Study Manual It and Business Processes

STUDY MANUAL
Foundation level
IT and Business Processes

2012
Second edition 2012
First edition 2010
ISBN 9781 4453 8012 4
Previous ISBN 9780 7517 8152 6
British Library Cataloguing-in-Publication Data

A catalogue record for this book
is available from the British Library.
Published by BPP Learning Media Ltd
All rights reserved. No part of this publication may

be reproduced or transmitted in any form or by any
means or stored in any retrieval system, electronic,
mechanical, photocopying, recording or otherwise
without the prior permission of the publisher.
We are grateful to CPA Australia for permission to

reproduce the Learning Objectives, the copyright of
which is owned by CPA Australia.
Printed in Australia
©
BPP Learning Media Ltd 2012
ii
Welcome to the next step in your career –
CPA Program
Today’s CPA Program is a globally recognised education program available around the world. All candidates
of CPA Australia are required to attain a predetermined level of technical competence before the CPA
designation can be awarded. The CPA Program foundation level is designed to provide you with an
opportunity to demonstrate knowledge and skills in the core areas of accounting, business and finance.
A pass for each exam is based on a determination of the minimum level of knowledge and skills that
candidates must acquire to have a good chance at success in the professional level of the CPA Program.
In 2012 you have more opportunities to sit foundation level exams, allowing you to progress through to the
professional level of the CPA Program at your own pace.
The material in this study manual has been prepared based upon standards and legislation in effect as at
1 September 2011. Candidates are advised that they should confirm effective dates of standards or
legislation when using additional study resources. Exams for 2012 will be based on the content of this study
manual.
Additional Learning Support

A range of quality learning products will be available in the market for you to purchase to further aid your
core study program and preparation for exams.
These products will appeal to candidates looking to invest in additional resources other than those
provided in this study manual. More information is available on CPA Australia’s website
www.cpaaustralia.com.au/learningsupport
You will also be able to source face-to-face and online tuition for CPA Program foundation level exams
from registered tuition providers. The tuition provided by these registered parties is based on current
CPA Program foundation level learning objectives. A list of current registered providers can be found on
CPA Australia’s website. If you are interested you will need to liaise directly with the chosen provider to
purchase and enrol in your tuition program.
iii
iv
Contents
Page
Introduction
Welcome to CPA Australia iii
Chapter features vi
Chapter summary viii
Answering multiple choice questions ix
Learning objectives x
Chapter
1 Organisational information infrastructure 1
2 Database concepts 53
3 ERP systems and data analysis 81
4 Systems design and development 105
5 Accounting information systems 137
6 Controls, security and privacy 183
7 Business processes 207
8 Distribution and reporting of accounting information 227
Revision questions 261
Answers to revision questions 275
Before you begin questions: answers and commentary 285
Glossary of terms 295
Index 313
Introduction v
Chapter features
Each chapter contains a number of helpful features to guide you through each topic.
Learning Show the referenced CPA Australia learning objectives.

objectives
Topic list Tells you what you will be studying in this chapter.
Introduction Presents a general idea of what is covered in this chapter.
Chapter summary Summarises the content of the chapter, helping to set the scene so that you can
diagram gain the bigger picture.
Before you begin This is a small bank of questions to test any pre-existing knowledge that you may
have of the chapter content. If you get them all correct then you may be able to
reduce the time you need to spend on the particular chapter. There is a
commentary section at the end of the Study Manual called Before you begin: answers
and commentary.
Section overview This summarises the key content of the particular section that you are about to
start.
Learning objective This box indicates the learning objective covered by the section or paragraph to
reference which it relates.
LO
1.2
Definition Definitions of important concepts. You really need to know and understand these
before the exam.
Exam comments These highlight points that are likely to be particularly important or relevant to
the exam. (Please note that this feature does not apply in every Foundation Level
study manual.)
Worked example This is an illustration of a particular technique or concept with a solution or

explanation provided.
Question This is a question that enables you to practise a technique or test your
understanding. You will find the solution at the end of the chapter.
Key chapter points Review the key areas covered in the chapter.
vi IT and Business Processes

Quick revision A quick test of your knowledge of the main topics in this chapter.
questions
The quick revision questions are not a representation of the difficulty of the
questions which will be in the examination. The quick revision MCQs provide you
with an opportunity to revise and assess your knowledge of the key concepts
covered in the materials so far. Use these questions as a means to reflect on key
concepts and not as the sole revision for the examination.
Revision The revision questions are not a representation of the difficulty of the questions
questions which will be in the examination. The revision MCQs provide you with an
opportunity to revise and assess your knowledge of the key concepts covered in
the materials so far. Use these questions as a means to reflect on key concepts
and not as the sole revision for the examination.
Case study This is a practical example or illustration, usually involving a real world scenario.
Formula to learn These are formulae or equations that you need to learn as you may need to apply
them in the exam.
Bold text Throughout the Study Manual you will see that some of the text is in bold type.
This is to add emphasis and to help you to grasp the key elements within a
sentence and paragraph.
Introduction vii
Chapter summary
This summary provides a snapshot of each of the chapters, to help you to put the syllabus as a whole and
the Study Manual itself into perspective.
Chapter 1 Organisational information infrastructure

Chapter 1 focuses on the core elements of an organisation's information infrastructure. Among the areas
covered are corporate networks, client-server applications and peer-to-peer applications.
Chapter 2 Database concepts

This chapter illustrates the application of database techniques in the context of accounting. We explore
issues surrounding data collection, database systems and data storage models. The ethical issues related to
data capture and storage are also covered.
Chapter 3 ERP systems and data analysis

In Chapter 3 we look at Enterprise Resource Planning (ERP) systems, focussing on the centralised database
and the workflow management aspects of these systems. We also look at how organisations can use data
analysis and data mining tools.
Chapter 4 Systems design and development

Chapter 4 illustrates the systems design and development process. We use the systems development life
cycle model to provide a framework for this. Project management techniques are also covered, with a focus
on project controls.
Chapter 5 Accounting information systems

Chapter 5 explains the role of accounting information systems in business. This includes an overview of the
evolution of accounting information systems and their importance to accountants. We also discuss the
relationship between ethics and accounting information systems.
Chapter 6 Controls, security and privacy

Our focus shifts in Chapter 6 to business system controls and the related issues of security and privacy.
We consider what controls are appropriate in a range of communication methods, including face-to-face,
telephone, web/Internet and mobile.
Chapter 7 Business processes

Chapter 7 considers the interrelationships between business processes and accounting information systems.
The material covers practical issues, for example the construction of business process diagrams and the
steps involved in changing business processes.
Chapter 8 Distributing and reporting accounting information

In Chapter 8 we explain the importance of ensuring accounting information is reported and distributed
appropriately. The increasing importance and use of XBRL (eXtensible Business Reporting Language) is
covered, as is the topical area of corporate watchdogs and regulators.
viii IT and Business Processes

Answering multiple choice questions
The questions in your exam will each contain four possible answers. You have to choose the option that
best answers the question. The three incorrect options are called distractors. There is a skill in
answering MCQs quickly and correctly. By practising MCQs you can develop this skill, giving you a better
chance of passing the exam.
You may wish to follow the approach outlined below, or you may prefer to adapt it.
Step 1 Attempt each question – starting with the easier questions which will be those at the start of
the exam. Read the question thoroughly. You may prefer to work out the answer before
looking at the options, or you may prefer to look at the options at the beginning. Adopt the
method that works best for you.
Step 2 Read the four options and see if one matches your own answer. Be careful with numerical
questions, as the distractors are designed to match answers that incorporate common errors.
Check that your calculation is correct. Have you followed the requirement exactly? Have you
included every stage of the calculation?
Step 3 You may find that none of the options matches your answer.
• Re-read the question to ensure that you understand it and are answering the
requirement
• Eliminate any obviously wrong answers
• Consider which of the remaining answers is the most likely to be correct and select
the option
Step 4 If you are still unsure make a note and continue to the next question. Some questions will
take you longer to answer than others. Try to reduce the average time per question, to allow
yourself to revisit problem questions at the end of the exam.
Step 5 Revisit unanswered questions. When you come back to a question after a break you often
find you are able to answer it correctly straight away. If you are still unsure have a guess. You
are not penalised for incorrect answers, so never leave a question unanswered!
Introduction ix
Learning objectives
CPA Australia's learning objectives for this Study Manual are set out below. They are cross-referenced to
the chapter in the Study Manual where they are covered.
IT and Business Processes
General overview
This exam covers a critical awareness of business processes in the context of information technology. It
requires an understanding of database concepts and data analysis tools, corporate networks and the design
and operations of business information and accounting systems. It also covers the key areas of information
controls and processes and the reporting of accounting information.
These are the topics that will be covered in the exam.
Topics
Chapter where
covered
LO1. Hierarchy of systems
LO1.1 Identify and explain the role of the core elements of an organisation’s
1
information infrastructure
LO1.2 Explain the hierarchy of systems 1
LO2. Database concepts
LO2.1 Illustrate the application of database concepts for accounting information 2
LO2.2 Explain the need for data collection and storage 2
LO2.3 Describe database systems and data storage models 2
LO2.4 Explain data modelling, design and implementation 2
LO2.5 Analyse controls for data and databases and their effectiveness 2
LO2.6 Identify and analyse the ethical issues related to data capture and storage 2
LO3. Data analysis tools
LO3.1 Identify and explain the role of application and data analysis tools 3
LO3.2 Illustrate the components of an enterprise-wide resource-management
system, highlighting the centralised database and workflow management 3
aspects of these systems
LO3.3 Analyse different types of productivity software 3
LO3.4 Describe data mining and its uses 3
LO4. Corporate networks
LO4.1 Identify and analyse the components of a corporate network 1
LO4.2 Illustrate typical corporate network configurations 1
LO4.3 Explain applications where client server and peer-to-peer architectures can
1
be used
LO4.4 Analyse control issues relating to the choice of network architecture 1
x IT and Business Processes

