Transcript Final Review - detailed slides

What is an AIS?
• A system is a set of two or more interrelated
components that interact to achieve a goal.
• Systems are almost always composed of smaller
subsystems, each performing a specific function
supportive of the larger system.
• An accounting information system (AIS)
consists of:
–
–
–
–
–
People
Procedures
Data
Software
Information technology
Functions of an AIS?
• What important functions does the AIS
perform in an organization?
1 It collects and stores data about activities
and transactions.
2 It processes data into information that is
useful for making decisions.
3 It provides adequate controls to safeguard
the organization’s assets.
How An AIS Can Add Value
To An Organization
• An AIS adds value...
– by providing accurate and timely
information so that five primary value
chain activities can be performed more
effectively and efficiently. This is done
by:
– improving the quality and reducing the costs of
products or services.
How An AIS Can Add Value
To An Organization
An AIS can…
– improve efficiency.
– improve decision making capabilities.
– increase the sharing of knowledge.
– Improve decision making.
– Improve the internal control structure.
• A well-designed AIS can also help an
organization profit by improving the efficiency
and effectiveness of its supply chain.
Basic Subsystems in the AIS
Financing
Cycle
Expenditure
Cycle
Human
Resources
General Ledger & Reporting System
Production
Cycle
Revenue
Cycle
Factors Influencing
Design of the AIS
Organizational
Culture
Strategy
AIS
Information
Technology
What is the Chart of Accounts?
• The chart of accounts is a list of all general
ledger accounts used by an organization.
• It is important that the chart of accounts
contains sufficient detail to meet the
information needs of the organization.
The Value Chain
• The ultimate goal of any business is to
provide value to its customers.
• A business will be profitable if the
value it creates is greater than the cost
of producing its products or services.
The Value Chain
Primary Activities
Inbound
Logistics
Marketing
and Sales
Operations
Outbound
Logistics
Service
The Value Chain
Support Activities
Infrastructure
Technology
Human
Resources
Purchasing
The Value System
• The value chain concept can be
extended by recognizing that
organizations must interact with
suppliers, distributors, and customers.
• An organization’s value chain and the
value chains of its suppliers,
distributors, and customers collectively
form a value system.
Information and Decision
Making
• What is information?
• The term data refers to any and all of
the facts that are collected, stored, and
processed by an information system.
• Information is data that has been
organized and processed so that it is
meaningful.
Information and Decision
Making
Characteristics of Useful Information
Relevant
Timely
Reliable
Understandable
Complete
Verifiable
Decision Structure
• Structured decisions are repetitive, routine,
and understood well enough that they can
be delegated to lower-level employees in
the organization.
• An example is:
– Extending credit to customers.
Decision Structure
• Semistructured decisions are characterized
by incomplete rules for making the decision
and the need for subjective assessments and
judgments to supplement formal data
analysis.
• An example is:
– Setting a marketing budget for a new product.
Decision Structure
• Unstructured decisions are nonrecurring
and nonroutine.
• An example is:
– Choosing the cover for a magazine.
Strategy and Strategic Positions
Two Basic Strategies
To be a lower-cost producer than competitors
To differentiate products and services from
competitors
Strategy and Strategic Positions
Three Basic Strategic Positions
Variety-based strategic position
Need-based strategic position
Access-based strategic position
What is the Value of
Information?
• The value of information is the benefit
produced by the information minus the cost
of producing it.
Managerial Reports
• The AIS must also be able to provide
managers with detailed operational
information about the organization’s
performance.
• What reports does management need?
– inventory status
– budgets
– performance reports
Managerial Reports
What is a budget?
• A budget is the formal expression of goals
in financial terms.
• What are some types of budgets?
– cash
– operating
– capital
Managerial Reports
What is a performance report?
• A performance report lists the budgeted and
actual amounts of revenues and expenses
and also shows the variances, or differences,
between these two amounts.
The Systems Development
Life Cycle
•
What are the five steps in the systems
development life cycle (SDLC)?
1.
2.
3.
4.
5.
Systems analysis
Conceptual design
Physical design
Implementation and conversion
Operations and maintenance
The Systems Development
Life Cycle
Systems Analysis
Conduct initial investigation
Conduct system survey
Conduct feasibility study
Determine information needs and
system requirements
Deliver systems requirements
Feasibility
analysis and
decision points
The Systems Development
Life Cycle
Conceptual Design
Evaluate design alternatives
Develop design specifications
Deliver conceptual design
requirements
Feasibility
analysis and
decision points
The Systems Development
Life Cycle
Physical Design
Design:output/database/input
Develop programs
Develop procedures
Design controls
Deliver developed system
Feasibility
analysis and
decision points
The Systems Development
Life Cycle
Implementation and Conversion
Develop plan
Install hardware and software
Train personnel, test the system
Complete documentation
Convert from old to new system
Fine-tune and review
Deliver operational system
Feasibility
analysis and
decision points
The Systems Development
Life Cycle
Operation and Maintenance
Operate system
Modify system
Do ongoing maintenance
Deliver improved system
Systems
Analysis
The Players
• Who are the people involved in developing
and implementing AIS?
