usful for paper 6- Magt info and control systems- final

karthikeyan.v (Chartered Accountant) (523 Points)

06 March 2010  

 

INDEX

 

PHASE

CHAPTER NO. IN STUDY MATERIAL

CHAPTER NAME

PAGE NO.

I

6

Enabling Technologies

1 to 2

7

System Development Process

3 to 6

8

System Design

7

9

System’s Acquisition, Software Development & Testing

8 to 9

10

System Implementation & Maintenance

10

II

11

Design of Computerised Commercial Applications

11

12

Enterprise Resource Planning – Redesigning Business

12 to 14

19

CASE Tools & Digital Technology

15 to 16

III

13

General Controls in EDP Set-up

17 to 19

14

Application Controls in EDP Set-up

20 to 21

IV

18

Information Security

22 to 23

15

Detection of Computer Frauds

24 to 25

16

Cyber Laws & Information Technology Act, 2000

26 to 27

17

Audit of Information System

28 to 29

V

3

Basic Concepts of MIS

30 to 31

4

System’s Approach & Decision Making

32

5

Decision Support & Executive Information System

33

VI

1

Basic Concepts of System

34 to 35

2

Transaction Processing System

36


Chapter-6

ENABLING TECHNOLOGIES

 

Traditional Computing Model

Mainframe

Architecture

Personal

Computers

File-Server

Architecture

Ø      Dumb Terminal

Ø      Non GUI

Ø      Higher Costs

Ø      Support every

      hardware platform

Ø      Independent PC

Ø      No sharing of data & resources

Ø      Dumb Server Smart Terminal

Ø      Supports GUI

Ø      Network Traffic

Ø      Sends Entire File

Ø      Max. 12 Users

 

 

 

 

 

 

 

 

 

 

 

 

 


Client Server (C/S) Model - (Cost Reduction Technology)

 

Ø      It’s a form of distributed processing

Ø      Divides processing work between server & work-station

Ø      Server-Global Task; Client-Local Task

Ø      Send only requested data

Advantages of C/S

1.            Cost Reduction                                        7.         Easy to add new hardware

2.            Improved flow of information                   8.         Takes less people to maintain

3.            Direct access to data                               9.         User Friendly GUI

4.            Increased data integrity & security            10.       SQL capability

5.            Better Connectivity                                  11.       Data protection & security

6.            Increased Productivity                             12.       Access to multiple servers

Example of C/S :- Online Banking, Call-Centre, E-Comm., Internet

Elements of C/S

1.            Data Storage                               4.         Operating System

2.            DBMS                                        5.         User Interface

3.            Application Software                   6.         Display Devices

 

Components of C/S

 

 

 


Client                        Server                 Middleware                  Fat-Client (2 Tier)           Network

(User of services)          -File Server           (Distributed Software)       Fat-Server (3 Tier)         Network

-Non-GUI                -Database                        4 Layers                                                           Hardware

-GUI                         Server                 1.Service                                                          Devices

-OOUI                     -Transaction         2.Back End

                                  Server                   Processing

                               -Web Server         3.Network OS

                                                            4. Transport Stacks


Middleware It is a distributed software that allows client & server to connect

Service Layer Carries coded data from software application.

Back End Processing Encapsulate network instructions.

Network OS Adds additional instructions.

Transport Stacks Transfers data packets to the designated receiver.

Considerations for C/S Security

1.      Disabling Floppy Drives

2.        Disk-less workstations

3.        Automatic booting

4.        Network Monitoring

5.        Data Encryption

6.      Authontication System (Log-in ID & Password)

7.      Smart Card System

8.      Access only to required task.

9.      All access points should be known.

C/S Risks

 

 

 


Technological                   Operational                          Economic                            Political

- Installation Phobia        - Success Probability              - Susceptible to             - Mgmt. & end

- Obsolescence              - Cope-up with                         hidden cost                     user satisfaction

                                        Changing needs                    - Higher cost in

                                                                                      short run

Server Centric Model

C/S with dumb terminals.

Processing is done on server, client does the data entry & gets display of information.


Chapter-7

SYSTEM DEVELOPMENT PROCESS

 

Ø                  Process of examining of business situation with the intent of improving it.

 

System Analysis                        System Design

 

System Development Life Cycle (Traditional Approach)

 


Preliminary Investigation

 

Requirement Analysis

 

System Analysis (Present & Proposed)

 

Design of System

 

Acquisition & Development of software

 

System Testing

 

Implementation & Maintenance

 

Reasons for failure to achieve system development objectives

1.      Lack of senior management support

2.      Changing user needs

3.      Difficult to design strategic system (Because they are unstructured)

4.      Incompatibility of staff with new technology.

5.      No proper standard & method of project management & system development

6.      Over-worked or under-trained development staff

7.      Resistance to change

8.      Lack of user participation in development

9.      Inadequate testing & training.

 

System Development Approaches

1.    Traditional Approach

Ø      Activities are performed in sequence

Ø      Work performed in each stage are reviewed by managers & users

Ø      It takes years to develop, analyse & implement.

 

2.    Prototyping Approach

Ø      Used to develop smaller systems

Ø      Useful when system requirement is not known or difficult to determine

Ø      Developed in small parts (prototypes) & at lesser cost

Ø      Developed prototypes are refined & either turned into final system or scrapped to develop a new real system

Four Steps

a)      Identifying information system requirement

b)      Develop the initial prototype

c)      Test & Revise

d)      Obtain user’s approval

Advantages

Less time consuming, Active user participation, More reliable Less costly

 

3.    End User Development Approach

Ø      End user is responsible for system development

Ø      Low-cost technology

Ø      Decline in standards & controls

Ø      Reduction in quality assurance

Ø      Unrelated & incomplete systems

Ø      No experienced staff

 

4.    Top Down Approach

Ø      High Degree of top mgmt. involvement

            Stages:

1)            Analyse the objectives & goals of the entity

2)            Identify the functions. e.g. – Production, Marketing, R & D

3)            Ascertain the major activities, decisions & functions

4)            Find out the information requirement

5)            Prepare information processing program

 

5.    Bottom Up Approach

Ø      Starts from Supervisory management (Used to design various sub-systems)

Ø      Identification of life stream systems that are essential for day to day activities

Ø      Identify basic transactions, file-requirements & programs and develop system for each such life stream

Ø      Integration of data & such systems

Ø      Addition of decision models & planning models

Ø      Involvement of supervisory management.

 

6.    Systematic Approach

Ø      Used in small organizations in which no MIS personnel is involved.

            Steps:

1)      Identify requirements

2)      Locate suitable software & hardware

3)      Implement the system

 

Reasons for Project Failure

Ø      Under estimation of time

Ø      Lack of senior mgmt. participation

Ø      Under estimation of resources

Ø      Under estimation of size & scope of project

Ø      Inadequate control

Ø      Inadequate planning

Ø      Changing system specifications

 

System Development Methodology

Ø      Formalized, standardized & documented set of activities used to manage system development project. Division of project into small modules.