Chapter where
covered
LO5. Design, configuration and operations of information systems
LO5.1 Illustrate information systems design, configuration and operations 4
LO5.2 Distinguish between systems development and maintenance 4
LO5.3 Describe the systems development life cycle 4
LO5.4 Explain the activities undertaken during the review and maintenance stage of
4
the systems development life cycle
LO5.5 Explain aspects of the operation and maintenance of the systems
4
development life cycle
LO5.6 Identify and explain the role of typical controls used in project management 4
LO5.7 Describe typical controls used in systems design, development, and
4
maintenance activities
LO6. Accounting information systems
LO6.1 Explain the role of accounting information systems in business 5
LO6.2 Define an accounting information system 5
LO6.3 Illustrate the types of accounting information systems and their roles 5
LO6.4 Analyse the evolution of accounting information systems and their
5
importance to accountants
LO6.5 Identify and describe the key advantages and disadvantages of accounting
information systems
LO6.6 Explain the key differences between the various types of data processing
5
techniques
LO6.7 Analyse the relationship between ethics and accounting information systems 5
LO7. Information controls and processes
LO7.1 Describe and explain data quality principles 6
LO7.2 Explain the complementary roles of technical and procedural controls 6
LO7.3 Explain why a business system needs to use a mixture of preventive and
6
detective controls
LO7.4 Identify and explain common security and privacy issues relating to personal
6
web pages maintained by employees
LO7.5 Analyse security and privacy issues relating to electronic communication
6
methods used by employees
LO7.6 Construct an overview diagram of business processes 7
LO7.7 Produce an effective summary of business processes and systems 7
LO7.8 Explain the interrelationships between business processes and accounting
7
information systems
LO7.9 Analyse the difference in the controls needed when a transaction is
performed face-to-face compared with an electronic communication 6
channel, such as telephone, internet or mobile
LO7.10 Identify and explain the steps involved in changing business processes 7
Introduction xi
Chapter where
covered
LO8. Distribution and reporting of accounting information
LO8.1 Explain the importance of ensuring accounting information is reported and
8
distributed appropriately
LO8.2 Compose a list of internal and external stakeholders 8
LO8.3 Explain the concepts of reliability and transparency 8
LO8.4 Distinguish between hard and soft accounting data 8
LO8.5 Describe and explain the use of XBRL (eXtensible Business Reporting
8
Language)
LO8.6 Analyse the reasons for the problems encountered in trials of XBRL
8
concerning the quality of externally reported accounting information
LO8.7 Describe the role of corporate regulators in relation to the distribution and
reporting of accounting information
LO8.8 Describe the key reasons for the growth of corporate watchdogs and
8
regulators
Topic exam weightings
1 Hierarchy of systems 6%
2 Database concepts 6%
3 Data analysis tools 8%
4 Corporate networks 10%
5 Design, configuration and operations of information systems 10%
6 Accounting information systems 20%
7 Information controls and processes 20%
8 Distribution and reporting of accounting information 20%
TOTAL 100%
xii IT and Business Processes

Chapter 1
Organisational information
infrastructure
Learning objectives Reference

Hierarchy of systems LO1
Identify and explain the role of the core elements of an organisation's information LO1.1
infrastructure
Explain the hierarchy of systems LO1.2
Corporate networks LO4
Identify and analyse the components of a corporate network LO4.1
Illustrate typical corporate network configurations LO4.2
Explain applications where client server and peer-to-peer applications can be used LO4.3
Analyse control issues relating to the choice of network architecture LO4.4
Topic list
1 Identify the core elements of an organisation’s information infrastructure

2 Role of core elements of information infrastructure
3 The hierarchy of systems
4 Basic network types
5 Corporate networks
6 The components of a corporate network
7 Network control issues
1
Introduction
The IT platform, IT infrastructure and information architecture together make up an organisation's

information infrastructure. We start this chapter by looking at the core elements and explaining their role
within this infrastructure.
We then move on to consider the types of information systems organisations deploy, and explain how
these can be viewed as a hierarchy of systems.
We round off the chapter with an explanation about the components of a corporate network followed by a
discussion of the main types of network configuration and the associated control considerations.
2 IT and Business Processes

Before you begin
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
1 What do we mean by an organisation's IT infrastructure? (Section 1.2)
2 Define the term 'organisational IT platform'. (Section 1.2)
3 A workstation: (Section 2.2)
A is often called a PC.
B is a powerful, high-end microcomputer.
C is small and lightweight enough to be carried around with the user.
D is a central processing unit.
4 In the context of information systems, what is a DSS? (Section 3.4)
5 Executive support systems (ESS) are information systems that support which of the (Section 3.2)
following?
A day-to-day processes of production.
B decision making and administrative activities of middle managers.
C long range planning activities of senior management.
D knowledge and data workers in an organisation.
6 The term used to describe the arrangement of computers in a network is topology. (Section 4.1)
Name two different Local Area Network (LAN) topologies and draw a diagram to
illustrate each one.
7 Distinguish between a client-server network and a peer-to-peer network. (Section 5.4)
8 What is a routing table? (Section 6.1)
9 Apart from the Internet, why is the client and server system normally easier to (Section 7.2)
secure than a peer-to-peer network?
1: Organisational information infrastructure 3

LO
1.1
1 Identify the core elements of an organisation's
information infrastructure
Section overview
• An organisation's information infrastructure is made up of information technology (IT) devices,
IT services, data management, organisational information systems and IT staff.
1.1 Communications network

Although terms like 'national information infrastructure' and 'information superhighway' have only recently
become part of the language, societies have always had information infrastructures. From mail carried by
ship, rail and horse-drawn carriage, to the telegraph, telephone and wireless, we have developed means and
technologies that permit communications with others who are far from us. What is so dramatically different
about today's information infrastructure, however, is its power and reach. Digital technology, optical
transmission of information and the continuing surge in the microchip's data processing capability have
spawned a spreading communication network throughout the world. These technological developments
offer untold opportunities in fields as diverse as entertainment and industrial management.
Definition
An information infrastructure is defined as 'all of the people, processes, procedures, tools, facilities, and
technology which support the creation, use, transport, storage, and destruction of information'.
(Pironti, 2006)
1.2 Elements of the information infrastructure

The diagram below shows the relationship between the IT platform, IT infrastructure and the organisational
information systems. It illustrates how an organisation's information infrastructure includes the IT
infrastructure and the information systems but goes further by showing how the elements fit together to
meet the organisation's needs.
s
m
te
s ys
n
re a t io
ct u r m
rt u fo Information Systems
s In
ra
nf i
on
ati ture
rm uc IT services
fo st r
In ra Data and security management
f
in
IT IT personnel
m
or Software and hardware
atf
pl Networks and communications
IT

1.2.1 Information Technology (IT) infrastructure
Definition
The organisation's information technology (IT) infrastructure includes all the hardware, software,
databases, telecommunications, people and procedures that are configured to collect, manipulate, store and
process data resources into information products.
The Information Technology (IT) infrastructure can be separated into two layers: the IT platform and
IT services and data management
IT platform – refers to the hardware architecture and software framework (including application
frameworks), that allows software to run. (The terms 'platform' and 'environment' are used
interchangeably.) Typical platforms include a computer's architecture, operating system, programming
languages and program development system.
IT services – organisations require people to run and manage their IT infrastructure, including training
employees to use the technologies. Most organisations will have an information systems department to
perform at least part of this role; others may use external agencies or consultants to help in this task.
Service management ensures IT resources are aligned with business requirements, and allows the IT
department to appropriately identify points of flexibility and adaptability within the services they provide.
This ensures service issues and change requirements are handled efficiently and effectively.
The Service Desk is at the point in service management where people, process and technology blend to
deliver a business service. It provides the essential daily contact between customers, users, IT service and
any relevant third-party support organisation. The Service Desk not only handles incidents, problems and
questions but also provides an interface for other activities such as change requests, maintenance contracts,
software licenses, configuration management, availability management and financial management.
Question 1: Information systems

What term is used to refer to all of the computer-based information systems used by organisations, and
their underlying technologies?
A digital technology
B information technology
C productivity technology
D network technology
(The answer is at the end of the chapter)
Definition
Data management comprises all the disciplines related to managing data as a valuable resource.
Organisations record and collect data (in databases) relating to transactions, inventory, employees,
customers and suppliers. This data must be organised and managed so it can be accessed and analysed for
operational purposes and informed management decision making.
1.2.2 Role of organisational information systems
Definition
An information system uses the resources of people, hardware, software, data, and networks to
perform input, processing, output, storage and control activities.

It can also be defined technically as a set of interrelated components that collect (or retrieve), process,
store and distribute information to support decision making and control in an organisation.
The purposes of an information system are to process input, maintain data, handle queries, handle online
transactions, and generate and display or print reports.
A computer-based business system involves seven interdependent elements. These are hardware, software,
procedures, people, data, information (processed data), and feedback. All the elements interact to convert
data into information.
Hardware resources include the computer, its peripherals, and consumables such as stationery.
Software is the programs running on these computers.
Procedures are the rules and steps to accomplish the defined goals of the system. Many of the procedures
are expressed as software. For instance, banking systems have their predefined rules for providing interest
at different rates for different types of accounts.
People comprise managers, programmers, users and the staff required to operate the system and make it
LO functional.
1.1
Data and Information – information systems collect a large amount of data, but data are not useful until
they have been processed (e.g. analysed, collated and summarised) to become information. In general, as
information is presented to higher levels of management, more data are compressed into smaller amounts
of information.
Feedback – in information systems, feedback is information from the system that is used to make changes
to input or processing activities. For example, errors or problems might make it necessary to correct the
input data itself, or to change the way data is collected.
Control of system
Feedback Feedback
performance
Input of data Processing Output of

resources data into information products
information
Storage of data resources
All these components together make a complete functional system.
Example: Feedback and forecasting

When payroll data is being entered, the number of hours an employee worked might be incorrectly entered
as 400 instead of 40. This should be immediately detected as an impossible value by the data collection
software, which would provide feedback to the operator, who would correct the error.
Feedback is also important for managers and decision makers. For example, a furniture maker could use a
computerised feedback system to link its suppliers and workshops. The output from the information system
might indicate that inventory levels for certain types of wood were getting low. A manager could use this
feedback to decide to order more wood from a supplier. These new inventory orders become input to the
system.
In addition to this reactive approach, a computer system can be proactive – forecasting future sales and
ordering more inventory (just) before a shortage occurs, and so allowing the company to function with
lower stock levels.