–
–
–
–
–
–
management
accountants
information systems steering committee
project development team
systems analysts and programmers
external players
Planning Techniques
• Two techniques for scheduling and
monitoring systems development activities
are:
1 PERT
2 Gantt chart
– PERT (program evaluation and review
technique) requires that all activities and the
precedent and subsequent relationships among
them be identified.
Planning Techniques
• What is the critical path?
– The path requiring the greatest
amount of time.
– The total time of the project can be
reduced by shortening the critical
path.
– If any activity on the path takes longer
than anticipated, a delay occurs.
Planning Techniques
4
G
F
C
1
A
6
D
2
5
E
B
Critical path
A,B,E
3
Planning Techniques
• A Gantt chart is a bar chart with project
activities listed on the left-hand side and
units of time (days or weeks) across the top.
• For each activity, a bar is drawn from the
scheduled starting date to the ending date.
• As activities are completed, the bar is filled
in.
Planning Techniques
Project Planning Chart
(Sample
Gantt
Chart)
______________________________________________
Activity
Week Starting
______________________________________________
1
______________________________________________
2
______________________________________________
3
______________________________________________
4
______________________________________________
5
______________________________________________
6
______________________________________________
7
______________________________________________
8
______________________________________________
Feasibility Analysis
• What are some capital budgeting
techniques?
– payback period
– net present value (NPV)
– internal rate of return (IRR)
Ways to obtain an AIS
Purchase
Build
Lease
(Pre-written)
(Customized)
(Pre-written)
Canned
Software
Turnkey
(H/W & S/W)
“Modified”
Canned
Software
In-house
Developed
I.S.
Developed
Out-sourced
(External)
End-user
Developed
(EUD)
Application
Service
Provider
(ASP)
Purchase Software
• Canned software is written by computer
manufacturers or software development
companies.
• It is sold on the open market to a broad
range of users with similar requirements.
• Turnkey systems are a combination of
software and hardware sold as a package.
Development by In-House
IS Department
• In the past, most organizations had their
information system departments develop custom
software, because canned software that fit their
specific needs was not available.
• Developing custom software is difficult and errorprone.
• It also consumes a great deal of time and
resources.
Outsource the System
• What is outsourcing?
– It is hiring an outside company to handle all or
part of an organization’s data processing
activities.
• In a mainframe outsourcing agreement, the
outsourcers buy their client’s computers and
hire all or most of the client’s employees.
Outsource the System
• In a client/server or PC outsourcing
agreement, an organization outsources a
particular service, a segment of its business,
a particular function, or PC support.
Outsource the System
Benefits of Outsourcing
A business solution
Asset utilization
Access to greater expertise and
more advanced technology
Lower costs
Improved development time
Elimination of peaks and valleys usage
Facilitation of downsizing
Outsource the System
Risks of Outsourcing
Inflexibility
Loss of control
Reduced competitive advantage
Locked-in system
Unfulfilled goals
End-User-Developed Software
• End-user computing (EUC) is the hands-on
development, use, and control of computerbased information systems by users.
• When end users began to meet their initial
information needs two things happened:
1 Users realized computers could be used to meet
more and more information needs.
2 Increased access to data created many new uses
and needs for information.
Prototyping
• What is prototyping?
– an approach to systems design in which a
simplified working model of a system is
developed.
• A prototype, or “first draft,” is quickly and
inexpensively built and provided to users
for testing.
Prototyping
• What four steps are involved in developing
a prototype?
1. Identify basic systems requirements.
2. Develop an initial prototype that meets the
agreed-on requirements.
3. Users identify changes, developers make
changes, and the system is turned over to the
user.
4. Use the system approved by the users.
Prototyping
Advantages of Prototyping
Better definition of user needs
Higher user involvement and satisfaction
Faster development time
Fewer errors
More opportunity for changes
Less costly
ASPs
• An Application Service Provider (ASP) is a
company that provides access to and use of
application programs via the Internet.
• The ASP owns and hosts the software; the
contracting organization accesses the
software via the Internet.