Ø      Deliverables (Specific report & documentation) must be produced periodically

Ø      Approval of development process by users, managers & auditors (Sign Offs)

Ø      System Testing

Ø      Proper Training

Ø      Prevent unauthorised changes to complete program by formalizing system modifications.

Ø      Post implementation review.

 

Investigation

 

 

       Review of              Conducting

Internal documents        Interviews

Preliminary Investigation

1.      Starts when a problem / opportunity is identified by

user or manager.

2.   Clarify & understand he project request.

3.   Determine the size of the project

4.      Determine the feasibility of alternative approaches

5.      Determine their costs & benefits

6.      Final report to the management with recommendations.

 

Feasibility

 

 

 


Technical                      Economic               Operational                 Schedule                 Legal

Hardware &                 Evaluation of           Support of Time required for      Fulfills all

Software                      all the increm-         workers,                 development &         the statutory

(no. of users)                ental costs &          customers               implementation         obligations

                                    benefits      & suppliers                                                & financial

                                                                                                                                    reporting

Requirement Analysis

Ø      Determining user needs

Ø      Study of application area in depth

Ø      Assessing the strengths & weaknesses of present system

Ø      Reporting to management

Ø      Fact Finding Techniques

1. Documents         2. Questionnaire           3. Interviews                 4. Observations

 


                        Input forms, Output forms, Organization Manual / Chart

System Analysis

 

 

 

  1. Review historical aspects
  2. Analyse Inputs
  3. Review data files used
  4. Review Methods & Procedures
  5. Analyse Outputs
  6. Review internal controls
  7. Study the existing physical & logical system
  8. Overall analysis
  1. Determine the objectives
  2. Study the specifications
  3. Determine the required output
                     Present System                                                          Proposed System

 

 

 

 

 

 

 

 

 

 

System Development Tools

  1. System Flow Chart (Documents flow of system & information processing procedures)

Presented by variety of symbols & connecting arrows.

 

  1. Data Flow Diagram (Flow of data within an organisation)

[Data sources & destinations, Data flows, Transformation process, Data Stores]

Symbols in DFD                   Data Source & Destination

                                                Data Flow

                                                Transformation Process

                                 =          Data Storage

  1. Lay out forms & screens (Pre printed forms)

Used to design source document, output, display.

  1. System Components Matrix

Highlights basic activities of a system. e.g. – Input, Processing, Output & Storage

  1. CASE Tools (Automation of anything that human do to develop systems)
  2. Data Dictionery (Computer file containing descripttive information about the data items)

·        It contains information about each data item stored in the system, file in which it is stored, program that modifies it, authorised users & unauthorised persons.

·        It is updated with every change in data item.

·        Gives an audit trail to the auditor & helping aid in investigation.

 

Category of Tools

  1. System Components & Flows
  2. User Interface
  3. Data attributes & relationships
  4. Detailed system process

Chapter-8

SYSTEMS DESIGN

 

  1. Review System’s Requirements
  2. Developing a model
  3. Physical

    Design

    Logical Design

    Reporting to Management

Output              Input                Processing

Storage            Procedure        Personnel

 

 

 


                                                                             Displayed

Output (Report, Document, Message)

                                                                             Printed

        Objectives

  1. Convey Information (Past, Current & Future Projections)
  2. Signal important events
  3. Trigger an action
  4. Confirmation of an action

 

        Determinants of Designing

1.      Content (Piece of data included in output, it must be objective)

2.      Form (Refers the way of presenting content – Text / Graphical / Audio)

3.      Volume (Amount of data output required – High Speed Printer / Monitor)

4.      Timeliness (Daily / Weekly / Monthly or on real time basis)

5.      Media (Paper / Display / Audio / Video)

6.      Format (Manner in which data are arranged – Tabular / Graphic)

 

Input (Efficient data capture, effective coding & appropriate data entry methods)

        Guidelines for form designing

1.      Easy to fill (logical division, proper flow, captioning)

2.      Purposeful

3.      Accurate completion

4.      Attractive

         Characteristics of good coding scheme

            [Code: - Brief no./title/symbol used instead of lengthy/ambiguous descripttion]

1.      Unique Code

2.      Brief

3.      Convenient

4.      Expandability (compatible with future growth)

5.      Suggestive

6.      Permanence

            Coding Schemes

1.      Classification codes (Used to classify record in a particular class)

2.      Function codes (Used to describe a function e.g. – sold, delivered)

3.      Significant digit subset codes (Permanent Account No.)

Entire code is divided into meaningful parts.

4.      Mnemonic Code (Linking with descripttion e.g. MBA, C.A., C.S.)

5.      Hierarchical Classification / Progressive Code

Data Storage                Individual File System   &         DBMS

Design of data communication   (Simple & Cost effective)

System Manual: (Contains Descripttion, Flow, Output, Input, Persons responsible)


Chapter-9

System’s Acquisition, Software Development & Testing

 

Acquisition of Hardware

1.      Latest possible technology.                 

2.      Speeds & capabilities.                          

3.      Software Considerations.

4.      Compatibility to future expansion.

5.      Vendor selection & machine selection

Acquisition of software (Pre-packaged Application Software)

(Sources may be computer manufacturer, software houses, retail stores, user groups)

         Advantages

1.      Rapid Implementation               3.   Low Risk

2.      Quality                                     4.   Lower Cost (No hidden costs)

Steps for selection of a computer system

1.            Prepare design specification.           2.   Distribute request for proposal (RFP)

3.            Analysis of proposals.                     4.   Contact present users of proposed system

5.      Conduct Benchmark Test.              6.   Select the equipment/system.

         (Actual testing of the system)

Evaluation & Ranking of Proposals (Factors)

1.           

System Maintenance

System Development Support

Training

Back-up

Complement Hardware / Software

Capability & Quality

2.            Cost-Benefit Analysis

3.            Cost of maintenance

4.            Compatibility

5.            Services provided by the vendor

Method of Evaluation

1.            Checklists (Subjective Method)

2.            Point-scoring analysis

3.            Public evaluation reports (consultancy agency, present users, financial statement

         analysis, credit rating agency)

Development of Software

Stages [Program Development Life Cycle]

1.      Program Analysis. [Analyse the output required, input available & processing]

2.      Program Design. [Planning the basic layout of the program e.g. Flow Charts, etc.]

3.        Program Coding [Flow Charts converted into program statements. Eg:- Interpreter or Compiler] Coded instructions are entered into a magnetic media that constitutes source language. Then it is translated into machine language. It should be simple, short & require less processing time.

4.      Debug the program. [including walkthrough, tests & review of program codes]

5.      Thorough testing of the program.

6.      Documentation.

7.      Program maintenance.

 

 

Tools

1.     

Represents program logic

Program Flow Charts. (Graphical Format) 

2.      Pseudo Code. (English-Like statements)

3.      Structure Chart. (Similar to organization chart ; No program logic)

4.      4GL Tools. (Automation of manual task)

5.      Object Oriented Programming & Designing Tools.

 

System Testing

a. Preparation of realistic test data.

b.Parallel operation with the existing system.

c. Thorough checking of the results.

d.Review of the results.