Within the organisation information is required for:
• planning.
• controlling.
• recording transactions.
• performance measurement.
• decision making.
The major roles of an information system include:
• supporting business processes.
• supporting decision making for managers, allowing them to make decisions based on data rather than
guesses.
• support in making strategic decisions for competitive advantage – may require innovative use of
information technology.
Strategic uses of information systems
Improving Promote business Locking in customers

Strategy business processes innovation and suppliers
Use IT to reduce Use IT to improve

costs of doing Use IT to create
quality
Role of IT business new products or
services
Use IT to link business
to customers and
suppliers
Enhance Create new Maintain valuable

Outcome
efficiency business customers and
opportunities relationships
In general, information systems offer either operations or management support:
Information systems
Operations support Management support

systems systems
Transaction Process Enterprise Management Decision Executive

processing control collaboration information support information
systems systems systems systems systems systems
Operations support systems:

The role of an organisation's operations support systems is to:
• effectively process business transactions.
• control industrial processes.
• support enterprise communications and collaboration.
• update corporate databases.

Transaction Processing Systems (TPS) focus on processing the data generated by business
transactions (sales, purchases, inventory changes). TPS also produce a variety of information products for
internal or external use (customer statements, sales receipts and payslips).
Process control systems (PCS) make use of computers to control ongoing physical processes. Software
automatically makes decisions that adjust the physical production process. Examples include petroleum
refineries and the assembly lines of automated factories.
Enterprise collaboration systems are information systems that use a variety of information
technologies to help people work together to:
• collaborate and communicate ideas.
• share resources.
• co-ordinate co-operative work between teams.
Management support systems (MSS) comprise any of the following:
• Management Information Systems (MIS) – see Section 3.3
• Decision Support Systems (DSS) – see Section 3.4
• Executive Information systems (EIS) – see Section 3.2
1.3 Successful information systems

Building, operating and maintaining successful information systems is complex and challenging.
Managers must consider the following challenges:
Information infrastructure How to develop information systems and an information technology
challenge infrastructure that supports the organisation's business goals.
Globalisation challenge Understanding the business and system requirements of a global economic
environment and developing integrated multinational information systems to cope
with the restrictive trans-border dataflow legislation in many countries.
Information systems Can organisations determine the business value of information systems? This
investment challenge challenge focuses on how organisations can access and realise a return on their
investment in information systems.
Responsibility and control Can organisations design systems that people can control and understand and
challenge how can they ensure that their information systems are used in an ethically and
socially responsible manner? The potential for massive fraud, error, abuse, and
destruction is enormous. Systems must be designed so that they function as
intended.
Question 2: Support systems

Distinguish between management support systems and operations support systems.
LO
1.1 2 Role of core elements of information infrastructure
Section overview
• The organisation's information infrastructure consists of five major resources; people, hardware,
software, data and network resources.
An information system uses the resources of people, hardware, software, data and networks to perform
input, processing, output, storage and control activities that convert data resources into information
products. Data is first collected and converted to a form that is suitable for processing (input). Then the
data is manipulated and converted into information (processing), stored for future use (storage), or
communicated to the ultimate user (output) according to correct processing procedures (control).

2.1 People resources
People are required for the operation of all information systems. These people resources include end users
and information system specialists.
End users, also called users or clients, are people who use an information system or the information it
produces. Most of us are information end users and most end users in business are knowledge workers i.e.
people who spend most of their time communicating and collaborating in teams of workgroups and
creating, using and distributing information.
Information system specialists are people who develop and operate information systems. They include
system analysts, software developers, system operators and other managerial, technical and clerical IS
personnel.
• System analysts design information systems based on the information requirements of end users.
• Software developers create computer programs based on the specifications of systems analysts.
• System operators monitor and operate large computer systems and networks.
2.2 Hardware resources

Definition
Hardware means the various physical components that comprise a computer system, which are used to
perform input, processing and output activities.
Hardware resources include all the physical components (such as computers, peripherals,
telecommunications networks) and materials (such as paper, memory sticks and so forth) used in
information processing. The trend in the computer industry is to produce smaller, faster and more mobile
hardware.
Input devices include keyboards, mice, and document scanners with OCR (optical character recognition)
software. Banks may use voice response technology to allow consumers to access their balances and other
information with spoken commands.
Processing devices include computer chips that contain the central processing unit and main memory.
Advances in chip design allow faster speeds, less power consumption and larger storage capacity. A single
chip may have the power of a 1990s era supercomputer.
Output devices include printers, plotters, and computer screens. Mobile devices such as phones and
tablets are increasingly being used as output devices for corporate information. Touchscreens displaying
data in graphic form allow the data and files to be manipulated with the user’s fingers. Data can also be
written to CDs and DVDs.
Computers come in a variety of types designed for different purposes, with different capabilities and costs:
(a) Personal computers (PCs) are inexpensive general purpose computers widely used in homes and
businesses. Popular uses include word processing, surfing the web, sending and receiving e-mail,
spreadsheet calculations, database management, editing photographs and creating graphics.
(b) Workstations are more powerful computers, usually for technical or scientific applications, such as
complex graphics or intensive calculations. They are normally part of a network.
(c) Servers provide a service for many client computers (frequently PCs) over a network. They may
provide users with additional processing power, or file handling, or more specific facilities such as
ticketing or news.

PCs come in two major varieties, desktop computers and laptop computers:
(a) Desktop computers are larger and not meant to be portable. They usually sit in one place on a
desk or table and are plugged into a wall outlet for power. The case of the computer holds the
motherboard, drives and the power supply and expansion cards. This case may lay flat on the desk,
or it may be a tower that stands vertically (on the desk or under it).
(b) Laptop or notebook computers are small and lightweight enough to be carried around with the
user. They run on battery power, but can also be plugged into a wall outlet. They typically have a
built-in LCD screen that folds down to protect the display when the computer is carried around.
They also feature a built-in keyboard and some kind of built-in pointing device (such as a touch pad).
Tablets, such as the Apple iPad, fit easily into a small briefcase and have a touch screen which (when
required) displays an on-screen keyboard, allowing the screen to occupy almost the whole area of the slate.
With the trend toward a highly mobile workforce, the use of handheld devices such as Personal Digital
Assistants (PDAs) e.g. Apple's iPhone, is growing at an ever-increasing rate. These devices are relatively
inexpensive productivity tools that are quickly becoming a necessity in government and industry. Most
handheld devices can be configured to send and receive electronic mail and browse the Internet using
wireless communications. While such devices have their limitations, they are nonetheless extremely useful
in managing appointments and contact information, reviewing documents and spreadsheets, corresponding
via electronic mail and instant messaging, delivering presentations, and accessing remote corporate data.
2.3 Software resources

Definition
Software is the name given to programs or sets of programs that instruct and manage computers and
other hardware devices.
Software consists of the computer programs that govern the operation of the computer. These programs
allow a computer to process payroll, send bills to customers and provide managers with information to
increase profits, reduce costs and provide better customer service. The two types of software are:
(a) System software, such as Windows 7, which controls basic computer operations including start-up
and printing, and
(b) Applications software, such as Microsoft Office, for specific tasks including word processing and
creating spreadsheets. Although most software can be installed from CDs, many of today's software
packages can be downloaded through the Internet. Sophisticated application software, such as Adobe
Creative Suite, can be used to design, develop, print and place professional-quality advertising,
brochures, posters, prints and videos on the Internet.
Question 3: Definition
An information system can be defined technically as a set of interrelated components that collect (or
retrieve), process, store and distribute information to support:
A decision making and control in an organisation.
B managers analysing the organisation's raw data.
C communications and data flow.
D the creation of new products and services.

2.4 Data resources
Data constitutes a valuable organisational resource and must be managed effectively to benefit all end users
in an organisation. The data resources of the information infrastructure are typically organised into:
(a) Databases – a collection of logically-related records and files. A database consolidates many
records previously stored in separate files, so that a common pool of data records serves many
applications. An organisation's database can contain facts and information on customers, employees,
inventory, competitors' sales, on-line purchases and much more.
(b) Knowledge bases – which hold knowledge in a variety of forms such as facts and rules of inference
about particular subjects.
The terms data and information are often used interchangeably, but there is the following major distinction:
Data are raw facts or observations, typically about physical phenomenon or business transactions. More
specifically, data are objective measurements of the attributes (characteristics) of entities such as people,
places, things and events.
Information is processed data, which has been placed in a meaningful and useful context for an end user.
Data is subjected to a 'value-added' process (data processing or information processing) where:
• its form is aggregated, manipulated and organised.
• its content is analysed and evaluated.
• it is placed in a proper context for a human user.
2.4.1 Data management
Definition
Data management is the development, execution and supervision of plans, policies, programs and
practices that control, protect, deliver and enhance the value of data and information assets.
Aspects of data management include:

(a) Data governance. This refers to the overall management of the availability, usability, integrity, and
security of the data employed in an enterprise. A sound data governance program includes a
governing body or council, a defined set of procedures, and a plan to execute those procedures:
(i) The initial step in the implementation of a data governance program involves defining the
owners or custodians of the data assets in the enterprise.
(ii) A policy must be developed that specifies who is accountable for various portions or aspects
of the data, including its accuracy, accessibility, consistency, completeness, and updating.
(iii) Processes must be defined concerning how the data is to be stored, archived, backed up, and
protected from mishaps, theft, or attack.
(iv) A set of standards and procedures must be developed that defines how the data is to be used
by authorised personnel. Finally, a set of controls and audit procedures must be put into place
that ensures ongoing compliance with government regulations.
(b) Data architecture, analysis and design including data modelling.
(c) Database management including data maintenance, database administration and the database
management system.
(d) Data security management including data access, privacy and erasure.
(e) Data quality management including data cleansing, integrity and quality assurance.
(f) Reference and master data management, which covers data integration.
(g) Data warehousing and business intelligence management.
(h) Document, record and content management.