Factors to Consider When
Evaluating ASPs
•
•
•
•
•
•
•
Advantages
Lower costs
Automatic upgrading to
current version of software
Need fewer in-house IT staff
Reduced hardware needs
Flexibility
Knowledge support
Security and privacy of data
•
•
•
•
•
Disadvantages
Viability of ASP
Security and privacy of
data
Availability & reliability of
service
Inadequate support or poor
responsiveness to problems
Standard software that may
not meet all customized
needs
Factors to Include in Service
Level Agreements
• Detailed specification of expected ASP
performance
–
–
–
–
Uptime
Frequency of backups
Use of encryption
Data access controls
• Remedies for failure of ASP to meet contracted
service levels
• Ownership of data stored at ASP
Computer-Aided Software
Engineering (CASE)
• CASE is an integrated package of computerbased tools that automate important aspects of
the software development process.
• CASE tools are used to plan, analyze, design,
program, and maintain an information system.
• They are also used to enhance the efforts of
managers, users, and programmers in
understanding information needs.
Systems Implementation
•
•
Conversion:
There are four conversion approaches.
1.
2.
3.
4.
Direct conversion
Parallel conversion
Phase-in conversion
Pilot conversion
Systems Implementation
Direct Conversion Method
Old system
New system
Systems Implementation
Parallel Conversion Method
Old system
New system
Systems Implementation
Phase-in Conversion Method
Old system
New system
Systems Implementation
1
Pilot Conversion Method
3
2
1
2
3
Old Old Old
1
Old Old New
2
3
Old New New
1
2
3
New New New
What is Project Management?
• Project Management is a set of principles,
methods and techniques for effective
planning of objective-oriented work,
thereby establishing a sound basis for
effective scheduling, controlling, and
replanning in the management of programs
and projects.
Project Management Triangle
COST
(PRICE)
SCHEDULE
(SPEED)
PERFORMANCE / SCOPE
(QUALITY)
IDEAL
SETTLE FOR
Benefits of Project Management to
the Project
•
•
•
•
•
•
Autonomy within the defined scope
Top management support
Assurance of reaching desired target
Formal cooperation from functions
Visibility
Influence
Project Life Cycle
•
•
•
•
•
•
Conceptual
Feasibility Study
Definition
Detailed Planning
Implementation
Evaluation
Team Development Graph
Optimum
Personal Relationship
Team
Development
Performing
Norming
Storming
Forming
Task Functions
Threats to AIS
• Natural and political disasters:
– fire / heat / floods / earthquakes / winds / war
• S/W errors & Equipment Malfunctions:
– H/W failures / power outages / data transmission errors
• Unintentional acts:
– accidents / lost data / human & logic errors /systems that do
not meet company needs
• Intentional acts:
– Sabotage / computer fraud / embezzlement
Physical Access Controls
• How can physical access security be achieved?
– placing computer equipment in locked rooms and
restricting access to authorized personnel
– having only one or two entrances to the computer
room
– requiring proper employee ID
– requiring that visitors sign a log
– installing locks on PCs
Logical Access Controls
• Users should be allowed access only to the data
they are authorized to use and then only to
perform specific authorized functions.
• What are some logical access controls?
–
–
–
–
passwords
physical possession identification
biometric identification
compatibility tests
Protection of PCs and
Client/Server Networks
• Many of the policies and procedures for mainframe
control are applicable to PCs and networks.
• The following controls are also important:
–
–
–
–
–
–
–
–
Train users in PC-related control concepts.
Restrict access by using locks and keys on PCs.
Establish policies and procedures.
Portable PCs should not be stored in cars.
Back up hard disks regularly.
Encrypt or password protect files.
Build protective walls around operating systems.
Use multilevel password controls to limit employee access to
incompatible data.
Internet Controls
• Caution when conducting business on the Internet:
– the global base of people that depend on the Internet
– the variability in quality, compatibility, completeness, and
stability of network products and services
– access of messages by others
– security flaws in Web sites
– attraction of hackers to the Internet
• Controls used to secure Internet activity:
–
–
–
–
passwords
encryption technology
routing verification procedures
Firewall = a barrier between the networks that does not allow
information to flow into and out of the trusted network.
Principles of a Reliable System
1. Security of the system against unauthorized
physical and logical access.
2. Availability of the system when needed.
3. Maintainability of the system as required
without affecting its availability, security, and
integrity.
4. Integrity of the system to ensure that processing
is complete, accurate, timely, and authorized.
The Criteria Used To Evaluate
Reliability Principles
•
For each of the four principles of reliability, three criteria
are used to evaluate whether or not the principle has been
achieved.
1.
2.
3.