 

 



 

Chapter – 10

System Implementation & Maintenance

 

System Implementation

Equipment Installation

Training Personnel

Conversion Procedure

Post-Implementation Evaluation

Ø      Installation Checklist.

Ø      Site Preperation. [Space occupied by equipment & people. Proper control for temperature, dust & humidity.]

Ø      Equipment check-out.

Ø      System operator training. [Trouble-shooting list i.e. list of probable errors & their remedies]

Ø      User training.

Conversion Strategy

1)      Direct changeover (Straight forward dropping old system & using the new one. Thorough testing is required before this conversion)

2)      Parallel conversion (Running both old & new system)

3)      Gradual conversion.[Combined features of (1) & (2) ]

4)      Modular prototype conversion.

5)      Distributed conversion. [One entire conversion is done at one site.]

Activities Involved

1)      Procedure conversion.

2)      File conversion.

3)      System conversion.

4)      Scheduling personnel & equipment.

5)      Alternative plans in case of equipment failure.

Ø      Evaluate whether the new system is working properly & the users are satisfied.

Ø      Current adjustment in new system.

Ø      Proposed adjustments in case of future development.

 

Dimensions

1)      Development evaluation. [on schedule & within budget]

2)      Operation evaluation.

3)      Information evaluation.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


                                                                                                                                                                               


Chapter -11

Design Of Computerised Commercial Applications

Accounts Payable System

Details of amount payable for goods & services received from vendors.

1)      Due date.

2)      Rate of discount/interest.

3)      Optimum utilization of money to maximize return. Inputs :- Challans, Bills, etc. ; goods receipt note.

 

Payroll master file – Contains personal data of each employee, their basic pay, payment due & actual payment.

Payroll Accounting System

1)      Working hours through attendance cards.

2)      Calculation of Gross Earning.

3)      Computing deductions.

4)      Net amount payable.

 

Inventory master file – Contains quantity of each item, their location, quantity ordered, re-order point & vendor details

Inventory Control System {Raw Material, WIP & Finished goods}

1)      Optimum level of inventory to :-

               i.      Avoid “Stock-Out” position.

             ii.      Avoid undue blockage of Working Capital.

            iii.      Minimize ‘Carrying & Storage Cost’.

2)      Back-Order file. [updated for sales orders that cannot be filled because of stock-outs.]

3)      Various inventory levels, current stock.

4)      Vendor details.

 

A/c’s Receivable master file – Contains customer details, credit limit, credit rating and balance due.

Sales Order Processing

1)      Co-ordination with accounting department &

      inventory department.

2)      Back-order file.

 

Cost Estimation

Cost for each order is determined by using “Standard Costing”.

 

Financial Accounting

1)      Entering transactions & keeping track of various balances.

2)      Trial Balance, Profit & Loss A/c and Balance Sheet.

3)      Regular processing & year-end processing.

 

Share Accounting

1)      Maintain an updated list of share-holder along with their personal details.

2)      Inputs :- Share transfer form along with certificates.

3)      Dividend warrant, splitting & consolidation of shares, mailing annual report & notices of various meetings.

Common Points in all of the above applications

1)      Batch Processing / Online Processing depending upon the requirement of the concern.

2)      Various sources & details of input.

3)      Contents & Format of output generated.

4)      User of output.

 

 

 

 

 

 

 

 



 

Chapter – 12

Enterprise Resource Planning – Redesigning Business

 

Integrated software solution to all the functions of an organization.

 

Definition

         ERP is a fully integrated business management system covering all functional areas.

Eg :- Logistics, Production, Finance, Accounting & Human Resource.

         It organizes & integrates the above-stated operations to make optimum use of resources & maximize return. It does the same thing but in a different manner.

 

Benefits

1)      Assists employees & managers.                        6)      Reduction of paper document.

2)      Production scheduling.                                      7)      Timeliness.

3)      Optimum capacity utilization.                             8)      Accuracy.

4)      Reduce Inventory.                                             9)      Quick response.

5)      Better services to customers.                             10)    Competitive advantage.

Whole being greater than the sum of its parts.

 

 

 


 

Characterstics

1.      Integration of all organization processes.

2.      Flexibility.

3.      Modular & open system architure.

4.      Comprehensive. [Wide range of business organizations]

5.      Beyond the company.

6.      Best Business Practices.

7.      Use of EFT, EDI, Internet, Intranet, E-Comm., etc.

 

Business Process Re-engineering [BPR]

BPR is the fundamental re-thinking & re-designing of processes [not enhancing or improving] to achieve dramatic improvement.

 

Business Engineering = BPR + Information Technology

Re-thinking of business processes to improve speed, quality & output.

 

Business Modelling

Ø      Consists of Core Business Processes/Activities & their inter-linking in a diagrammatic form.

Ø      Planning               Top down approach.

Execution            Bottom up approach.

Ø      Readymade Business Modeling Templates are also available in the market.

 

 

ERP

MODULES

MODULES

COMPONENT

COMPONENT

COMPONENT

COMPONENT

 

 

 

 

 

 



 

Method Of Implementing ERP

Before implementation ERP must be divided into modules & components. It must be customized as per the requirement. Implementation must be formalized.

 

Ø     

ERP Vendors

1) Baan (The Baan Company)

2) Oracle (Oracle)

3) R/3 (SAP)

4) System 21 (JBA)

Identifying the needs for implementing ERP.

Ø      Evaluating the present situation.

Ø      Deciding the proposed situation.

Ø      Re-engineering of processes.

Ø      Evaluation of various alternative ERP packages.

Ø      Finalizing the ERP package.

Ø      Installation of required Hardware & Network.

Ø      Hiring the ERP consultants.

Ø      User training.

Ø      Final implementation of ERP package.

 

Determination of ERP package

1.      Flexibility. [Ability to change according to future requirements]

2.      Comprehensive. [Applicable to all industries]

3.      Integration.

4.      Beyond the company. [Supports processes with customers, suppliers, banks, etc.]

5.      Best Business Practices. [Best Business Practices stored in ERP knowledge base]

6.      New technology.

Implementation Guidelines

1.      Analyse the corporate needs.

2.      Business Process Re-engineering.

3.      Establishment of good network.

4.      Leadership & Motivation.

5.      Appointment of Project Manager.

6.      Hiring of consultants.

7.      Selection of suitable package.

8.      Training.

9.      Final implementation.

10.  List down the Critical Success Factors (CSF’s)at departmental level.

11.  Numeric values assigned to CSF’s is called Key Performance Indicators (KPI’s).

Life after implementation

 

Positives

Negatives

1.      Increased productivity.

2.      Automation of processes.

3.      Improvement in KPI’s.

4.      Elimination of manual work.

5.      Total integration.

6.      Real-time information.

7.      Improved networking features.

1.      Job redundancy.

2.      No secrecy of departmental data.

3.      Loss of control & authorization.

 

ERP Audit

Ø      Necessary for ensuring the proper functioning of ERP package.

Ø      May be specific or general.