(i) Metadata management including publishing and registry. Metadata describes other data. It provides
information about a certain item's content. For example, an image may include metadata that
describes how large the picture is, the colour depth, the image resolution, when the image was
created, and other data. A text document's metadata may contain information about how long the
document is, who the author is, when the document was written, and a short summary of the
document. Web pages often include metadata in the form of meta tags, and search engines use these
when adding pages to their search index.
2.5 Network resources

Definition
Telecommunications is the electronic transmission of signals for communications, which enables
organisations to carry out their processes and tasks through effective computer networks.
Telecommunications networks like the Internet, intranets and extranets have become essential to the
successful electronic business and commerce operations of all types of organisations and their computer-
based information systems. Telecommunications networks consist of computers, communications
processors and other devices interconnected by communications media and controlled by communications
software. Network resources include:
• Communications media – such as twisted-pair wire, coaxial cable, fibre-optic cable and
microwave, cellular and satellite wireless systems.
• Network support – people, hardware, software and data resources that directly support the
operation and use of a communications network.
Local area networking is dominated by Microsoft Server, but strong growth of Linux challenges this
dominance. Enterprise networking comprises almost entirely Linux or UNIX. Cisco, Lucent, Nortel and
Juniper Networks continue to dominate networking hardware.
The telecommunications services market is highly dynamic; in Australia this sector is currently dominated
by the telecommunications provider, Telstra. Other telecommunications providers include Optus (owned
by Singapore Telecommunications), AAPT and Powertel (both owned by Telecom New Zealand), Soul (SP
Telemedia), Vodaphone Hutchison 3G (3 Mobile). The sector is in a state of rapid growth and technological
development, and subject to frequent changes of participants e.g. currently there is rapid growth of non-
telephone Wi-Fi and Wi-Max services and Internet telephony.
We discuss mobile technology in more detail in Section 5.
3 The hierarchy of systems

Section overview
• Organisations use a range of information systems relevant to a number of functional areas at
different levels of the organisation. When viewed collectively, this is sometimes referred to as a
hierarchy of systems.
3.1 Types of information system

A computer-based information system (CBIS) is an information system that uses computer technology to
perform at least some of its tasks. Today, almost all information systems used by organisations are
computerised. Therefore, the term information system (IS) has become associated with computer-based
information systems.

Organisations require different types of information system to provide different levels of information
LO
1.2 in a range of functional areas. One way of portraying this concept is shown on the following diagram.
Type of information system Group served

Strategic Level Senior
EIS or ESS Managers
Management Middle
MIS and DSS Level Managers
Knowledge Knowledge and

KWS and OAS
Level Data Workers
and DSS
Operational Operational
TPS Level Managers
Sales and Manufacturing Finance Accounting Human

Marketing Resources
System level System purpose

Strategic To help senior managers with long-term planning. Their main function is to ensure changes in
the external environment are matched by the organisation's capabilities.
Management To help middle managers monitor and control. These systems check if things are working well
or not. Some management-level systems support non-routine decision making such as 'what if?'
analyses.
Knowledge To help knowledge and data workers design products, distribute information and perform
administrative tasks. These systems help the organisation integrate new and existing knowledge
into the business and to reduce the reliance on paper documents.
Operational To help operational managers track the organisation's day-to-day operational activities. These
systems enable routine queries to be answered, and transactions to be processed and tracked.
There are six major types of information systems to serve the needs of each of the four levels of an
organisation.
LO
1.2
Organisation level Type of information system
Strategic Executive Information Systems (EIS) or Executive Support Systems (ESS)
Middle Decision Support Systems and Management Information Systems
Knowledge Knowledge Work Systems and office automation
Operational Transaction Processing System
3.2 Executive Information Systems (EIS) or Executive Support

Systems (ESS)
Definition
Executive Support Systems (ESS) or Executive Information Systems (EIS) provide a generalised
computing and communication environment to senior managers to support strategic decisions.

Executive Information Systems draw data from the MIS and allow communication with external sources of
information. But unlike DSS, they are not designed to use analytical models for specific problem solving. EIS
are designed to facilitate senior managers' access to information quickly and effectively. They have
• menu driven user friendly interfaces.
• interactive graphics to help visualisation of the situation.
• communication capabilities linking the executive to external databases.
An EIS summarises and tracks strategically critical information from the MIS and DSS and includes data from
external sources e.g. competitors, legislation and databases such as Reuters.
A good way to think about an EIS is to imagine the senior management team in an aircraft cockpit, with the
instrument panel showing them the status of all the key business activities. EIS typically involve lots of data
analysis and modelling tools such as what-if analysis to help strategic decision making.
A model of a typical EIS is shown below:
EIS
workstation
Menus
Graphics
Communications
Local processing
EIS EIS
workstation workstation
Internal data External data
TPS/MIS data Share prices

Menus Financial data Market research Menus
Graphics Office systems Legislation Graphics
Communications Modelling/analysis Competitors Communications
Local processing Local processing
3.3 Management Information Systems (MIS)

Definition
Management Information Systems (MIS) convert data from mainly internal sources into information
(e.g. summary reports, exception reports). This information enables managers to make timely and effective
decisions for planning, directing and controlling the activities for which they are responsible.
Management Information Systems generate information for monitoring performance (e.g. productivity
information) and maintaining co-ordination (e.g. between purchasing and accounts payable).
MIS extract, process and summarise data from the TPS and provide periodic (weekly, monthly, quarterly)
reports to managers.
Today MIS are becoming more flexible by providing access to information whenever needed, rather than
pre-specified reports on a periodic basis. Users can often generate more customised reports by selecting
subsets of data (such as listing the products with 2 per cent increase in sales over the past month), using
different sorting options (by sales region, by salesperson, by highest volume of sales) and different display
choices (graphical, tabular).
MIS have the following characteristics:
• Support structured decisions at operational and management control levels.
• Designed to report on existing operations.
• Have little analytical capability.
• Relatively inflexible.
• Have an internal focus.

3.4 Decision Support Systems (DSS)
Definition
Decision Support Systems (DSS) combine data and analytical models or data analysis tools to support
semi-structured and unstructured decision making.
Decision Support Systems (DSS), which are sometimes called Business Intelligence Systems, and
Management Information Systems (MIS) serve the middle management level. They are specifically designed
to help management make decisions in situations where there is uncertainty about the possible outcomes of
those decisions. DSS comprise tools and techniques to help gather relevant information and analyse the
options and alternatives. They often use complex spreadsheet and databases to create 'what-if' models.
Decision support systems are intended to provide a wide range of alternative information gathering and
analytical tools with a major emphasis upon flexibility and user-friendliness.
DSS have more analytical power than other systems enabling them to analyse and condense large volumes
of data into a form that helps managers make decisions. The objective is to allow the manager to consider a
number of alternatives and evaluate them under a variety of potential conditions.
DSS are user-friendly and highly interactive. Although they use data from the TPS and MIS, they also allow
the inclusion of new data, often from external sources, such as current share prices or prices of
competitors.
A DSS has three fundamental components:
1 Database management system (DBMS): Stores large amounts of data relevant to problems the
DSS has been designed to tackle.
2 Model-based management system (MBMS): Transforms data from the DBMS into information
that is useful in decision making.
3 Dialogue generation and management system (DGMS): Provides a user-friendly interface
between the system and the managers who do not have extensive computer training.
3.5 Knowledge Work Systems

Definitions
Knowledge Work Systems (KWS) are information systems that facilitate the creation and integration
of new knowledge into an organisation.
Knowledge Workers are people whose jobs consist primarily of creating new information and
knowledge. They are often members of a profession such as doctors, engineers, lawyers or scientists.
Knowledge Work Systems (KWS) support highly skilled knowledge workers in the creation and integration
of new knowledge into the company. Computer Aided Design (CAD) systems used by product designers
not only allow them to make modifications easily without having to redraw the entire object (just like word
processors for documents), but also enable them to test the product without having to build physical
prototypes. 3-D graphical simulation systems like GRASP (Graphical Robotics Applications Simulation
Package) are used by British Aerospace and Rolls Royce for evaluating and programming industrial robots.
Architects use CAD software to create, modify, evaluate and test their designs; such systems can generate
photo realistic pictures, simulating the lighting in rooms at different times of the day, perform calculations,
for instance on the amount of paint required. Surgeons use sophisticated CAD systems to design
operations.
Financial institutions are using knowledge work systems to support trading and portfolio management with
powerful high-end PCs. These allow managers to get instantaneous analysed results on huge amounts of
financial data and provide access to external databases.

Question 4: Decision support systems
Decision support systems (DSS) are often referred to as:
A business support systems.
B business information systems.
C business model systems.
D business intelligence systems.
3.6 Office Automation Systems (OAS)

Definition
Office Automation Systems (OAS) are computer systems designed to increase the productivity of data
and information workers.
OAS support the major activities performed in a typical office such as document management, facilitating
communication and managing data. Examples include:
• word processing, desktop publishing, and digital filing systems.
• e-mail, voice mail, videoconferencing, groupware, intranets, schedulers.
• spreadsheets, desktop databases.
Office Automation Systems (OAS) support general office work for handling and managing documents
and facilitating communication. Text and image processing systems evolved from word processors to
desktop publishing, enabling the creation of professional documents with graphics and special layout
features. Spreadsheets, presentation packages like PowerPoint, personal database systems and note-taking
systems (appointment book, notepad and card file) are part of OAS.
OAS create, handle and manage documents (through word processing and desktop publishing), manage
workflow and scheduling, help manage client portfolios and help with communication (through electronic
mail, electronic bulletin boards, voice mail and teleconferencing).
3.7 Transaction processing systems (TPS)

Transaction processing systems (TPS) are used for routine tasks where transactions must be processed so
that operations can continue. A business will have several (sometimes many) TPS, for example:
• Billing systems to send invoices to customers
• Systems to calculate the weekly and monthly payroll and tax payments
• Production and purchasing systems to calculate raw material requirements
• Stock control systems to process all movements into, within and out of the business
A TPS will process transactions using either batch processing, which involves transactions being grouped
and stored before being processed at regular intervals; or on-line processing, which involves transactions
being input and processed immediately.
TPS are vital for the organisation, as they gather all the input necessary for other types of systems.
Generating a monthly sales report for middle management or critical marketing information to senior
managers would not be possible without TPS. They provide the basic input to the company's database.
A failure in the TPS often means disaster for the organisation. When the reservation system at one of the
airlines fails all operations stop, no transactions can be carried out until the system is up again. Long queues
form in front of ATMs and tellers when a bank's TPS crashes.