The entity has defined, documented, and communicated
performance objectives, policies, and standards that achieve each
of the four principles.
The entity uses procedures, people, software, data, and
infrastructure to achieve each principle in accordance with
established policies and standards.
The entity monitors the system and takes action to achieve
compliance with the objectives, policies, and standards for each
principle.
Controls Related to More Than One
Reliability Principle
• Strategic Planning & Budgeting
• Developing a Systems Reliability Plan
• Documentation
– Administrative documentation: Describes the standards and
procedures for data processing.
– Systems documentation: Describes each application system and
its key processing functions.
– Operating documentation: Describes what is needed to
run a program.
•
•
•
•
•
Equipment configuration
Program and data files
Procedures to set up and execute jobs
Conditions that may interrupt program execution
Corrective actions for program interruptions
Estimate Cost and Benefits
• No internal control system can provide foolproof
protection against all internal control threats.
• The cost of a foolproof system would be
prohibitively high.
• One way to calculate benefits involves calculating
expected loss.
• The benefit of a control procedure is the difference
between the expected loss with the control
procedure(s) and the expected loss without it.
Expected loss = risk × exposure
Segregation of Duties Within
the Systems Function
• Organizations must implement compensating control
procedures.
• Authority & responsibility must be clearly divided
among the following functions:
1
2
3
4
5
6
Systems analysis
Programming
Computer operations
Users
AIS library
Data control
Segregation of Duties
Custodial Functions
Handling cash
Handling assets
Writing checks
Receiving checks in mail
Recording Functions
Preparing source documents
Maintaining journals
Preparing reconciliations
Preparing performance reports
Authorization Functions
Authorization of
transactions
Segregation of Duties
• If two of these three functions are the
responsibility of a single person, problems
can arise.
• Segregation of duties prevents employees
from falsifying records in order to conceal
theft of assets entrusted to them.
• Prevent authorization of a fictitious or
inaccurate transaction as a means of
concealing asset thefts.
The Future of AIS
• The Internet makes strategy more
important than ever
• Enterprise resource planning (ERP) systems are
a recent development that integrate all aspects of
a company’s operations with its traditional AIS.
• The important point underlying ERP systems is
the need for and value of cross-functional
integration of financial data and other
nonfinancial operating data.
Data Flow Diagrams
• A data flow diagram (DFD) graphically
describes the flow of data within an
organization.
• It is used to document existing systems and
to plan and design new ones.
• There is no ideal way to develop a DFD.
Documentation Standards
• Another important general control is
documentation procedures and standards to
ensure clear and concise documentation.
• Documentation may be classified into three
basic categories:
1 Administrative documentation
2 Systems documentation
3 Operating documentation
What is the Chart of Accounts?
• The chart of accounts is a list of all general
ledger accounts used by an organization.
• It is important that the chart of accounts
contains sufficient detail to meet the
information needs of the organization.
Disaster Recovery Plan
• Every organization should have a disaster recovery
plan to restore data processing capacity smoothly and
quickly as possible.
• Objectives of a recovery plan:
1 Minimize the extent of the disruption, damage, and loss.
2 Temporarily establish an alternative means of processing
information.
3 Resume normal operations as soon as possible.
4 Train and familiarize personnel with emergency operations.
Disaster Recovery Plan
• A sound disaster plan should contain the
following elements:
1
2
3
4
5
Priorities for the recovery process
Backup data and program files
Specific assignments
Complete documentation
Backup computer and telecommunications facilities
• reciprocal agreements
• hot and cold sites
• Questions need to be asked:
– Who needs access to what information?
– When do they need it?
– On which systems does the information reside?
Disaster Recovery Plan
• There are other aspects of disaster recovery
planning that deserve mention:
• The recovery plan is incomplete until it has been
satisfactorily tested by simulating a disaster.
• The recovery plan must be continuously reviewed
and revised to ensure that it reflects current
situation.
• The plan should include insurance coverage.
Application Controls - Data
Transmission Controls
Application controls:
1
Source data controls
2
Input validation
routines
3
Online data entry
controls
4
Data processing & file
maintenance controls
5
Output controls
• Companies monitor network to reduce the
risk of data transmission failures
• Data transmission errors can be
minimized:
–
–
–
–
using data encryption (cryptography)
implementing routing verification procedures
adding parity
using message acknowledgment techniques
• Data Transmission Controls take on
added importance in organizations that
utilize electronic data interchange (EDI)
or electronic funds transfer (EFT).
Why Fraud Occurs
• Three conditions are necessary for fraud to
occur:
1 A pressure or motive
2 An opportunity
3 A rationalization
Control Concepts
•
Internal control is the plan and methods a business
uses to:
1.
