packages are for ex. Access control, Transmission Control, Network Management, Error Control, Security Management etc.

1. Access control: it is responsible for establishing the connection between terminals and computers in a network. This control activity include connecting links through modems, establishing communication parameters i.e. speed, mode and direction, automatic telephone dialing and redialing, logging on and off with appropriate account numbers.

2. Transmission Control: This function allows computer and terminals to send and receive commands, messages, data and programs. Data and programs are usually transmitted in the form of files and thus, this activity is also called the transfer.

3. Error control: This function involves detection and correction of errors. Communication software and processes detect errors in transmission by different methods, including parity checking and cyclic redundancy check (CRC).

4. Network Management: This function manages communication in computer network. It also monitors network activity and the use of network resources by end users. Security management is required to protect a computer from unauthorized access.

23. What is communication protocol? (Page 219) In data communication process, “a protocol is

a set of rules and procedures established to control transmission between two points so that the receiver a properly interpret the bit stream transmitted by the sender”. It provides a method and efficient exchange of data by establishing rules for the proper interpretation of controls and data transmitted as raw bits and bytes.

24. What are the elements of Protocol? (Page 219) In computer network, communication occurs between entities in different systems. An entity is anything capable of sending or receiving information. However, two entities can not simply send bit entities to each other and expect to be understood. To occur the communication, the entities must agree on a protocol. A protocol defines what is communicated, how is communicated and when it is communicated.

25. Key elements of protocol: (Page 219) 3 (three) Key elements of protocol: Syntax: The term syntax refers to the structure and format of the data, meaning the

order in which they are presented. Semantics: This refers to the meaning of each station of bits. Timing: This refers to two characteristics; when data should be sent and how fast they

can be sent.

26. What are the roles of protocol? (Page 220) In a computer network, Data Communication software normally performs the following functions for the efficient and error free transmission of data:

Data sequencing: It refers to a long transmission into smaller blocks and maintaining control.

Data Routing: This is designed to find the most efficient paths between sources and destinations.

Page | 33


Flow Control: A communication protocol also prevents a fast sender from overwhelming a slow receiver. It also ensures resources sharing and protection against congestion by regulating the flow of data on the communication line.

Error Control: Error detecting and recovering routines are also an important elements of communication protocols. The most common method for correcting errors is to retransmit a block.

Precedence and order of Transmission: This is ensured that all stations get a chance to use the communication lines and other resources of the network depending upon the priorities assigned to them.

Connection establishment: when two stations of a network want to communicate with each other, the communication protocol establishes and verifies a connection between the two.

Data Security: Providing data security and privacy is also built into most communications software packages. It prevents access of data by unauthorized users because it is relatively easy to trap a data communication line.

Log Information: Data communications software can also develop log information which consists of all jobs and data communications tasks that have taken place.

27. What do you mean by OSI Model? Or What is OSI model? (Page 221) Open System Interconnections (OSI) model is a reference model developed by ISO (International Organization for Standardization) in 1984 as a conceptual framework of standards for communication in the network across different equipment and applications by different vendors.

It is considered the primary architectural model for inter-computing and networking communications.

Most of the Communication protocols used today have a structure based on the OSI model.

This model defines the communication process in to 7 layers which divides the tasks involved with moving information between networked computers in to seven smaller, more manageable task groups.

28. 7 Layers of OSI Model: (Page 222)

7 Application Supports application and end user process. Provides application services to file transfers, email and other network

software services. 6 Presentation Translates from application to network format and vice versa.

Formats and encrypts/ decrypts data to be sent across a network 5 Session Establishes, manages and terminates connections between

applications. Deals with session and connection coordination.

4 Transport Responsible for end to end error recovery and flow control. Ensures complete data transfer.

3 Network Creates logical paths for transmitting data from node to node. Includes switching, routing and forwarding.

2 Data Link Packets are encoded and decoded into bits. Two slab layers: Media Access Control (MAC) and Logical Link Control

(LLC) 1 Physical Conveys the bit stream-electrical, light or radio signal through the

network at the electrical; and mechanical

Page | 34


Page | 35


CHAPTER 5 INTERNAL CONTROL IN COMPUTER BASED BUSINESS SYSTEM

1. What is the definition of internal control? (Page 228) Internal controls are the processes

that auditor develop to administer unit effectively. They generally include rules and procedures. The collective result should be a dynamic process which is designed to provide reasonable, but not absolute assurance regarding the achievement of objectives with regard to the following:

Effectiveness and efficiency of operations Reliability with applicable laws and regulations Compliance with applicable laws and regulations.