Ø      Evaluation of security, authorization & control.

Ø      ERP audit trail.

 

Modules of ERP software package

1.      Financials. [Financial Accounting, General Ledger, Accounts Receivable/Payable, fixed Assets Accounting, etc.]

2.      Controlling. [Cost Centre Accounting & profitability analysis]

3.      Investment Management. [Budgeting, Appropriation, Depreciation forecast]

4.      Treasury. [Cash, Fund & Market risk management]

5.      Integrated Enterprise Management. [Accounting data prepared by subsidiaries are automatically incorporated for corporate reporting. It has 3 modules :-

 

Enterprise Controlling – Consolidated Statements

Enterprise Controlling – Profit Centre Allocation

Enterprise Controlling – Executive Information System

è Automatic consolidation

     of various branches &

     subsidiaries.

è Inter-branch transfers

     are eliminated.

è Consolidated figures are

     allocated to respective

     profit centres.

è Inter-branch transfers are

      considred.

è EC-CS & EC-PCA are

     integrated & inter-firm

     comparision are made

     for decision making.

 

6.      Sales & Distribution. [Product billing on a real-time basis. Sales, calls, quotations, inquiries, marketing, competitors & their products. Pricing is carried out automatically & verification of availability checks.]

7.      Product Data management (PDM) [Creating & managing product data throughout product life-cycle]

8.      Product planning & control.

9.      Material management. [Purchasing, Inventory, Warehousing & Invoice verification]

10.  Human Resource Management. [Employee master data, Recruitment management, Selection & Training]

11.  Payroll Accounting.

12.  Internet & Intranet.


Chapter – 19

CASE Tools and Digital Technology

CASE Technology

Tools

Supports individual process activities

Workbenches

Supports set of related activities

Environment

Supports almost all the activities

Editors

Compilers

File Compactors

Analysis & Design

Programming

Testing

Integrated Environment

Process Centered Environment

Multi-method

Workbenches

Single Workbenches

General Purpose Workbenches

Large Specific Workbenches

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

CASE Tools

Ø      Concerned with creation & maintenance of system software

Ø      Automated tools to solve specific problems

Integrated CASE Tools

Ø      Specialised CASE Tools are combined together to form an integrated CASE Tool.

Ø      5 Levels :-

1.   Platform Integration

Integration of all the tools/workbenches run on the same platform. Platforms may be a computer / network / operating system.

 

2.       Data Integration

Ø      Process of exchange of data by CASE Tool.

Ø      3 Levels

                           i.      Shared Files :- All the tools recognise a single file format.

                         ii.      Shared Data Structures :- Make use of shared data structures including programme/design language information.

                        iii.      Shared Repository :- Integrated around a object management system.

3.   Presentation Integration

Tool use a common standard presentation for user interaction.

[Window System, Comparable Functions and Interaction Integration]

4.   Control Integration

Mechanism to control the integration of other CASE Tools.

5.   Process Integration

Integrates the knowledge about processes, their phases, their constraints, etc. to support their activities.

 

Typical Components of a CASE Workbench

1.      Diagram Editor.

2.      Analysis, Checking & Correction.

3.      Query Language.

4.      Data Dictionary.

5.      Report Generator.

6.      Import/Export facility.

 

CASE Workbenches

 

 

 

 

 

 

 

 

 

 

 

 

 


 

Programming Workbench

4GL Workbench

Analysis & Design Workbench

Testing Workbench

Meta-CASE Workbench

Set of tools to support program development.

 

e.g. :-

à Language

     Compiler.

à Structured

     Editor.

à Linker.

à Loader.

à Cross-

     Refrencer.

à Interactive

     debugger,

     etc.

Produce interactive application which extracts information from DBMS & present it to the end user.

 

Updates DBMS with changes made by the end user.

 

e.g. :-

à Query

     Language

à Form design

     tools.

à Spread-sheet

àReport

    generator,

    etc.

Supports the analysis & design stage of software.

 

e.g. :-

à Diagram

     editor.

à Data

     dictionary.

à Forms

     definition

     tools.

à Import

     Export

     Facility.

à Code

     generators,

     etc.

Helpful in testing of systems before implementation.

 

e.g. :-

à Test Manager

à Oracle

àFile compactor

à Report

     generator

à Simulators,

     etc.

Used to generate other CASE Tools.

 

5 aspects :-

1.        Data Model.

2.        Frame Model.

3.        Diagrammatic notation

4.        Textual presentation

5.        Report structures

 


Chapter – 13

General Controls in EDP Set –up

1.      Operating System Control

Ø      Main functions of operating system are language translation, allocation of Computer resources, job-scheduling, multi-tasking & lots more.

 

Ø      Objectives of Operating System Control

 

Protection

Of

From

Operating System

Itself

Operating System

Its environment

Operating System

Users

Users

Each other

Users

Themselves

 

OS Control

 

 

 

 

 


 

OS Security

Threats to OS integrity

Controlling against Virus, etc.

Controlling Audit Trail

1.      Log on procedure. [User ID & Password] After Log-on, Access Token is created by OS for each session.

2.      Access Token. [Contains user ID, password & privileges granted]

3.      Access Control List. [List of privileges to all the users]

4.      Discretionary access control. [One valid user can assign to other at his discretion]

1.      Accidental. [Hardware failure, Os failure]

2.      Intentional. [Abused authority & intruders]

3.      Computer virus.

 1.        Virus. [Penetrates OS]

 2.        Worm. [Occupies idle memory]

 3.        Logic Bomb. [triggered by pre-determined event]

 4.        Back Door. [Unauthorised access]

 5.        Trojan Horse. [Captures ID’s & passwords]

 

Controlled by :-

 1.        Anti-Virus program

 2.        Anti-Viral program/vaccine

[Run continuously on a computer system to detect virus]

Objectives

 1.        Detecting unauthorized access. [Real time / subsequently]

 2.        Analyzing the reasons for such event.

 3.        Personal accountability.

 

2.      Data Management Control

 

Access Controls

Back-up Controls

Ø      Flat File System – Easy to control.

Ø      DBMS – 5 control features :-

1.      User View – Privileges to required users only.

2.      Database Authorization Table – Contain actions a user can take.

3.      User Defined Procedures – Series of personal questions.

4.      Data Encryption

5.      Biometric Devices – Finger Prints, Voice Prints, etc.

Ø        Back up may be in magnetic disc or in magnetic tape.

Ø        4 features :-

1.       Back-up

2.       Transaction Log – Provides an audit trail.

3.       Checkpoint – Several checkpoints in 1 hour.

4.       Recovery Module

 

 

3.   Organisation Structure Control

           i.     Separating System Development from Computer Operations.

          ii.     Separating System Development from Maintenance.

        iii.     Separating Database Administration from other functions.

        iv.     Separating Data Library from Operations.

         v.     An Alternative Structure for System Development.