2.
3.
4.
•
safeguard assets
provide accurate and reliable information
promote & improve operational efficiency
encourage adherence to managerial policies.
Management control encompasses:
1
2
3
It is an integral part of management responsibilities.
It is designed to reduce errors, irregularities, and achieve
organizational goals.
It is personnel-oriented and seeks to help employees
attain company goals.
Internal Control Classifications
• The specific control procedures used in the
internal control and management control systems
may be classified using the following four internal
control classifications:
1
2
3
4
Preventive, detective, and corrective controls
General and application controls
Administrative and accounting controls
Input, processing, and output controls
COSO’s Internal Control Model
Components
1 Control environment
2 Control activities
3 Risk assessment
4 Information and communication
5 Monitoring Performance
General Controls
•
General controls ensure that overall computer
system is stable and well managed:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
Developing a security plan
Segregation of duties within the systems function
Project development controls
Physical access controls
Logical access controls
Data storage controls
Data transmission controls
Documentation standards
Minimizing system downtime
Disaster recovery plans
Protection of personal computers & client/server networks
Internet controls
Types of Internal Auditing Work
• What are the three different types of
audits commonly performed?
1 Financial audit
2 Information system (IS) audit
3 Operational or management audit
Types of Internal Auditing Work
1. The financial audit examines the reliability and
integrity of accounting records (both financial
and operating information).
2. The information systems (IS) audit reviews the
general and application controls in an AIS to
assess its compliance with internal control
policies and procedures and its effectiveness in
safeguarding assets.
3. The operational, or management, audit is
concerned with the economical and efficient
use of resources and the accomplishment of
established goals and objectives.
An Overview of the
Auditing Process
• All audits follow a similar sequence of
activities and may be divided into four
stages.
1
2
3
4
Audit planning
Collection of audit evidence
Evaluation of audit evidence
Communication of audit results
An Overview of the
Auditing Process
Audit Planning
Establish scope and objectives
Organize audit team
Develop knowledge of business operations
Review prior audit results
Identify risk factors
Prepare audit program
An Overview of the
Auditing Process
Collection of Audit Evidence
Observation of operating activities
Review of documentation
Discussion with employees and questionnaires
Physical examination of assets
Confirmation through third parties
Reperformance of procedures
Vouching of source documents
Analytical review and sampling
An Overview of the
Auditing Process
Evaluation of Audit Evidence
Assess quality of internal controls
Assess reliability of information
Assess operating performance
Consider need for additional evidence
Consider risk factors
Consider materiality factors
Document audit findings
An Overview of the
Auditing Process
Communication of Audit Results
Formulate audit conclusions
Develop recommendations for management
Present audit results to management
Principles of a Reliable System
1. Availability of the system when needed.
2. Security of the system against unauthorized
physical and logical access.
3. Maintainability of the system as required
without affecting its availability, security, and
integrity.
4. Integrity of the system to ensure that processing
is complete, accurate, timely, and authorized.
E-Business Interactions
• E-business encompasses an
organization’s external
interactions with its:
–
–
–
–
–
–
Suppliers
Customers
Investors
Creditors
The government
Media
Categories of E-Business
Type of E-Business
Characteristics
Interactions between individuals & •Organization-individual
organizations:
•Smaller dollar value
B2C (Business to Consumers)
•One-time or infrequent transactions
•Relatively simple
Inter-organizational e-business:
B2B (Business to Business): B2G
(Business to Government)
B2E (Business to Education)
•Inter-organizational
•Larger dollar value
•Established, on-going relationships
•Extension of credit by seller to customer
•More complex
Use of E-Business
• E-business includes the use of IT to redesign its
internal processes.
• For organizations in many industries, engaging in
e-business is a necessity.
• Engaging in e-business in and of itself does not
provide a competitive advantage.
• However, e-business can be used to more
effectively implement its basic strategy and
enhance the effectiveness and efficiency of its
value-chain activities.
Recent EDI Facilitators
Traditional EDI was expensive. New
developments that have removed this cost
barrier are:
– The Internet: Eliminates the need for special proprietary
third-party networks.
– XML: Extensible Markup Language – Set of standards for
defining the content of data on Web pages.
– eBXML:
• Defines standards for coding common business documents.
• Eliminates need for complex software to translate documents created
by different companies.
E-Business Success Factors
• The degree to which e-business activities fit and
support the organization’s overall business
strategy.