2. What are the features of IC? (Page 228)

It affects every aspect of an o0rganization including all of its people, processes and infrastructure.

It is a basic element that permeates an organization, not a feature that is added on Incorporate the qualities of good management It is dependent upon people and will succeed or fail depending on the attention people

give to it It is effective when all of the people and surrounding environment work together It provides a level of comfort regarding the likelihood of achieving organizational

objectives and It helps an organization achieve its mission

3. What are the purposes of IC? (Page 228-229) While the overall purpose of IC is to help an

organization achieves its mission, it also helps an organization to - Promote orderly, economical, efficient and effective operations and produce quality

products and services consistent with the organization’s mission Safeguard resources against loss due to waste, abuse, mismanagement directives Develop and maintain reliable financial and management data, and accurately present

that data in timely reports.

4. How do you evaluate IC? (Page 229) The first place to start is to establish a framework that allows companies to assess existing internal controls. The framework has 5 key phases.

Define IC Organize project team and plan Evaluate controls at the entity level Evaluate controls at the process, transaction or application level Evaluate, improve and monitor

5. What are the components of IC? Or, what are the standards of IC? (Page 229)

Control environment Risk assessment Control activities Information and communication Monitoring

There is a synergy and integration among control components that helps form an integrated system that reacts dynamically to changing conditions.

Page | 36


6. What control activities are taken for IT? (Page 231) While some of the control activities

relating to information technology (IT) are the responsibility of specialized IT personnel, other IT control activities are the responsibility of all employees who use computers in their work. The control activities are

Encryption tools, protocols or similar features of software applications that protect confidential or sensitive information from unauthorized individuals

Back-up and restore features of software applications that reduce the risk of lost data Virus protection software and Passwords that restrict user access to networks, data and applications

7. What are the components of the control activity? (Page 232) ICs rely on the principle of

checks and balances in the workplace. The following components focus on the control activity - Personnel Authorization procedures Segregation duties Physical restrictions Documentation and record retention Monitoring operations

8. What are the limitations of IC? (Page 233) There is no such thing as a perfect control

system. Limitations which may hinder the effectiveness of an otherwise adequate system of controls include

Resource constraints Inadequate skill, knowledge or ability Degree of motivation by management and employees Faulty judgments Unintentional errors

9. What are the elements of a good Internal Control system? (Page 234) There are 4 (four)

elements in a good internal control system A. Separation of duties B. Authorization C. Documentation D. Reconciliation

A. Separation of duties: No person should have control a transaction from beginning to end.

Ideally, no person should be able to record, authorize and reconcile a transaction.

Why? To protect employees To prevent and detect intentional and unintentional errors and To encourage better job performance

Key points (Page 234)

B. Authorization: Transactions should be authorized and executed by persons acting within

the range of their authority.

Page | 37


Why? To prevent invalid transactions

Key points (Page 235)

C. Documentation: Transactions should be clearly and thoroughly documented and available

for review.

Why? Documents provide a record of each event or activity Appropriate documentation helps to ensure assets are properly controlled Documents provide evidence the accuracy and completeness of transactions

Key points for non payroll and payroll (from manual, page 236)

D. Reconciliation: Reconciliation is the process of compari8ng the entries in general ledger to

supporting documentation and resolving any discrepancies i.e. accounts payable, accounts receivable, cash, property depreciation, interest income and other. For payroll, reconciliation is the process of comparing the entries on the time sheet report to supporting documentation and resolving any discrepancies.

10. What are the objectives of IT control? (Page 240) The objectives of IT control relate to the

confidentiality, integrity and availability of data and overall management of the IT function of the business enterprises.

11. Describe the categories of IT control? (Page 240) IT controls are often described in two

categories - A. IT general control (ITGC): ITGC represent the foundation of the IT control

structure. ITGC include controls over the information technology (IT) environment, computer operations, access to programs and data, program development and program changes.