Question 5: Analytical power
Which of the following systems has more analytical power than other types of system?
A decision support systems
B executive support systems
C management information systems
D transaction processing systems
3.8 Relationship of systems to one another

Different types of systems exist in organisations. Not all have all of the types of systems described here.
Many organisations may not have knowledge work systems, executive support systems or decision support
systems. But most make use of office automation systems and have a portfolio of information system
applications based on TPS and MIS (marketing systems, manufacturing systems, human resources systems).
The field of information systems is moving so quickly that the features of one particular type of system are
integrated to other types (e.g. MIS having many of the features of ESS). System characteristics evolve and
new types of systems emerge.
4 Basic network types

Section overview
• Topology refers to how a computer network is physically arranged.
• A local area network (LAN) is a system of linked PCs and other devices such as printers.
• A wide area network is a network of computers which are dispersed on a wider geographical
scale than LANs.
• Centralised network architecture involves all processing being carried out on one or more
processors at a single central location.
• Distributed network architectures spread the processing power throughout the organisation
at several different locations.
• Client-server networks include server computers that hold and provide resources to the
network.
• In a 'peer-to-peer' network each computer has equivalent capabilities and responsibilities –
devices communicate directly with each other.
Definition
The term network is a general term used to describe any computing system that includes connected
computers.
A computer network is made up of a number of connected computers and other devices, for example a
number of connected PCs and printers. Networks are popular because they provide a number of users
with access to resources (e.g. data files, printers and software).

4.1 Network topology
Definition
Topology refers to how a computer network is physically arranged.
4.1.1 Topology in network design

The virtual shape or structure of a network is referred as topology. This shape does not necessarily
correspond to the actual physical layout of the devices on the network. For example, the computers on a
small enterprise Local Area Network (LAN) may be arranged in a circle in an office, but it would be highly
LO
unlikely to find a ring topology there.
4.1
Network topologies can be any of the following basic types: bus, ring, star, tree or mesh.
More complex networks can be built as hybrids of two or more of the above basic topologies.
Network topology Type of topology
Bus topology Bus topology

This topology was fairly popular in the early years of networking.
Bus networks use a common backbone to connect all devices. A
single cable – the backbone – functions as a shared communication
medium that devices attach or tap into with an interface connector.
Ring topology Ring topology

Ring topology, using FDDI, SONET or Token Ring technologies, is
pretty much obsolete. All messages travel through a ring in the same
direction (either clockwise or counter clockwise). A failure in any
cable or device breaks the loop and can take down the entire
network.
Star topology and extended star topology Star topology

One of the most popular technologies for Ethernet LANs is the star
and extended star topology, The star topology is made up of a
central connection point that is a device such as a hub, switch, or
router, where all the cabling segments meet. Devices typically
connect to the hub with Unshielded Twisted Pair (UTP) Ethernet
(see Section 6). Because each host is connected to the central
device with its own cable, when that cable has a problem, only that
host is affected, the rest of the network remains operational.
Extended star topology

The extended star topology has one or more repeaters between
the central node (the 'hub' of the star) and the peripheral or 'spoke'
nodes, the repeaters being used to extend the maximum
transmission distance of the point-to-point links between the central
node and the peripheral nodes.

Network topology Type of topology
Tree topology Tree topology

Tree topologies can be viewed as a collection of star networks
arranged in a hierarchy. In a building-wide network the use of
routers (see section 6) creates a type of tree topology.
The tree has individual peripheral nodes (e.g. leaves) which are
required to transmit to and receive from one other node only and
are not required to act as repeaters or regenerators. Unlike the star
network, the functionality of the central node may be distributed.
As in the conventional star network, individual nodes may thus still
be isolated from the network by a single-point failure of a
transmission path to the node. If a link connecting a leaf fails, that
leaf is isolated; if a connection to a non-leaf node fails, an entire
section of the network becomes isolated from the rest.
Mesh topology Mesh topology

Unlike each of the previous topologies, messages sent on a mesh
network can take any of several possible paths from source to
destination. A mesh network in which every device connects to
every other is called a full mesh. However, partial mesh networks
also exist in which some devices connect only indirectly to others.
The Internet is a packet-switching network with a distributed mesh

topology. Information travels in packets across a network that
consists of multiple paths to a destination. Networks are
interconnected with routers, which forward packets along paths to
their destinations. The mesh topology provides redundant links. If a
link fails, packets are routed around the link along different paths.
The Internet is sometimes called a backbone network, but this is

misleading since the Internet is actually many backbones that are
interconnected to form a mesh.
4.2 Centralised and decentralised network architectures

LO The term system architecture is often used to describe the way in which the various components of an
4.1 information system are linked together. In the following paragraphs we discuss the theory behind
centralised and distributed systems. However, in reality many systems include elements of both.
4.2.1 Centralised network architecture
Definition
A centralised architecture can be defined as 'processing performed in one computer or in a cluster of
coupled computers in a single location'.
Centralised network architectures use a centralised file server to provide the majority of services to the
LO
4.2 workstations on the network. File and print services are easily the most popular but may be augmented
with communication, directory, backup and a number of other services.

LO
4.2
High security installations may require that the PCs used do not have any CD drives, floppy drives or USB
ports. No email sites should be allowed on the workstations.
Centralised architectures could be based in a single location or spread over multiple locations. For example,
both a local area network (LAN) and a wide area network (WAN) could utilise a centralised architecture
(these terms are explained later in this section).
Advantages of centralised architectures include the following:
(a) There is one set of files. Everyone uses the same data and information.
(b) It gives better security/control over data and files and automatic back up. It is easier to enforce
standards and easier to support.
(c) Head office (where the computer is usually based) is able to control computing processes and
developments.
(d) An organisation might be able to afford a very large central computer, with extensive processing
capabilities that smaller 'local' computers could not carry out.
(e) There may be economies of scale available in purchasing computer equipment and supplies.
The main disadvantages of centralised architectures include the following:
(a) This type of system is not particularly flexible. Resources must be placed on the server to be shared.
For example, a file produced by one user must be transferred to the server before it can be made
available to other users.
(b) Local offices might experience processing delays or interruptions.
(c) Reliance on head office. Local offices rely on head office to provide information they need.
(d) If the central computer or cluster breaks down, or the software develops a fault, the entire system
goes out of operation.

4.2.2 Decentralised or distributed network architectures
Definition
Distributed architectures spread the processing power throughout the organisation at several different
locations. With modern distributed systems, the majority of processing power is held on numerous
personal computers (PCs) spread throughout the organisation.
An example of a distributed architecture, with a combination of stand-alone PCs and networks spread
throughout an organisation, is shown in the following diagram:
LO
4.2
Key features of distributed architectures:

(a) Many computers have their own processing capability (CPU).
(b) Some sharing of information is possible via communication links.
(c) The systems are usually more user-friendly than mainframe based systems.
(d) End-users are given responsibility for, and control over, programs and data.
Advantages of distributed architectures:
(a) There is greater flexibility in system design. The system can cater for both the specific needs of each
local user of an individual computer and also for the needs of the organisation as a whole, by
providing communications between different local computers in the system.
(b) Since data files can be held locally, data transmission is restricted because each computer maintains
its own data files which provide most of the data it will need. This reduces the costs and security
risks in data transmission.
(c) Speed of processing.
(d) There is a possibility of a distributed database. Data is held in a number of locations, but any user can
access all of it for a global view.
(e) The effect of breakdowns is minimised, because a fault in one computer will not affect other
computers in the system.
(f) Allows for better localised control over the physical and procedural aspects of the system.
(g) May facilitate greater user involvement and increase familiarity with the use of computer technology.
Disadvantages of distributed architectures:
(a) There may be some duplication of data on different computers, increasing the risk of data
inaccuracies.
(b) A distributed network can be more difficult to administer and to maintain, as several sites require
access to staff with IT skills.
(c) An increasingly significant disadvantage of distributed architectures is security. This includes the
introduction of malware and making the unauthorised copying of data onto memory sticks and the
like. Even computers isolated from the Internet can be infected with malware; e.g. the stuxnet
worm, which was specifically written to be spread by memory sticks.

4.2.3 Grid computing
Distributed computing environments pool the processing power of many computers.
One possible business application involves making use of spare CPU time on client machines across the
network to make more efficient use of computing resources. This grid computing model has been used
for heavy number crunching in scientific research and in a limited way in some corporate applications such
as data mining and Computer Aided Design (CAD). Grid computing is also used by some financial services
and scientific firms to utilise the processing power available on employees' PCs.
4.2.4 Cloud computing
Wikipedia defines cloud computing as the delivery of computing as a service rather than a product,
whereby shared resources, software, and information are provided to computers and other devices as a
utility (like the electricity grid) over a network (typically the Internet).
Cloud computing is essentially the management and provision of applications, information and data as a
service. These services are provided over the internet, often on a consumption-based model.
People who have an e-mail account with a Web-based e-mail service like Hotmail, Yahoo! Mail or Gmail will
have already used some form of cloud computing. Instead of running an e-mail program on your computer,
you log in to a Web e-mail account remotely. The software and storage for your account exists on the
service's computer cloud - not on your computer. Google is one of the most prominent companies offering
software as a free online service to billions of users across the world. The internet giant hosts a set of
online productivity tools and applications in the cloud such as email, word processing, calendars, photo
sharing, and website creation tools.
A cloud can be private or public. A public cloud sells services to anyone on the Internet. (Currently,
Amazon Web Services is the largest public cloud provider.) A private cloud is a proprietary network or a
data centre that supplies hosted services to a limited number of people. When a service provider uses
public cloud resources to create their private cloud, the result is called a virtual private cloud. Private or
public, the goal of cloud computing is to provide easy, scalable access to computing resources and IT
services.
A cloud service has three distinct characteristics that differentiate it from traditional hosting.
• It is sold on demand, typically by the minute or the hour. You pay for cloud services only when
you use them, either for the short term (for example, for CPU time) or for a longer duration (for
example, for cloud-based storage or vault services). Cloud computing involves shifting the bulk of
the costs from capital expenditures (or buying and installing servers, storage, networking, and

related infrastructure) to an operating expense model, where you pay for usage of these types of
resources.
• It is elastic - a user can have as much or as little of a service as they want at any given time. Cloud
computing allows for the expansion and reduction of resources according to specific service
requirement. For example, a large number of server resources may be required only for the
duration of a specific task.
• The service is fully managed by the provider (the consumer needs nothing but a personal computer
and Internet access).
4.3 Area networks