4.   Computer Centre Security & Control [It may be accidental or incidental.]

 

Risks

Controls

1.     Fire Damage

2.     Water Damage

3.     Energy Variations

4.     Pollution Damage

5.     Unauthorised Intrusion

                  1)     Disaster Recovery Plan

         i.     Emergency Plan

       ii.     Back-up Plan

      iii.     Recovery Plan

     iv.     Test Plan

                  2)     Insurance of Hardware & Data

 

 

5.   System Development Controls

6.   System Maintenance Control

    i.     System Authorisation – Evaluation of the system before the development.

  ii.     Users Specifications – Active involvement of user during the development phase.

 iii.     Technical Design – Documentation of user specifications and development process.

iv.     Internal Audit Participation

  v.     Program Testing

vi.     User acceptance

    i.     Maintenance Authorisation, Testing & Documentation.

  ii.     Source Program Library (SPL) Controls – Documentation of retrieval, change, obsolescence, etc. of program in SPL.

 iii.     Password Control in SPL

iv.     Audit Trail & Management Report

  v.     Program Version Number

vi.     Message Sequence Numbering

 

7.   Internet & Intranet Controls

Ø      2 types of risks :-

                          i.     Component Failure – Communication Line, Hardware & Software.

                        ii.     Subversive Threats – Unauthorised Intrusion.

a)      Invasive Tap – Can read & modify data.

b)      Inductive Tap – Can read only.

Ø      Subversive Attacks – Insert / Delete / Modify / Alter the sequence / Discard / Delay Messages.

Ø      Control features :-

                  1)          Firewall

Ø      Controls the communication between two networks. Insulates the organisation’s network from external networks.

Ø      2 Types :-

                              i.     Network-level Firework – Low cost & low security level.

                             ii.     Application Level Firewall – Costly & higher security level.

                  2)     Controlling Denial of Service Attacks

 

 

 

SYN

Computer Hacker

Receiving

Server

Connecting Server

User

                                                                          

SYN

ACK

ACD

   SYN/ACK

ACD

Ø      Receiving Server is blocked due to non receiving of ACD packets and the legitimate user is prohibited from communicating.

 

 

 

 

 

 

 

 

 

 


 

                  3)     Encryption [Clear text à Cipher text à Clear text]

Ø       Conversion of data into secret codes for storage / transmission.

Ø       2 types :-

                                      i.     Private Key Encryption – Single key used by both sender and receiver.

                                    ii.     Public Key Encryption – Public key is used to encrypt the data and private key is used to decrypt the data.

                  4)     Message Translation Log

Record of all incoming & outgoing messages.

                  5)     Call Back Devices

Calls back only the valid user to establish the connection.

8.   Personal Computer Controls

 

Risks

Controls

1.      Incompatibility of Hardware / Software.

2.      Poor Data Security

3.      Decentralisation of processing

4.      Computer Virus

5.      No thorough testing.

6.      Weak access control

7.      Inadequate Back-up procedures

    1.     Centralizing PC purchase

    2.     Physical locking of hardware

    3.     Regulating the use of floppy

    4.     Proper training

    5.     Virus prevention

    6.     Proper Back-up arrangement – Floppy, Dual Internal Hard Disks, External Hard Disk, Tape Back-up.

    7.     Multi-level password control.

 


Chapter-14

Application Controls in EDP Set-up

 

Input Controls

1.    Source Document Control

       Pre-numbered ; Used in Sequence ; Periodical Audit

2.    Data Coding Control

         i.  Transcripttion Error (addition / truncation / substitution)

       ii.  Transposition Error (e.g. 38276-83276)

Þ          Measure – Check Digit (11-module check digit)

3.    Batch Control

                       i.     Batch Transmittal Sheet – It is prepared by user department & submitted along with batch of source document. It contains Batch no., Date, Transaction Code, Batch Totals.

   [Batch Totals = Record Count, Hash Total & Control Total]

                     ii.     Batch Control Log – Contains the details of all the batches processed during a period.

 

4.    Validation control

 

 

 


 

Field Interrogation

Record Interrogation

File Interrogation

Ø      Examines the characters in the field.

 

    i.     Limit Check

  ii.     Data Type Check (alphabetic / numeric)

 iii.     Valid Code Check

iv.     Check Digit

  v.     Arithmetic Check

vi.     Cross Check

    i.     Sequence Check

  ii.     Completeness Check

 iii.     Combination Check

iv.     Redundant Data check

  v.     Password

vi.     Authorisation

Ø     It ensures that the required file is being processed.

 

    i.     Internal Label Check

  ii.     Version Check

 iii.     Expiration Date Check – Prevents deletion before expiry.

 

5.   Input Error Correction

    i.     Immediate Correction – at the time of input

  ii.     Create an Error File – correction at a later time

 iii.     Reject the Entire Batch – processing is done when all the records are made correct.

Processing Controls

1.   Run-to-Run Control

Ø      Monitors the batch as it moves from one programmed procedure(run) to another.

Ø      Ensures that the batch is processed correctly and completely at each run.

Ø      Recalculates control totals; Transaction Codes; Sequence Checks.

 

2.   Operator Intervention control

      Control of various tasks in which active involvement of operator is required.

3.   Audit Trail Control

Ø      Proper documentation of all the transactions.

      (i)   Transaction Logs (Log of all successful transactions)

      (ii)  Transaction Listings

(iii)   Error Listings (List of unsuccessful transactions)

(iv)  Log of Automatic Transactions

(v)    Listing of Automatic Transactions

(vi)  Unique Transactions Identifiers

Output Controls

Ø           Ensures that output is not lost / corrupted and their privacy is maintained.

   1)     Tape & Disk Output Controls

Þ          Parity Bit Checking (Hardware Controls)

Þ          Check Digits (Software Controls)

Þ          ECHO Check

   2)     Printed Output Controls

                i.     Verification of output [Output directly / indirectly related to inputs and exception reports]

              ii.     Distribution of output

             iii.     Procedure for acting on exception reports

Þ          Real time system output are exposed to disruption, destruction, corruption, etc.


Chapter – 18

Information Security

Ø           Information Security means protection of valuable information within the organisation by applying various standards, measures, practices & procedures.

 

Objective of Information Security

    1.     Protecting the interest of the users of the information.

    2.     Protecting the Information System.

    3.     Protecting the communication.

Ø            The security objective is met when the following conditions are satisfied :-

                  (i)      Availability – Information is available whenever required.

                (ii)      Confidentiality – Disclosed only to authorised persons.

               (iii)      Integrity – Protected against unauthorised modifications.

Sensitive information

Strategic Plans; Business Operations (List of client’s name & add.); Financial Information.

Principles of Information Security

 1.     Accountability – It must be formalized & communicated. Use of proper audit trail.

 2.     Awareness

 3.     Multi-disciplinary – Technological and non-technological issues.

 4.     Cost Effectiveness

 5.     Integration – Security system must be co-ordinated.

 6.     Re-assessment – Periodical changes.

 7.     Timeliness – Monitoring & timely response.

 8.     Social factors – Respecting rights / interests of others.

3 types of Information Protection

 1.     Preventative Information Protection

             (i)     Physical (e.g. locks and guards, floppy access lock)

           (ii)     Logical / Technical (e.g. passwords & authentications, etc.)