• The ability to guarantee that e-business processes
satisfy the three key characteristics of any
business transaction
– Validity
– Integrity
– Privacy
E-Business Success Factors
• Implementation of an EDI must overcome
the following threats:
–
–
–
–
–
–
Choosing an inappropriate technology
Unauthorized system access
Tapping into data transmission
Loss of data integrity
Incomplete transactions
System failures
Encryption
There are two principal types of encryption systems:
– Single-key systems: Same key is used to encrypt and
decrypt the message
• Simple, fast, and efficient
• Example: the Data Encryption Standard (DES) algorithm
– Public Key Infrastructure (PKI): Uses two keys:
• Public key is publicly available and usually used to encode
message
• Private key is kept secret and known only by the owner of that
pair of keys. Usually used to decode message
Advantages & Disadvantages of
PKI
Advantages
• No sharing of key
necessary
• More secure than
single-key systems
Disadvantages
• Much slower than
single-key systems
Types of Networks
• The private portion can be further divided
into two subsets:
1 Local area network (LAN) — a system of
computers and other devices, such as
printers, that are located in close proximity
to each other.
2 Wide area network (WAN) — covers a wide
geographic area.
Types of Networks
• Companies typically own all the equipment
that makes up their local area network
(LAN).
• They usually do not own the long-distance
data communications connections of their
wide area network (WAN).
• They either contract to use a value-added
network (VAN) or use the Internet.
Types of Networks
• What is an Intranet?
• The term Intranet refers to internal networks
that connect to the main Internet.
• They can be navigated with the same
browser software, but are closed off from
the general public.
• What are Extranets?
Types of Networks
• Extranets link the intranets of two or more
companies.
• Either the Internet or a VAN can be used to
connect the companies forming the extranet.
• Value-added networks (VAN) are more
reliable and secure than the Internet, but
they are also expensive.
Types of Networks
• Companies build a virtual private network
(VPN) to improve reliability and security,
while still taking advantage of the Internet.
Company A
VPN
AIS
equipment
ISP
Internet
Network Configuration Options
• Local area networks (LANs) can be
configured in one of three basic ways:
1 Star configuration
2 Ring configuration
3 Bus configuration
Network Configuration Options
LAN configurations:
1.
Star
2.
Ring
3.
Bus
• A star configuration is a LAN configured as
a star; each device is directly connected to
the central server.
• All communications between devices are
controlled by and routed through the
central server.
• Typically, the server polls each device to
see if it wants to send a message.
Network Configuration Options
LAN configurations:
1.
Star
2.
Ring
3.
Bus
• The star configuration is the most
expensive way to set up a LAN, because
it requires the greatest amount of wiring.
A
B
C
Host computer
or server
H
G
F
D
E
Network Configuration Options
LAN configurations:
1.
Star
2.
Ring
3.
Bus
• In a LAN configured as a ring, each node
is directly linked to two other nodes.
A
B
C
H
D
G
E
F
Network Configuration Options
LAN configurations:
1.
Star
2.
Ring
3.
Bus
• In a LAN configured as a bus, each
device is connected to the main channel,
or bus.
• Communication control is decentralized
on bus networks.
A
B
C
D
Bus channel
Host computer
or server
E
F
G
H
Network Configuration Options
• Wide area networks (WANs) can be
configured in one of three basic ways:
1 Centralized system
2 Decentralized system
3 Distributed data processing
Network Configuration Options
WAN Configuration:
1.
Centralized
2.
Decentralized
3.
Distributed
In a centralized WAN, all terminals and
other devices are connected to a central
corporate computer.
Network Configuration Options
WAN Configuration:
1.
Centralized
2.
Decentralized
3.
Distributed
In a decentralized WAN, each
departmental unit has its own computer
and LAN.
Decentralized systems usually are better
able to meet individual department and
user needs than are centralized systems.
Network Configuration Options
WAN Configuration:
1.
Centralized
2.
Decentralized
3.
Distributed
A distributed data processing system
WAN is essentially a hybrid of the
centralized and decentralized approaches.
Network Configuration Options
• Many WANs, and most LANs, are set up as
client/server systems.
• Each desktop computer is referred to as a
client.
• The client sends requests for data to the
servers.
• The servers perform preprocessing on the
database and send only the relevant subset of
data to the client for local processing.
File-Oriented Approach
File # 1
Item A
Item B
Item C
Application
program #1
File # 2
Item B
Item D
Item E
Application
program #2
Database Approach
Application
program #1
Database
Item A
Item B
Item C
Item D
Item E
Database
management
system
Application
program #2
Application
program #3
Database Approach versus FileOriented Approach
Minimum data redundancy
Fewer data inconsistencies
Standardized data format
No duplicated processing or storage
Allows cross-functional data analyses
Central data management / data security
Lower cost
Databases
• Database management system (DBMS) is
the program that manages and controls
access to the database.