One way to distinguish between the different types of computer network designs is by their scope or scale.
For historical reasons, the networking industry refers to nearly every type of design as some kind of area
network. Local Area Networks and Wide Area Networks were the original categories of area networks,
while the others have gradually emerged over many years of technology evolution.
4.3.1 Local Area Network (LAN)

A Local Area Network (LAN) connects network devices over a relatively short distance. A networked
office building, school, or home usually contains a single LAN, though sometimes one building will contain a
few small LANs (perhaps one per room), and occasionally a LAN will span a group of nearby buildings.
In addition to operating in a limited space, LANs are also typically owned, controlled, and managed by a
single person or organisation.
PC PC PC
Shared Database and
LO
4.2
Network
Server
Switch
Shared printer
PC PC
Internetwork processor to other networks
A LAN configuration typically consists of:

(a) A file server – stores all of the software that controls the network, as well as the software that can
be shared by the computers attached to the network.
(b) A workstation – computers connected to the file server (Macs or PCs). These are less powerful
than the file server
(c) Cables – used to connect the network interface cards in each computer.
4.3.2 Wide Area Network

A Wide Area Network (WAN) is a computer network that spans a relatively large geographical area.
Typically, a WAN consists of two or more local-area networks (LANs). Computers connected to a wide-
area network are often connected through public networks, such as the telephone system. They can also be
connected through leased lines or satellites. Numerous WANs have been constructed, including public

packet networks, large corporate networks, military networks, banking networks, universities, stock
brokerage networks, and airline reservation networks. Some WANs are very extensive, spanning the globe,
but most do not provide true global coverage. Organisations supporting WANs using the Internet Protocol
are known as Network Service Providers (NSPs). These form the core of the Internet, which is the largest
WAN in existence.
A WAN is a geographically-dispersed collection of LANs. A network device called a router connects LANs
to a WAN.
The main differences between a LAN and a WAN are as follows:
(a) The geographical area covered by a WAN is greater, not being limited to a single building or site.
(b) WANs will send data over telecommunications links.
(c) WANs will often use a larger computer as a file server.
(d) WANs will often be larger than LANs, with more terminals or computers linked to the
network.
(e) A WAN can link two or more LANs, using gateways (see Section 6).
4.3.3 Virtual Private Network
A Virtual Private Network (VPN) is a network technology which gives the owner the ability to share
information with others on the network by means of a private, exclusive link that is created by a method
other than hard-wires or leased lines; usually via the internet. Before the internet, computers in different
offices, cities or even countries could only talk to each other like people could - through telephone wires.
For computer A to talk to computer B, there had to be a physical wire connection. For security reasons,
you would want to make sure that only your two computers used that line, so you would contract with a
vendor to ‘lease’ that circuit. With the advent of the internet, connections no longer needed to be physical.
As long as each computer has access to the internet, information can be shared using local ISP circuits. This
is why the way VPN works is considered a ‘virtual’ network; the entire connection is not hard-wired.
There are four critical functions:
(i) Authentication – validates that the data was sent from the sender.
(ii) Access control – limiting unauthorised users from accessing the network.
(iii) Confidentiality – preventing the data from being read or copied as it is being transported.
(iv) Data integrity – ensuring that the data has not been altered.
Advantages of VPN include the following:
• Security - VPNs provide the highest level of security by using advanced encryption and authentication
protocols that protect data from unauthorised access. The data is not only encrypted, but it is
encapsulated, meaning it is sent in its own private ‘tunnel’ or connection across the internet. No one
can see the data, and even if they could, they could not decipher or change it.
• Cost savings - VPNs enable organisations to use the global Internet to connect remote offices and
remote users to the main corporate site, thus eliminating expensive dedicated WAN links.
• Scalability - because VPNs use the Internet infrastructure within ISPs and devices, it is easy to add
new users. Corporations are able to add large amounts of capacity without adding significant
infrastructure.
• Compatibility with broadband technology - VPN technology is supported by broadband service
providers such as Digital Subscriber Line (DSL) - a local telephone network - and cable, so mobile
workers and telecommuters can take advantage of their home high-speed Internet service to access
their corporate networks.

Industries that may use a VPN include:
• Healthcare: enables the transferring of confidential patient information within the medical facilities
and health care provider
• Manufacturing: allow suppliers to view inventory and allow clients to purchase online safely
• Retail: able to securely transfer sales data or customer information between stores and the
headquarters
• Banking/Financial: enables account information to be transferred safely within departments and
branches
• General business: communication between remote employees can be securely exchanged.
4.3.4 Other types of area networks
While LAN, WAN and VPN are by far the most popular network types mentioned, you may also
commonly see references to the following:
(a) Wireless Local Area Network (WLAN) – a LAN based on WiFi wireless network technology
(b) Storage Area Network (SAN) – connects servers to data storage devices through a technology
like Fibre channel.
(c) System Area Network - links high-performance computers with high-speed connections in a
cluster configuration. Also known as Cluster Area Network.
(d) Client-server networks consist of two kinds of computer. The clients are usually computer
workstations sitting on the desks of employees in an organisation. The servers are usually more
powerful computers and are held in a central location or locations within an organisation. There are
several types of servers, for example file servers which store and distribute files and applications, and
print servers which control printers. Client/Server networks need client software which is installed
on the workstations and in addition, they also need server software such as Windows NT® Server
or Novell Netware®.
(e) Peer-to-peer networks have workstations connected to each other but do not have servers. Files
can be shared between workstations, and a printer connected to one workstation can be accessed
by another workstation. Peer-to peer networks are often much simpler to set up than client/server
networks. However, they lack some of the advantages normally associated with networks such as
centrally managed security and ease of backing up files.
5 Corporate networks
5.1 Definition
A corporate network is a combination of computer hardware, cabling, network devices, and computer
software owned by the same company and used together to allow computers to communicate with each
other. The purpose of the network is to provide easy access to information, thus increasing productivity for
LO users.
4.1
Many different types and locations of networks exist. You might use a network in your home or home
office to communicate via the Internet, to locate information, to place orders for merchandise, and to send
messages to friends. You might work in a small office that is set up with a network that connects other
computers and printers in the office. You might work in a large enterprise in which many computers,
printers, storage devices, and servers communicate and store information from many departments over
large geographic areas.

In a corporate network, a number of locations might need to communicate with each other:
A corporate or main office is a site where everyone is connected via a network and where the bulk of
corporate information is located. A Corporate office can have hundreds or even thousands of people who
depend on network access to do their jobs. A main office might use several connected networks, which can
span many floors in an office building or cover a campus that contains several buildings.
A variety of remote access locations use networks to connect to the main office or to each other.
• Branch offices - in branch offices, smaller groups of people work and communicate with each other
via a network. Although some corporate information might be stored at a branch office, it is more
likely that branch offices have local network resources, such as printers, but must access information
directly from the main office.
• Home offices - when individuals work from home, the location is called a home office. Home office
workers often require on-demand connections to the main or branch offices to access information
or to use network resources such as file servers.
• Mobile users - connect to the main office network while at the main office, at the branch office, or
travelling. The network access needs of mobile users are based on where the mobile users are
located.
Corporate network components - all networks share many common components. The network is basically
sharing of information via network components. Some of the most essential network components are listed
here and we will analyse these individually later in this chapter:
• Applications
• Protocols
• Computers
• Network devices
• Media types
5.2 Types of network

Before deciding on how to connect computers together some questions need to be asked. For example:
• What purpose needs to be accomplished?
• How many peripherals need to be shared?
• Do any documents need to be accessed by more than one person?
A Network Operating System (NOS) is installed onto each PC that requires network access. The NOS
controls the exchange and flow of the data packets that make up the files, electronic mail, web pages and so
on that pass through the network. Linux and all versions of Microsoft Windows since Windows 2000
include NOS features.
There are two basic types of network: client-server and peer-to-peer.

5.3 Client-Server Networks
Definition
A client-server network is a configuration in which desktop PCs or similar devices are regarded as
'clients' that request access to services available on a more powerful server PC, for example access to files,
or to printing or to e-mail facilities.
The Client-Server network model usually consists of one or more server computers that provide services
LO
4.3 to a number of workstation computers. Such services include: file handling, web access, email, printing, and
applications such as ticket reservations. An example of the Client-Server network model is the Internet.
On the Internet, the clients are computers with web browsers, which access web sites that are hosted on
servers.
A server is a host or central computer that is dedicated to managing the logistics of routing data,
information, and processing capacity among the clients on the system. In small networks, the server might
be a single PC. On larger networks, the server can be a group of computers or a mainframe.
Clients on a network are typically PCs or workstations on which users run applications. Clients rely on
servers for resources, such as files, devices, and sometimes processing power.
In the client-server diagram below, the client computers are separate and subordinate to the file server.
The primary applications and files used by each of the clients are stored in a common location on the file
server. File servers are often set up so that each user on the network has access to an individual directory,
along with a range of 'public' or shared directories where applications and data are stored. If the clients
want to communicate with each other, they must do so through the file server. A message from one client
to another client is first sent to the file server, where it is then routed to its destination by the server.
If clients need access to the Internet, say, this will usually be via the server and a broadband connection.
LO
4.2
The server may also allow access to the network from the Internet. Users with an Internet terminal
anywhere in the world, once a connection has been established and passwords verified, can access
programs or data on the network just as if they were seated at one of its local workstations.
5.3.1 Client-server software

Client-server systems aim to locate software where it is most efficient – based on the number and location
of users requiring access and the processing power required. There are three main types of software
applications:
(a) Corporate applications are run on the central (or corporate) server. These applications are
accessed by people spread throughout the organisation, and often require significant processor
power (e.g. a centralised Management Information System).
(b) Local applications are used by users within a particular section or department, and therefore are
run on the relevant local or departmental server (e.g. a credit-scoring expert system may be held on
the server servicing the loans department of a bank).
(c) Client applications may be unique to an individual user, e.g. a specialised Executive Support
System (ESS). Other software that may be run on client hardware could include 'office' type
software, such as spreadsheet and word processing programs. Even though many people may use
these applications, individual copies of programs are often held on client hardware – to use the
processor power held on client machines.