          (iii)     Administrative (e.g. Security awareness)

 2.     Restorative Information Protection

Þ         Timely restoration of lost information after occurance of the event.

 3.     Holistic Protection

Þ         Planning for unexpected and unknown events to happen.

Approach to implement Information Security.

        1)     Designing Security Policy that defines acceptable behaviors and reactions in case of violations.

        2)     Proper communication of Roles & Responsibilities to individuals –

 

Individuals

Responsibilities

Executive Management

Overall responsibilities

IS Security Professionals

Design & Implementation of security policy.

Data Owners

Maintaining accuracy & integrity

Process Owners

Ensuring appropriate security embedded in there IS.

Technology Providers

Assist in implementation of Information Security System.

Users

Follow the set procedures.

IS Auditors

Independent assurance.

 

        3)     Designing of Information System Security Framework after the policy has been approved by the governing body.

        4)     Timely Implementation of Information Security System after designing of framework.

        5)     Continuous Monitoring, disciplinary & corrective actions.

        6)     Adequate Training, Education & Awareness program to ensure proper functioning of Information Security.

 

Security Administrator

Ø      Responsible for controlling and co-ordinating the activities related to security aspects.

Ø      Ensures adequate Information Security; Sets Policies; Investigates; Advices; Trains the users; Monitors the activities related to Information Security.

 

 


Chapter – 15

Detection of Computer Frauds

Þ                Computer fraud means obtaining unfair advantage over another person, computer, or organisation using computer, computer network or computer resources.

 

Computer Fraud includes

Ø            Theft, unauthorised access, modification, copy or destruction of software, sensitive & confidential information.

Ø            Theft of money using computer.

Ø            Theft, destruction of computer hardware.

Ø            Financial / reputational damage to a business using computer.

Examples of Computer Frauds

Ø            Investment fraud (offering high rate of return)

Ø            Secret market fraud (pretends & influence that there is a confidential market for a particular financial instrument offering a high rate of return)

Ø            Pyramid Schemes (offer high return on contribution & invariably collapse)

Ø            Hacking (unauthorised access / modification to data / software)

Ø            Cracking (Hacking with malicious intention)

Ø            Abuse of computer system by employees (for personal purpose)

Ø            Software piracy (unlicensed copy of software)

 

Primary Risks to business

 

 


 

Internal Threats

External Threats

1.  Input [alter computer input]

ü        Collusive fraud (Banking Fraud)

ü        Disbursement Fraud (payment against false bills)

ü        Payroll fraud (fictitious employees)

ü        Cash receipt fraud

2.  Processor [unauthorised use of computer system / services / time]

3.  Computer Instructions [tampering with the software]

4.  Data [altering / damaging / copying company’s data]

5.  Output [misuse of printed / displayed output]

6.  e-mail [altering the content]

1.      Removal of information

2.      Destruction of integrity

3.      Interference with web pages

4.      Virus by e-mail

5.      Interception of e-mail

6.      Interception of EFTs

 

Reasons for Internet Fraud

Ø             Unregulated (no license fee, no central authority)

Ø             Low cost

Ø             Global reach

Ø             Difficult to distinguish genuine from fraud

Ø             No verification system for genuineness of information

 

Preventing Computer Fraud

Ø             Adequate system security & regulation thereof.

Ø             Adequate appointment procedure for new joinees.

Ø             Proper action against fraudulent employees.

Ø             Manage the employees eager to take revenge.

Ø             Education & training regarding security & fraud prevention measures.

Ø             Developing a strong internal control system

Ø             Segregation & rotation of duties

Ø             Restriction on computer / data access

Ø             Encrypt data & programs

Ø             Protect telephone lines

Ø             Protect the system from virus

Ø             Control on use of laptop, floppy drives, etc.

 

Detection methods

Ø             Conduct audit at regular interval

Ø             Appointment of Computer security officer

Ø             Hiring of computer consultants

Ø             Maintenance of System activity log

Ø             Fraud detection software

Ø             Computer forensic tools – In this technique deleted files are recovered. Exact copy of disk is taken through disk imaging technique & investigation is done without the knowledge of the fraudster. [Disk Imaging & Analysis Technique]

 

Security methods

Ø             Take proper insurance cover

Ø             Keeping back-up at remote location

Ø             Develop contingency plan

Ø             Using special software to monitor the activities


Chapter-16

Cyber Laws and Information Technology Act, 2000

 

Objectives of the Act

Ø             Grant legal recognition to electronic transactions.

Ø             Legal recognition to digital signature

Ø             Facilitate electronic filing of documents.

Ø             Facilitate electronic storage of data

Ø             Facilitate EFTs

Ø             Recognition to books of account in electronic form

Scope of this Act

Extend to all over India and also to any offence committed thereunder outside India.

 

Definitions

Asymmetric Crypto System

Key Pair consisting of a private key (for creating digital signature) and a public key (to verify the digital signature).

 

Digital Signature

Authentication of electronic record by means of an electronic method.

Secure System {Hardware, Software & Procedure}

ü            Is secure from unauthorized access

ü            Provide a reasonable level of reliability

ü            Suited in performing the intended functions.

ü            Adhere to generally accepted security procedures.

Power of CG to make rules in respect of digital signature

1.            Type of digital signature

2.            Manner and format for affixing it.

3.            Manner & procedure to identify the originator.

4.            Control procedures to ensure security & confidentiality.

5.            Any other matter to give legal effect to digital signature.

Certifying Authority

Controller

                               License                                                   Issues digital certificates

 

 

 


 

Damage to Computer, Computer system, Computer network, Computer hardware  etc.

Ø            Accesses or secures access to

Ø            Downloads or copies any data from such                         Computer

Ø            Introduces or causes to introduce any virus into the           Computer System

Ø            Damages or causes to damage any                                   Computer Network

Ø            Denies or causes denial access to such                             Computer Resource etc.

Ø            Provides assistance to access to                                       (Compensation upto Rs. 1 Cr.)

Ø            Tampering or manipulating


Penalties

Ø            Failure to furnish information                    upto Rs.1.5 lakh for each failure

Ø            Failure to file return                                  upto Rs.5000/- per day

Ø            Failure to maintain books                         upto Rs.10000/- per day

Ø            Hacking with computer system                 upto 2 lakhs/imprisonment upto 3yrs./both

Ø            Misrepresentation                                    upto 1 lakh/imprisonment upto 2yrs/both

Ø            Breach of confidentiality                           upto 1 lakh/imprisonment upto 2yrs/both

Order of controller or adjudicating authority

Opportunity of being heard

Appeal to Cyber Appellate Tribunal

 

 


 

                     Within 45 days                                                                              within 6 mths

                      (+) extention

 

 

Order of CAT

(Set aside, confirm, modify the order appealed against)

Appeal to HC

(May be on Q. of law / fact)

 

 


 

                                                                 Within 60 days

 

                                                                                            (+)60 days

 

Compounding of offences

Ø            Either before or after institution of adjudication

Ø            Compounded by Controller or Adjudicating Officer

Ø            Similar contravention can not be compounded within 3 yrs.