• Database system is the combination of the
database, the DBMS, and the application
program that uses the database.
• Database administrator (DBA) is the
person responsible for the database.
Logical & Physical Views of
Data
A major advantage of database systems over fileoriented systems is that the database systems separate
the logical and physical view of data:
– Logical view: It is how the user or programmer conceptually
organizes and understands the data.
– Physical view: It refers to how and where the data are physically
arranged and stored on disk, tape, CD-ROM, or other media.
The DBMS controls the database so that users can
access, query, or update it without reference to how or
where the data are physically stored.
Relational Databases
• A data model is an abstract representation of
the contents of a database.
• The relational data model represents
everything in the database as being stored in
the form of tables.
• Technically, these tables are called relations.
• Each row in a relation, called a tuple, contains
data about a specific occurrence of the type of
entity represented by that table.
Schemas
• What are schemas?
• A schema describes the logical structure of
a database.
• There are three levels of schemas:
1 Conceptual-level schema
2 External-level schema
3 Internal-level schema
Schemas
Schema Levels:
1.
Conceptual
2.
External
3.
Internal
• The conceptual-level schema is an
organization-wide view of the entire database.
• The external-level schema consists of a set of
individual user views of portions of the
database, also referred to as a subschema.
• The internal-level schema provides a lowlevel view of the database.
Schemas
Subschema A
Jones 210
Perez 100
Subschema
B
r
Subschema
C
r
xxxxxxx
xxxxxxx
Mapping external level views to conceptual level schema
Inventory
Sales
Cash receipt
Customer
Schemas
Inventory
Sales
Customer
Cash receipt
Mapping conceptual level items to internal level
descriptions
Inventory Record
Item number – integer (5), non-null, index = itemx
Description – character (15)
The Data Dictionary
• What is a data dictionary?
– It contains information about the structure of
the database.
• For each data element stored in the
database, such as the customer number,
there is a corresponding record in the data
dictionary describing it.
The Data Dictionary
• The data dictionary is often one of the first
applications of a newly implemented database system.
• Inputs to the data dictionary:
– records of any new or deleted data elements
– changes in names, descriptions, or uses of existing data elements
• Outputs of the data dictionary:
– reports useful to programmers, database designers, and users of the
information system
DBMS Languages
• Every DBMS must provide a means of
performing the three basic functions:
1 Creating the database
2 Changing the database
3 Querying the database
• The sets of commands used to perform these
functions are referred to as the data
definition, data manipulation, and data query
languages.
DBMS Languages
• Data definition language (DDL):
– build the data dictionary.
– initialize or create the database.
– describe the logical views for each individual user or
programmer.
– specify any limitations or constraints on security imposed
on database record or fields.
• Data manipulation language (DML):
– Data maintenance (updating / inserting / deleting)
• Data query language (DQL):
– Interrogate the database (retrieves / sorts / orders and and
presents subsets of the database in response to user queries)
Basic Requirements of the
Relational Data Model
1 Primary keys must be unique.
2 Every foreign key must either be null or have a
value corresponding to the value of a primary key
in another relation.
3 Each column in a table must describe a
characteristic of the object identified by the
primary key.
4 Each column in a row must be single-valued.
5 The value in every row of a specific column must
be of the same data type.
6 Neither column order nor row order is significant.
Approaches to Database Design
• Normalization
– Starts with the assumption that all data is initially stored
in a large non-normalized table.
– This table is then decomposed using a set of
normalization rules to create a set of tables in the Third
Normal Form.
• Semantic Data Modeling
– The database designer uses his/her knowledge about the
business structure to create a set of relational tables.
Basic Subsystems in the AIS
Financing
Cycle
Expenditure
Cycle
Human
Resources
General Ledger & Reporting System
Production
Cycle
Revenue
Cycle
Revenue Cycle
Business Activities
• What are the four basic revenue cycle
business activities?
1 Sales order entry
2 Shipping
3 Billing and accounts receivable
4 Cash collections
Opportunities for Using
Information Technology
Revenue cycle activities:
1.
Sales order entry
2.
Shipping
3.
Billing & A/R
4.
Cash collections
Opportunities of using information
technology for sales order entry:
– on-line processing of sales orders with email
– electronic data interchange (EDI)
– linking EDI with customers’ point-of-sale
(POS)
– optical character recognition (OCR)
– the Internet
Opportunities for Using
Information Technology
Revenue cycle activities:
1.
Sales order entry
2.
Shipping
3.
Billing & A/R
4.