5.3.2 The advantages of client-server computing
The advantages of a network that uses the client-server approach are as follows:
Advantage Comment
Greater resilience Processing is spread over several computers. If one server breaks down, other
locations can carry on processing.
Scalability They are highly scalable – hardware can be added as required.
Shared programs and Program and data files held on a file server can be shared by all the PCs in the
data network. Data duplication is avoided.
Shared workloads Each PC in a network can do the same work.
If there were separate stand-alone PCs, A might do job 1, B might do job 2, C
might do job 3 and so on. In a network, any PC, (A, B or C) could do any job (1, 2
or 3). This provides flexibility in sharing workloads.
Shared peripherals Peripheral equipment can be shared. For example, in a LAN, five PCs might share a
single printer.
Communication LANs can be linked up to the office communications network. Electronic mail,
calendar and diary facilities can be used.
Compatibility Client-server systems are more likely than centralised systems to have Windows
interfaces, making it easier to move information between applications such as
spreadsheets and accounting systems.
5.3.3 The disadvantages of client-server computing

The client-server approach has two main drawbacks compared to a mainframe with dumb terminals:
Disadvantage Comment
Less powerful than large Mainframes are more suited to dealing with very large volumes of transactions.
mainframes
Control can be difficult It is easier to control and maintain a system centrally with a mainframe. In
particular, it is easier to keep data secure.
5.4 Peer-to-Peer (P2P) networks

Peer-to-peer (P2P) computing is a form of distributed processing that links computers via the Internet or
private networks so that they can share processing tasks. This enables users to share files via
interconnected private or public networks. Each peer PC makes a portion of its resources (processing,
storage, files, network bandwidth and peripherals such as printers) available to others.
Unlike client-server networks, where network information is stored on a centralised file server PC and
made available to tens, hundreds, or thousands of client PCs, the information stored across peer-to-peer
networks is decentralised. Each PC acts as both a client (information requestor) and a server (information
provider).
In a local P2P system, the peers communicate with each other directly, without needing a central computer.
All the computing nodes are equal. In the diagram below, three peer-to-peer workstations are shown.

The advantages of local peer-to-peer over client-server network operating systems include:
• No need for a network administrator.
• Network is fast/inexpensive to setup and maintain.
• Each PC can make backup copies of its data to other PCs for security.
• Easiest type of network to build, peer-to-peer is perfect for both home and office use.
5.4.1 Comparison of client-server and local peer-to-peer networks
Client-server Peer-to-peer
(i) One PC on the network acts as the server or (i) Each PC is an equal.
controller.
(ii) The server controls network resources. (ii) PCs are not reliant on the server for access to
network resources.
(iii) Network access and security are controlled (iii) Can be set-up using standard PC operating system
centrally. software.
(iv) The server requires an operating system with (iv) Generally simpler and lower cost.
network capability.
5.4.2 Centralised peer-to-peer networks
Structure could be added to the system shown in the diagram above by making some of the nodes
responsible for routing data and allocating resources, and in a fully centralised P2P system the peers
interact with each other via a central server. Access to the server may be over the Internet.
The server may just function to connect two peers together, or supply additional resources or index and
keep track of the resources that the peers make available (usually files). Also, instead of building an index,
the server may just ask each of the peers if they have a particular resource that another peer wants (again,
usually a file), and, if there is a positive response, link the two peers together so that the file can be
transferred.
Such file transferring is widespread, and may infringe copyright, particularly with music and video files. In
business it can be useful for providing and accessing user guides and manuals or for a group collaborating on
a project - although for security any use of the Internet will normally be restricted to a VPN (Virtual Private
Network).
5.5 Applications where client server and peer-to-peer architectures

can be used
Exchanging files is just one way of sharing resources among networked computers. Sharing and
collaborating via the Internet today can happen by:
• Dividing the load of performing large computations.
• Collaborating in creating media or software.
• Conversing online.
• Organising into online communities.
Examples of centralised P2P applications operating over the Internet are:
• Skype (voice and video calls)
• Bitcoin (money transfer)
• Facebook (social networking).
5.5.1 Instant Messaging and Social Networking

Some businesses communicate using Instant Messaging (IM). This allows interconnected users to exchange
text messages and files. IM is also used for 'live' customer service provision. Organisations such as
LO
4.3 Microsoft, AOL and BlackBerry offer free messaging tools. The use of social media such as Facebook and
LinkedIn is becoming very significant in corporate PM strategies. As well as being used by employees as

alternatives to the telephone or email, social networking sites give businesses a fantastic opportunity to
widen their circle of contacts. Using Facebook, for example, a small business can target an audience of
thousands without much effort or advertising. With a good company profile and little in terms of costs, a
new market opens up, as do the opportunities to do business.
Social networking sites are applications and, as such, are generally not a problem for organisations. It is the
people who use them that are a cause for concern. The headlines seem to confirm every employer's
prejudices: ‘Twitter costs businesses £1.4bn’ and ‘Facebook scandal – 233 million hours lost monthly as
employees waste time on social networking’. Even the BBC in the UK advertises its Facebook presence
with ‘Say goodbye to worktime boredom’.
In chapter 6 we discuss the security problems associated with many social networking websites.
5.5.2 Shared storage and bandwidth

The decentralised and distributed nature of local P2P systems gives them the potential to be robust to faults
or intentional attacks, making them ideal for long-term storage. Local P2P can also distribute the burden of
supporting network connections, eliminating bandwidth issues. P2P proponents believe businesses could
save millions by using distributed computing setups that take advantage of unused bandwidth and resources.
File sharing enables organisations to work collaboratively, and can open up intellectual property and data
that would otherwise be hidden in departmental offices and servers.
P2P can help corporations unleash the knowledge locked away on workers' PCs. P2P connections allow
knowledge workers to communicate, collaborate and create.
New capabilities for e-business include:
• Connecting and enabling the links that make up a complete supply chain.
• Distributing information, content, or software more effectively in a cascading manner - similar to
turning a single pipe into an ever expanding network of connections.
• Keeping details that are needed for e-commerce but occupying large amounts of storage, or likely to
change in time, on their original node. A central directory or a search capability can refer queries to
the source. This is useful for estate agents, catalogues, classified advertising, auctions, and many
other e-commerce activities.
• Providing a natural foundation on which to develop online community games that are not centrally
controlled. The developers can focus on the game’s features, instead of the interface to the
communications protocol.
• Overcoming the problems of stale data and a single source for answering inquiries by searching
directly across the horizon of the community.
Case study
Intel uses P2P to streamline the distribution of computer-based training materials to employees. Rather
than have employees download huge multimedia files from a central server, it developed an application on
LO every desktop to reduce the network burden. When a user requests a course, the application searches for
4.3
it on local desktops, gradually widening the search until it finds the closest source.
Question 6: Technology
An arrangement of several computers connected together is called:
A client-server
B client
C computer network
D hub

5.5.3 Concerns with P2P networks
Almost all organisations still rely upon a centralised server as a way to control and secure critical data and
host their e-commerce applications.
The decentralised nature of P2P brings two main concerns – security and lack of control.
5.5.4 Security
The potential security concerns for P2P software can be categorised as follows:
• Denial of Service - every user of a P2P program is soaking up network bandwidth. If enough users
are transferring large files it can cause network resources to be tied up.
• Security Holes - e.g. Freely available software can allow users to ‘sniff’ for open ports on a peer
machine.
• Confidentiality - the P2P application is installed on a ‘trusted device’ that is allowed to communicate
through the organisation’s firewall with other P2P users. Once the connection is made from the
trusted device to the external Internet, attackers can gain remote access to the trusted device for
the purpose of stealing confidential corporate data, launching a Denial of Service attack or simply
gaining control of network resources.
• Malware - just as average users can freely distribute any files they choose, malicious users can freely
distribute Trojan horse applications and viruses.
• Information Gathering - disclosure of IP and MAC addresses, connection speed.
An article in the Scientific American reported that, in 2009, classified or sensitive files found on file-sharing
networks included: the Secret Service safe house location for the first lady, the Social Security numbers of
every master sergeant in the Army and the medical records of 24,000 patients of a Texas hospital.
5.5.5 Control
Unfortunately, because P2P networks are installed on local client machines and link directly to the Internet,
those client machines are wide open to abuse that is uncontrolled by standard information security
measures. P2P networking can circumvent an organisation’s security by providing decentralised security
administration, decentralised shared data storage, and a way to get round critical perimeter defences such
as firewalls.
Sharing is endorsed or repealed by each machine's user. Passwords can be assigned to each individual
shared resource whether it is a file, folder, drive or peripheral, again done by the user. Although this
solution is workable on small networks, it introduces the possibility that users may have to know and
remember the passwords assigned to every resource and then re-learn them if the user of a particular
machine decides to change them. Due to this flexibility and individual discretion, security can be a major
concern because users may give passwords to other unauthorised users, allowing them to access areas of
the network that the company does not permit. Furthermore, due to lack of centralisation, it is impossible
for users to know and remember what data lives on what machine, and there are no restrictions to prevent
them from over-writing files. This of course cripples attempts to organise proper backups.
Applications such as Kazaa have been popular with music-loving Internet users for several years, and many
users take advantage of their employers’ high-speed connections to download files at work. Over and above
the potential for productivity loss and the overload of network bandwidth with unauthorised file sharing
activities, P2P networks can:
• Enable the exchange of copyrighted material in a way that violates intellectual property laws.
• Allow an employee to share files in a manner that violates an organisation’s security policies. For
example, if instant messaging applications like those provided by AOL, Microsoft and Yahoo are used
to discuss sensitive information, an attacker can read all the messages that are sent back and forth
across the network or Internet by using a network-monitoring program.
• Allow bundled adware applications to be installed on the network without the user's knowledge.