Power of CG to make rules (Sec 87)

Ø            By notification in the official gazette and in the electronic gazette

Ø            Matters to be specified in the rules

ü            Manner of authentication by means of digital signature

ü            Electronic form of filing, issue, payment etc.

ü            Type and manner of affixing digital signature.

ü            Qualification, disqualification and terms & conditions of service of controller etc.

ü            Standards to be observed by controller

ü            Form and manner of application for license.

ü            Form for application for issue of digital certificate. etc.

 

Steps to create Digital Signature

Ø            Electronic record is converted into “Message Digest” using mathematical function known as “Hash Function” which freezes the electronic record.

Ø            Private Key attaches itself to the message digest.

Liabilities of Companies

Ø            Every person who was in-charge / responsible for day-to-day activity & the company shall be deemed to be guilty of such offense & shall be liable to be punished & proceeded against.

Ø            Every Manager, Director, Officer with whose connivance such offense was committed shall also be liable.

Ø            No liability if he proves his innocence.

 

è    Controller shall act as repository for all digital signatures issued under this act.

Chapter-17

Audit of Information Systems

 

Ø            Govt. policies & procedures are adhered

Ø            Training

Ø            Evaluation criteria of system

Ø            Adequate control over the network

Ø            Adequate security procedures

Ø            Back up & recovery procedures

 

Ø            An adequate audit trail

Ø            Control over the accounting

Ø            Handling exceptions

Ø            Testing

Ø            Control over changes to the system

Ø            Authorization procedures

IS Auditor must ensure that provisions are made for:

 

 

 

 

 

 

 

Computer auditing approach different from manual auditing

Ø            Electronic evidence

Ø            Computer terminology

Ø            Automated processes

Ø            Exposed to new risks

Ø            Reliance on adequacy of controls

Scope & Objectives of IS Audit

Ø            Computerised system & applications

Ø            Information processing facilities

Ø            System development

Ø            Management of IS

Ø            Client/server, telecommunications, and intranets

Computer Security

Ø            Accidental/Intentional damage, unauthorised access, modification, theft etc.

Ø            Control procedures to prevent fraud (antivirus, encryption, firewalls, back up & recovery)

Ø            Complete review of the entire system & procedures

Ø            Test of controls & ensuring proper implementation

Ø            Rectification of security weaknesses

Program development, acquisition & modification

Ø            Reviewing the existing internal control & its evaluation.

Ø            Reviewing the reasons for such development/modification

Ø            Analysis of system specifications.

Ø            Interviewing development personnel, managers & users

Ø            Identifying unauthorised instructions (reprocessing & parallel simulation techniques)

Parallel Simulation Technique (Source Code Comparision) – Compares the current source code with the original one to detect unauthorized modification.

Ø            Ascertaining that programs are properly tested.

Ø            Thorough review of all the documentation

Audit of Computer processing

Ø            Understand & evaluate the processing controls.

Ø            Ensure that they are practically followed

Ø            Periodical review of all the controls

Ø            Elimination of control deficiencies.

Ø            Test data processing – Processes a series of correct & incorrect data and reverse the effect of test data after auditing.

 

Concurrent Audit Techniques

(Continuous monitoring of system and input on a real time basis)

1.  Integrated test facility (fictitious records) – No need to reverse the test transactions & the user is unaware of this process of testing.

2.  Snapshot Technique – Snapshot data is stored in a separate file & is reviewed by auditor

3.  System control audit review file (SCARF) – Collects data of special transactions e.g. exceeding certain amount.

4.  Audit hooks – Flag suspicious transactions & display a message at the auditor’s terminal

5.  Continuous and Intermittent Simulation – This audit module works along with the DBMS like SCARF. It does parallel simulation & reports the discrepancy through a separate log file.

 

Analysis of Program logic

(Time consuming & require programming language proficiency)

1.  Automated flowcharting programs (Automatically generates flow-chart from source code)

2.  Automated decision table programs

Source Data Controls

Ø      Detection of inaccurate & unauthorised source data.

Ø      Input control matrix (control applied to each field of input data)

Ø      Periodical review of control procedures to maintain effectiveness

Data Files Controls

Ø      Data storage risk (access, modification, destruction)

Ø      Audit procedures checklist


Chapter-3

Basic Concepts of MIS

 

 

Management

Information

System

à Determining the objectives

à Developing plans

à Securing & organizing various resources

à Exercising adequate controls

à Monitoring the results

à Reprocessing of data & putting them into a meaningful & useful context

 

à Consisting of a no. of elements operating together for accomplishment of an objective.

 

 

Þ           MIS is a network of information that supports management decision making.

Þ           It uses the information resource for effective & better achievement of organizational objectives.

Þ           Canith defines “MIS as an approach that visualize the organisation as a single entity composed of various inter-related and inter-dependent sub-systems to provide timely & accurate information for management decision making.

 

Characteristics of an effective MIS

      1.     Management oriented [Development of MIS starts from the need of the management]

      2.     Management directed [management actively directs the MIS development]

      3.     Integrated [all the information sub-system works as a single entity]

      4.     Common Data Flow [common input, processing & output procedures & media]

      5.     Heavy planning element [consumes substantial time to develop]

      6.     Sub-system concept [entire MIS is divided into smaller sub-systems]

      7.     Common Database

      8.     Computerized

Misconceptions about MIS [and their clarifications]

           1.     MIS is about the use of computers [it may or may not involve computers]

           2.     More data in reports means better information for managers [quality of data and not the quantity of data is relevant]

           3.     Accuracy in reporting is of vital importance [Information may be approximate. Accurate information involves higher cost]

 

Pre-requisites of MIS

         i.     Database and DBMS

       ii.     Qualified system & staff

      iii.     Support of top management

     iv.     Adequate control & maintenance of MIS

       v.     Evaluation of MIS

Constraints in operating MIS

         i.     Non availability of experts

       ii.     Difficulty in dividing MIS into sub-systems

      iii.     MIS is non standardized

     iv.     Non co-operation from staff

       v.     Difficult to quantify the benefits of MIS

Effects of using computer MIS

         i.     Speed in information processing & retrieval

       ii.     Increases the usefulness of information system

      iii.     Scope of analysis widened

     iv.     Complexity of system design & operation

       v.     Integration of different information sub-system

Limitations of MIS

         i.     Effectiveness of MIS depends upon the quality of input

       ii.     Not a substitute of effective management

      iii.     MIS lacks flexibility

     iv.     Ignores the non quantitative factors (attitude & morale)

       v.     Useless for non programmed decisions

     vi.     Difficult to maintain privacy & secrecy

Types of information

 

Environmental Information

Competitive Information

Internal Information

à Govt. policies

à Factors of production

à Technological information

à Economic trend

à Industry demand

à Firm demand

à Competitive data

à Sales forecast

à Financial budget

à Supplier factors

à Internal policies

 

Levels of management & their information requirement

 

Top Level (Strategic Level)

Middle Level (Tactical Level)

Supervisory Level

à Determining the overall

     goals & objectives

à Economic / political /

     social information

à Competitive information

à Sales Manager, Purchase

    Manager, Finance Manager

à Most of the information is

     internal

à Demand & supply

     information

à Section officers, Foreman

à Instruct and supervise

     employees

à Make routine & day to

     day decisions.

