Making the Logical To-Be model physical requires additional analysis and a host of

decisions. Techniques for physical design include those that represent how processes and data stores
will be partitioned, how program control will be handled, and how the database will be organized. We
will illustrate in this section several techniques that facilitate the communications between system
users and developers, which are used to help ensure that system requirements are properly met.

Object-Oriented Techniques
An object orientation (O-O) to systems development became common in the 1990s as the
demand grew for client/server applications, graphical interfaces, and multimedia data. Objects can be
used with any type of data, including voice, pictures, music, and video. One of the primary
advantages of an O-O approach is the ability to reuse objects programmed by others. According to
industry observers, successful O-O approaches can produce big payoffs by enabling businesses to
quickly mock up prototype applications with user-friendly GUI interfaces. Application maintenance is
also simplified.
Object-oriented techniques have not been adopted at the original predicted levels for business
applications. Instead, organizations have taken a less aggressive approach that requires less change in
their practices, and vendors have enhanced their non-object-oriented technologies and tools with
object-oriented features.

Core Object-Oriented Concepts

Storing data and related operations together within an object is a key principle of O-O
approaches, referred to as encapsulation. Encapsulation also means that systems developed using O-O
techniques can have loosely coupled modules, which means they can be reused in other O-O
applications much more easily. A second major O-O principle is inheritance. That is, classes of objects
can inherit characteristics from other object classes. Every object is associated with a class of objects
that share some of the same attributes and operations.

INFORMATION SYSTEMS CONTROLS TO MINIMIZE BUSINESS

RISKS

Types of Control Mechanisms

Control mechanisms include management policies, operating procedures, and the auditing
function. Some aspects of control can be built into an information system itself, whereas others are the
result of day-to-day business practices and management decisions. Security controls related to the
technology infrastructuresuch as backup power supplies, network access control, and firewall
protectionare typically the purview of the IS organization. In addition, IS developers will include
some standard controls in all applications.

Controls in the Definition and Construction Phases

METHODOLOGY STANDARDS
The use of standard programming languages and
equipment means that systems developers will be more familiar with the tools and will be less likely
to make mistakes. VALIDATION RULES AND CALCULATIONS Edit rules, ideally stored with
the database, are also used to ensure that data are not missing, that data are of a valid size and type,
and that data match with other stored values. SYSTEM TESTING Certainly the most common and
effective of all IS controls is complete system testing. Each program must be tested individually and
in combination with the other programs in the application.

Controls in the Implementation Phase

Many application-level controls work in concert with managerial controls. User-managers are
responsible for being familiar with any firm-wide control mechanisms and identifying when
additional ones are needed for a specific application.
SECURITY The security of data and computers is necessary so that employees, customers,
shareholders, and others can be confident that their interactions with the organization are confidential
and the businesss assets are safe. BACKUP AND RECOVERY The ultimate protection against
many system failures is to have a backup copy. Periodically a file can be copied and saved in a
separate location such as a bank vault. Then, when a file becomes contaminated or destroyed, the
most recent version can be restored. AUDITING ROLES Critical business processes are subject to
periodic formal audits to assure that the processes operate within parameters.