B. IT application control (ITAC): IT application controls refer to transaction processing controls, sometimes called “Input-processing-output” controls. These are fully automated design to ensure the complete and accurate processing of data, from input through output. These controls also help ensure the privacy and security of data transmitted between applications. Categories of IT application control may include -

Completeness checks Validity checks Identification Authentication Input controls

12. Discuss the COBIT and COSO in Internal Control Framework. (Page 242)

COBIT: COBIT is a widely-used framework containing best practices for both ITGC and application controls. It consists of domains and processes. The basic structure indicates that IT processes satisfy business requirements which is enable by specific IT control activities. It also recommends the best practices and methods of evaluation of an enterprise’s IT controls.

Page | 38


COSO: The Committee of Sponsoring Organization of the Trade Way Commission (COSO) identifies five components of internal control i.e. control environment, risk assessment, control activities, information and communication and monitoring that need to be place to achieve financial reporting and disclosure objectives.

13. What are the effects or impact of IT on Internal Audit? (Page 243-248) The effects of IT on Internal Audit are summarized under four main headings

A. Changes in the audit trail and audit evidences B. Changes in the internal controls environments C. New opportunities and mechanisms for fraud and error and D. New audit procedures

A. Changes in the audit trail and audit evidences: The existence of audit trail is a key

financial audit requirement, since without an audit trail, the financial auditor have extreme difficulty in gathering sufficient, appropriate audit evidence to validate the figures in the client’s accounts. The stages of Changes in the audit trail and audit evidences are -

Data retention and storage Absence of input documents Lack of a visible audit trail Lack of visible output Audit evidence Legal issues

B. Changes in the internal controls environments: The internal controls within a client’s

financial systems, both manual and computerized, can be divided into several categories Personnel Segregation of duties Authorization procedures Record keeping Access to assets and records Management supervision and review

a. Segregation of duties b. Concentration of programs and data

C. New opportunities and mechanisms for fraud and error:

System Generated Transactions System Error

D. New audit procedures: Within a computerized environment the auditor may be required

to adopt a different audit approach to gain sufficient audit evidence to provide an opinion on the financial statements.

14. What are the main types of IT audit? (Page 248-250)

Operational computer system/ Network audits IT installation Audits Developing Systems Audits IT Management Audits IT Process Audits Change Management Audits

Page | 39


Information security & Control Audits IT Legal Compliance Audits Certification and Other Compliance Audits Disaster contingency, Business continuity, Planning and IT Disaster Recovery Audits IT strategy Audits Special Investigations

15. What is CAAT? (Page 250-251) CAATs are tools or utilities to help auditors select, gather,

analyze and report audit findings. Here are the sorts of questions that an IT auditor might want to ask -

What were the top 10% of transactions by value last march? How many changes were made to the customer details file during the previous year? Are there any out-of-range or unusual data values in column 4 or any suspicious data

patterns? Are any of our suppliers also employees? Who will win the winter Olympics?

16. What are the responsibilities of Control Managers? (Page 253) Management is

responsible for establishing and maintaining control to achieve the objectives of effective and efficient operations and reliable information systems. Management should consistently apply internal control standards to meet each of the internal control objectives and to assess internal control effectiveness.

17. What measures the Information Managers must take? (Page 253)

Develop and Implement appropriate, cost effective internal control for results oriented management.

Assess the adequacy of internal control in programs and operations Separately assesses and document internal control over information systems consistent

with the information security policy of the organization Identify needed improvements Take corresponding corrective action And report annually on internal control through management assurance statements.

18. What is COBIT and COBIT Framework? (Page 254) The Information Systems Audit &

control Foundation (ISACF) developed the Control Objectives for Information and related Technology (COBIT). COBIT is a framework of generally applicable information systems security and control practices for IT Control. The framework allows -

Management to benchmark the security and control practices of IT environments Users of IT services to be assured the adequate security and control exist and Auditors to substantiate their opinions on internal control and to advice on IT security

and control matters.

19. What are the advantages/ Dimension of COBIT Framework? (Page 255) The framework addresses the issue of control from the vantage points or dimensions.

1. Business Objectives: To satisfy business objectives, information must conform to certain criteria that COBIT refers to as business requirements for information. The criteria are divided into seven distinct overlapping categories that map into the COSO objectives: Effectiveness (relevant, pertinent and timely), efficiency, confidentiality, integrity, availability, compliance with legal requirements and reliability.

Page | 40


2. IT resources, while include people, application system, technology, facilities and data. 3. IT processes, which are broken into four domains: Planning and organization,

acquisition and implementation, delivery and support and monitoring.