 

Database

          It is a super-file that consolidates & integrates the data that was previously stored in different files.


Chapter – 4

Systems Approach & Decision Making

System Approach to Management

Þ    It’s a way of thinking about management problems.

Þ    Each problem should be examined in its entirety and effect of the proposed changes to each part of the organization e.g. changing from batch production to continuous production will affect finance, warehousing, purchase department, etc.

 

Decision-Making

Þ    It is a never-ending process of choosing a particular course of action out of several alternative courses for achievement of desired goals.

Þ    Pre-decisional, decisional & post-decisional functions are performed by management.

 

Steps involved in decision making

      1.     Defining the problem

      2.     Analyzing the reasons

      3.     Identifying the alternative solutions

      4.     Evaluation of the same

      5.     Selection of the best alternative

      6.     Implementation of the solution

Classification of decisions

      1.      Programmed & non-programmed decisions

      2.      Strategic & tactical decisions

      3.      Individual & group decisions

Functional Information Areas

 

Finance & Accounting

Production

Marketing

Personnel

Financial decision making involves decision regarding procurement & effective utilization of funds.

 

-   Estimation of funds & the timing.

-   Capital structure. (Optimum Mix)

-   Capital budgeting (Investment)

-   Profit planning

-   Tax management

-   Working capital management

-   Current Assets management.

-  Production Planning

-  Production Control

-  Material requirement planning (MRP)

 

Production Planning = What to produce + When to produce + How to produce.

Marketing bridges the gap between the firm & its customers.

 

-  Sales support & analysis.

-  Market research & intelligence.

-  Advertising & promotion.

-  Product development & planning.

-  Product pricing

-  Customer service

3 types of information

-  Internal

-  Competitive

-  Environmental

-  Proper recruitment

-  Placement

-  Training

-  Compensation

-  Maintenance

-  Health & Safety

Sources of information

-  Accounting information system

-  Payroll processing

 


Chapter – 5

Decision Support & Executive Information System

Decision Support System

Þ    It is a system that provides tools to managers to assist them in solving semi-structured & unstructured problems (it is not a means to replace the management).

Þ    Programmed Decision System replace human decision making (no management is involved).

 

Properties of DSS

 1.     Support semi-structured & unstructured decisions

 2.     Ability to adapt the changing needs

 3.     Ease of learning & use

Components of DSS

 1.     Users (Managers)

 2.     Databases

 3.     Planning Languages (General purpose, special purpose)

 4.     Model Base (Brain of the DSS, custom developed)

Tools of DSS

 1.    

Integrated Tools combines all these software in one package.

Data based software

 2.     Model based software

 3.     Statistical software

 4.     Display based software

DSS in Accounting

 1.     Cost Accounting System (Generally used in Health Care industry)

 2.     Capital Budgeting System (Calculates NPV, IRR of various projects)

 3.     Budget Variance Analysis System (Forecasting budget & analyzing variances)

 4.     General Decision Support System, etc.

Executive Information System

Þ          It is a DSS designed to meet the special needs of top-level management and having additional capabilities such as e-mail.

Þ          It provides on-line access to information in a useful & navigable format (mouse & touch screen driven, pictorial & graphical presentation).

Þ          Types of planning by top level management

          (i)     Strategic Planning (CEO level)

          (ii)     Tactical Planning (Planning to carry out Strategic Planning)

          (iii)    Fire Fighting (Major damage, new competitor, strike)

          (iv)    Control (General controls)

Þ          Characteristics of Information obtained in EIS

(i)            Unstructured                             (iv)       Informal Source

         (ii)           High degree of uncertainty         (v)        Lack of details

         (iii)          Future Orientation (Economic trend, govt. decision, consumer choice, competitor, etc.)


Chapter – 1

Basic concepts of systems

Ø            System is a set of inter-related elements that operate collectively to accomplish some common goal.

Ø            Abstract System is an orderly arrangement of independent ideas or constructs.

Ø            Physical System consists of physical elements rather than ideas.

Ø            It is a collection of elements that surround the system and often interact with the system.

Ø            The features that define and delineate a system form its boundary.

Ø            Sub-system is a part of larger system.

Ø            Inter-connections & interactions between the sub-systems are called interfaces.

Ø            Decomposition is the process of dividing a system into sub-systems and so on.

Ø            Simplification is the process of organizing sub-system to simplify their inter-connections (clusters of sub-systems are established).

Ø           

PROCESSING

INPUT

OUTPUT

Supra-system is an entity formed by a system / sub-system and its related systems / sub-system

 

 

Types of Systems

Þ          Deterministic System (Computer Program)

ü           Operates in a predictable manner

ü           Interaction among the parts is known with certainty

Þ          Probabilistic system (Inventory System)

ü           Describe in terms of probable behaviour

ü           Certain degree of error is always attached

Þ          Closed system

ü           No interaction across its boundary.

ü           Relatively closed system (it is a closed but not completely closed system in the physics sense).

 

Þ          Open System (Organisation)

ü           Actively interacts with other systems

ü           Tend to change to survive and grow due to change in external environment.

System Entropy

Ø            System Entropy means decay, disorder or dis-organisation of a system.

Ø            Negative entropy is the process of preventing entropy by input of matter, repair, replenish & maintenance.

 

System Stress & System Change

Ø            A stress is a force transmitted by a system’s supra-system that causes a system to change.

Ø            It arises due to 2 reasons :-          Change in the goal & Change in the achievement level.

Ø            Systems accommodate stress through structural changes or process changes.

Information

Þ          Information is data that have been put into a meaningful & useful context.

Þ          Characteristics

             (i)     Timeliness

           (ii)     Purposeful

          (iii)     Mode and Format (visual, verbal or written)

         (iv)     Redundancy

           (v)     Rate of transmission (bits per minute)

         (vi)     Frequency (daily, weekly, or monthly)

        (vii)     Completeness

      (viii)     Reliability

         (ix)     Cost-Benefit Analysis

Business Information System

Ø            Transaction Processing System

Ø            Management Information System

Ø            Decision Support System

Ø            Executive Information System

Ø            Expert System (Artificial Intelligence) – It replace the need for human expertise. It is useful for a specific area e.g. taxation problem, refinery, etc.


Chapter – 2

Transaction Processing System

Þ          Captures data and information reporting

Þ          Simplification of information processing by clustering business transactions

             a)     Revenue cycle

             b)     Expenditure cycle

             c)     Production cycle

             d)     Finance cycle

Components of transaction processing system

 1.     Input

 2.     Processing (on-line processing, batch processing)

 3.     Storage

 4.     Output

Types of codes used in transaction processing system

 1.     Mnemonic Codes

 2.     Sequence Codes

 3.     Block Codes

 4.     Group Codes