Cash collections
Opportunities of using information
technology for shipping:
– automated warehouse systems consisting
of:
– computers
– bar-code scanners
– conveyer belts
– forklifts
Opportunities for Using
Information Technology
Revenue cycle activities:
1.
Sales order entry
2.
Shipping
3.
Billing & A/R
4.
Cash collections
Opportunities of using information
technology for billing and accounts
receivable:
– on-line processing of invoices
– electronic data interchange (EDI)
– imaging to create and store digital
versions of all paper relating to a
customer’s account.
Opportunities for Using
Information Technology
Revenue cycle activities:
1.
Sales order entry
2.
Shipping
3.
Billing & A/R
4.
Cash collections
Opportunities of using information
technology for cash collections:
– lockbox (a postal address to which customers
send their remittances)
– The bank picks up the checks from the post
office box and deposits them to the company’s
account.
– electronic lockbox
– electronic funds transfer (EFT)
– financial electronic data interchange (FEDI)
Expenditure Cycle
Business Activities
• The expenditure cycle is a recurring set of business
and related information processing operations
associated with the purchase of and payment for goods
and services.
• Five basic expenditure cycle business activities:
1
2
3
4
5
Requesting the purchase of needed goods
Ordering goods to be purchased
Receiving ordered goods
Approving vendor invoices for payment
Paying for goods purchased
Request Goods
Expenditure cycle activities:
1.
Request purchase
2.
Order goods
3.
Receive goods
4.
Approve invoices
5.
Pay for goods
• The first major business activity in the
expenditure cycle involves the request to
purchase inventory or supplies.
• The traditional inventory control method
(often called economic order quantity
[EOQ]):
– This approach is based on calculating an
optimal order size so as to minimize the sum
of ordering, carrying, and stockout costs.
Request Goods
Expenditure cycle activities:
1.
Request purchase
2.
Order goods
3.
Receive goods
4.
Approve invoices
5.
Pay for goods
• Alternative inventory control methods:
– MRP (material requirement planning)
• This approach seeks to reduce required inventory
levels by scheduling production, rather than estimating
needs.
– JIT (just in time)
• JIT systems attempt to minimize both carrying and
stockout costs.
• Major difference between MRP and JIT:
– MRP systems schedule production to meet estimated sales need,
thereby creating a stock of finished goods inventory.
– JIT systems schedule production to meet customer demands,
thereby virtually eliminating finished goods inventory.
Opportunities for Using
Information Technology
Expenditure cycle activities:
1.
Request purchase
2.
Order goods
3.
Receive goods
4.
Approve invoices
5.
Pay for goods
Opportunities of using information
technology for requesting goods:
• online data entry instead of paper documents
• bar-code technology that facilitates the
maintenance of accurate perpetual inventory
records
• electronic data interchange (EDI)
• procurement cards
• Internet
Opportunities for Using
Information Technology
Expenditure cycle activities:
1.
Request purchase
2.
Order goods
3.
Receive goods
4.
Approve invoices
5.
Pay for goods
Opportunities of using information
technology to receive and store goods:
– vendor requirement to bar-code all of their
products
– passive radio frequency identification
– satellite technology
Opportunities for Using
Information Technology
Expenditure cycle activities:
1.
Request purchase
2.
Order goods
3.
Receive goods
4.
Approve invoices
5.
Pay for goods
Opportunities of using information
technology to approve vendor invoices:
– electronic data interchange (EDI)
– elimination of vendor invoices entirely
– image processing and optical character
recognition (OCR)
– corporate credit cards
Opportunities for Using
Information Technology
Expenditure cycle activities:
1.
Request purchase
2.
Order goods
3.
Receive goods
4.
Approve invoices
5.
Pay for goods
Opportunities of using information
technology to pay for goods delivered:
– electronic funds transfers (EFT)
– financial electronic data interchange (FEDI)
Production Cycle Activities
• The production cycle is a recurring set of
business activities and related data
processing operations associated with the
manufacturing of products.
• The four basic activities in the production
cycle are:
1
2
3
4
Product design
Planning and scheduling
Production operations
Cost accounting
Payroll Cycle Activities
What are the basic activities performed in the
payroll cycle?
1.
2.
3.
4.
5.
6.
7.
Update master payroll file
Update tax rates and deductions
Validate time and attendance data
Prepare payroll
Disburse payroll
Calculate employer-paid benefits and taxes
Deduct payroll taxes and other deductions
General Ledger and
Reporting Activities
•
What are the four basic activities
performed in the general ledger and
reporting system?
1.
2.
3.
4.
Update the general ledger
Post adjusting entries
Prepare financial statements
Produce managerial reports