20. What is COBIT structure? (Page 258) COBIT covers four domains: Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate

21. Information Systems Control Techniques: (Page 259) The basic purpose of information

system controls in an organization is to ensure that the business objectives are achieved and undesired risk events are prevented or detected and corrected. When reviewing a client’s control systems the auditor will be able to identify three components of internal control. The information system auditor will be most familiar with:

1. Accounting Control: Those controls which are intended to safeguard the client’s assets and ensure the reliability of the financial records.

2. Operational Control: These deals with the day to day operations, functions and activities are contributing to business objectives.

3. Administrative Controls: These are concerned with ensuring efficiency and compliance with management policies, including the operational controls.

22. Auditor’s Categorization of Controls: (Page 259) We categorize the controls into following 4

groups: 1. Preventive Controls: Preventive Controls are those inputs, which are designed to

prevent an error, omission or malicious act occurring. One of the examples is to use of password to gain access to a financial system.

2. Detective Control: These controls are designed to detect errors, omissions or malicious acts that occur and report the occurrence.

3. Corrective Controls: Corrective Controls are designed to reduce the impact or5 correct an error once it has been detected. Corrective controls may include the use of default dates on invoices where an operator has tried to enter the incorrect date.

4. Compensatory Controls: Controls are basically designed to reduce the probability of threats, which can exploit the vulnerabilities of an asset and cause a loss to that asset.

23. Audit Trails: (Page 262) Audit Trails are logs that can be designed to record activity at the system, Application and user level. Objectives of Audit Trails:

Detecting unauthorized access to the system Facilitating the reconstruction of events; and Promoting personal accountability.

24. Implementing an Audit Trail: (Page 263)

Information contained in audit logs measuring the potential damage and financial loss associated with application errors, abuse of authority.

Audit logs also provide valuable evidence or assessing both the adequacies of controls in place and the need for additional controls.

Page | 41


25. User Controls: (Page 264) Validity of computer application systems output lies ultimately with the users is responsible for data submission and for correction of errors that are the result inaccurately submitted data.

26. Controls over System Selection, Acquisition/Development: (Page 266) System development and acquisition control include the following key elements:

1. Strategic Master Plan 2. Project Controls 3. Data Processing Schedule 4. System Performance Measurement 5. Post Implementation review.

27. Acceptance Testing: (Page 268) Acceptance Testing is a complete end-to end test of the

operational system including all manual procedures.

28. The post Implementation Review: (Page 269) The full scope of a Post Implementation Review (“PIR”) will depend largely on the scale and complexity of the project.

29. Change Management Controls: (Page 273) To properly control information system changes

companies need formal change management control policies. 30. Authorization Controls: (Page 274) Authorization controls ensure all information and data

entered or used in processing is: Authorize management Representative of events that actually occurred.

31. Documentation controls: (Page 274) The documentation contains descriptions of the hardware, software, policies, and standards, procedures and approvals related to the system and formalize the system security controls. Assessing documentation involves evaluating OJP’s efforts to complete the following critical procedures:

There is sufficient documentation that explains how software/hardware is to be used. There are documented formal security and operational procedures.

32. Testing and Quality Controls: (Page 275) Testing commences during the design phase,

during which designs and specifications should be subject to quality reviews(non-computer testing) and continues during the system development and acceptance testing phases of the SDLC (System Development life cycle).

33. Quality Reviews: (Page 276) Quality review covers various non-computer testing activities. 34. Data Integrity: (Page 278) The primary objective of data integrity control techniques is to

prevent, detect and correct errors in transaction as they flow though they flow through the various stages of a specific data processing program. Assessing data integrity involves evaluating the following critical procedures:

Virus detection and elimination software is installed and activated Data integrity and validation controls are used to provide assurance that the information

has not been altered and the system functions as intended.

35. Threats to the Computerized Environment: (Page 283)

Page | 42


1. Power Loss 2. Communication Failure 3. Disgruntled Employees 4. Errors 5. Malicious Coe 6. Abuse of access privileges by employees 7. Natural Disasters 8. Theft or Destruction of computing Resources 9. Downtime due to technology failure 10. Fire, etc.

36. The Risk Management Cycle: (Page 288) It is a process involving the following steps:

Identifying assets Vulnerabilities and threats Assessing the risks Developing a risk management plan Implementing risk management actions Reevaluating the risks.

These steps are categorized into 3 primary functions -

Risk Identification Risk Assessment Risk mitigation

The End