5.6 Intranets and extranets
'Inter' means 'between': 'intra' means 'within'; 'extra' means 'outside'. This may be a useful reminder of some
of the inter-related terminology in this area.
The Internet is used to disseminate and exchange information among the public at large.
Definition
An Intranet is an internal or private network of an organisation based on Internet technology (such as
hypertext and TCP/IP protocols) and accessed over the Internet. An intranet is meant for the exclusive use
of the organisation and is protected from unauthorised access with security systems such as firewalls.
Intranets provide services such as email, data storage, and search and retrieval functions, and are employed
in disseminating policy manuals and internal directories for the employees, price and product information
for the customers, and requirements and specifications for the suppliers. Some intranets are confined to a
building whereas others span continents.
An intranet is used to disseminate and exchange information 'in-house' within an organisation. A firewall
is a security device that effectively isolates the sensitive parts of an organisation's system from those areas
available to external users. It examines all requests and messages entering and exiting the Intranet and
blocks any not conforming to specified criteria.
The idea behind an intranet is that companies set up their own mini version of the Internet. Each employee
has a browser, used to access a server computer that holds corporate information on a wide variety of
topics, and in some cases also offers access to the Internet.
Intranets are used for the following:
(a) Performance data: linked to sales, inventory, job progress and other database and reporting systems,
enabling employees to process and analyse data to fulfil their work objectives.
(b) Employment information: on-line policy and procedures manuals (health and safety, disciplinary and
grievance), training and induction material, internal contacts for help and information.
(c) Employee support/information: advice on first aid, healthy working at computer terminals, training
courses offered and resources held in the corporate library and so on.
(d) Notice boards for the posting of messages to and from employees: notice of meetings, events and
trade union activities.
(e) Departmental home pages: information and news about each department's personnel and activities
to aid identification and cross-functional understanding.
(f) Bulletins or newsletters: details of product launches and marketing campaigns, staff moves, changes in
company policy – or whatever might be communicated through the print equivalent, plus links to
relevant databases or departmental home pages.
(g) E-mail facilities for the exchange of messages, memos and reports between employees in different
locations.
(h) Upward communication: suggestion schemes, feedback questionnaires.
(i) Individual personnel files, to which employees can download training materials, references,
certificates and appraisals.
Definition
An extranet is a private network that uses Internet technology and the public telecommunication system
to securely share part of a business's information or operations with suppliers, vendors, partners,
customers, or other businesses. An extranet can be viewed as part of a company's intranet that is extended
to users outside the company.

Extranets are web based but serve a combination of users. They are private, secure extensions of the
enterprise via the corporate Intranet. Whereas an intranet resides behind a firewall and is accessible only to
people who are members of the same company or organisation, an extranet provides various levels of
accessibility to outsiders.
Only those outsiders with a valid username and password can access an extranet, with varying levels of
access rights enabling control over what people can view. Extranets are becoming a very popular means for
business partners to exchange information. They can share data or systems to provide smoother
transaction processing and more efficient services for customers.
An extranet may be used to:
• provide a pooled service which a number of business partners can access.
• exchange news which is of use to partner companies and clients.
• share training or development resources.
• publicise loyalty schemes, sponsorships, exhibition attendance information and other promotional
tools.
• exchange potentially large volumes of transaction data using Electronic Data Interchange (EDI).
• provide online presentations to business partners and prospects (and not competitors).
• share news of common interest exclusively with partner companies.
• collaborate with other companies on joint development efforts.
The basic components of an Extranet are a constant Internet connection via a router, an HTTP server, a
firewall and the essential data and files. All the infrastructure and applications can sit inside the firewall or
outside in a secure area called a demilitarised zone (DMZ). An organisation could connect its browser
based purchase order system to the product catalogue database on a supplier's Intranet (see diagram
below).
VendorIntranet
Vendor Intranet
LO
4.2
Firewall
Firewall
Catalogue
Catalogue Wiring
Wiring hub
hub
database
database
Router
Router
Internet
Internet
Router
Router
Mainframe
Mainframe
Firewall
Firewall
Customer
CustomerIntranet
Intranet
Customer
Customer
purchase
purchase order
order
service
service

Question 7: Intranets and extranets
Discuss the benefits associated with intranets and extranets.

5.7 Mobile technology

Mobile technology is exactly what the name implies – technology that is portable.
Mobile computing has two major characteristics that differentiate it from other forms of computing:
Mobility – implies portability based on the fact that users carry a mobile device everywhere they go.
Therefore, users can initiate real-time contact with other systems from wherever they happen to be.
Broad reach – is the characteristic that describes the accessibility of people. They can be reached at any
time.
These characteristics break the barriers of geography and time, creating unique value added attributes.
(a) Ubiquity refers to the attribute of being available at any location at any given time. A mobile terminal
in the form of a smartphone or a PDA offers ubiquity.
(b) Convenience – it is very convenient for users to operate in the wireless environment. All they need
is an Internet enabled mobile device such as a smartphone.
(c) Instant connectivity – mobile devices enable users to connect easily and quickly to the Internet,
intranets, other mobile devices and databases.
(d) Personalisation – refers to customising the information for individual consumers.
(e) Localisation of products and services. Knowing the user’s physical location at any particular moment
is key to offering relevant products and services.
5.7.1 Mobile devices
Examples of mobile IT devices include:

• laptop and netbook computers.
• palmtop computers, personal digital assistants (PDAs) and tablets.
• mobile phones and 'smart phones'.
• global positioning system (GPS) devices.
• wireless debit/credit card payment terminals.
Mobile devices can be enabled to use a variety of communications technologies such as:
• wireless fidelity (WiFi) – a type of wireless local area network technology.
• Bluetooth – connects mobile devices wirelessly.
• 'third generation' (3G), global system for mobile communications (GSM) and general packet radio
service (GPRS) data services – data networking services for mobile phones.
• dial-up services – data networking services using modems and telephone lines.
• virtual private networks – secure access to a private network.
It is therefore possible to network the mobile device to a home office or the Internet while travelling.
These are other benefits to be obtained:
(a) Mobile computing can improve the service offered to customers. For example, after meeting with
customers their details can be updated over the Internet using a customer relationship management
(CRM) system.
(b) Alternatively, the technology enables customers to pay for services or goods without having to go to
the till. For example, by using a wireless payment terminal diners can pay for their meal without
leaving their table.

(c) Handheld computers, personal digital assistants (PDAs) or tablets are devices that run cut-down
versions of 'standard' office software packages. The small size of handhelds can make extended use
inconvenient, but they are ideal for remote access to email, schedules and documents. Some PDAs
can also be used as mobile phones. Although costing significantly more than a PDA, the tablet has all
the features that PDA's possess while providing the ability to work in full programs.
(d) Laptop computers and netbooks give the full functionality of a desktop PC and can handle the full
range of office software. They can be used to access the Internet via a landline, a mobile phone, or
wireless data services, and check emails while travelling, or to connect to an office network.
(e) Wireless-enabled devices can also be used to connect to the Internet, office or email inbox using the
wireless 'hot spots' that are often available in public places such as railway and service stations, e.g
wireless fidelity networks (WiFi).
WiFi or Wireless Fidelity is a technology that facilitates the mobile use of laptop computers and personal
handheld devices away from the home or office. WiFi networks are created through an array of hundreds
and even thousands of local 'hotspots' throughout metropolitan areas.
Initially, hotspots were few and far between but can now be found in most major airports, hotels,
bookstores, coffee houses, shopping centres, and even car dealerships.
Municipal WiFi is a newer application that is gaining popularity quickly nationwide. Numerous cities across
the country are partnering with ISPs (such as EarthLink) to build wireless networks that blanket every inch
of their city.
This new technology removes the need to be near a localised hotspot and provides wireless access to all
residents and businesses within the city limits including open spaces such as parks and highways.
Mobile devices can be used for a wide variety of purposes. Key features include immediate access to data
and more flexible ways of doing business. It is often possible to carry out the same tasks that you would in
an office while on the move, as many mobile devices operate the same software as office PCs for example:
(a) salespeople can use laptops and handhelds to make presentations, check stock levels, make
quotations, and place online orders while on customer premises.
(b) laptops are ideal for 'hot desking', and other types of flexible working, like homeworking and
working while travelling away from the office.
(c) laptops and handhelds allow users to keep in touch via email while out of the office.
Drawbacks
PDAs that have keyboards can be small and so can be difficult to use. It is possible to get around this by
choosing one with a stylus, which can be quicker than typing or using a touch screen. The larger size tablet
is more comfortable for users, similar to working on a laptop or desktop PC. It has the capability to be
used in a docking station so that it can be used with a mouse and keyboard and the screen size is easy to
read.
Laptops, netbooks and PDAs have security issues – e.g they are easy to steal or lose. When using mobile
devices it is important to ensure that employees are aware of their responsibilities and the need to keep
both mobile devices and business information secure. If using public WiFi to access the Internet, it may not
always be possible to find a secure and available network. This may prevent access to business information
when required.
There are costs involved in setting up the equipment and training required to make use of mobile devices.
Mobile IT devices can expose valuable data to unauthorised people if the proper precautions are not taken
to ensure that the devices, and the data they can access, are kept safe.

5.7.2 Mobile (m-commerce) or wireless commerce
When wireless devices are used for e-commerce applications, this is referred to as mobile commerce or
m-commerce.
Definition
M-commerce and m-business is any e-commerce or e-business activities performed in a wireless
environment. It is not merely a variation on existing Internet services; it is a natural extension of e-business
creating new opportunities.
Typical applications include:

• financial applications.
• inventory management.
• field service management.
• product locating.
• real estate.
As well as offering voice calls, mobile phones are used for e-mail and SMS (short message service)
commonly known as 'texting' – a feature available in most modern digital phones, that lets users receive and
send short text messages to other cell phones.
The characteristics include the following:
• They can be accessed from anywhere.
• Their users can be reached when they are not in their normal location.
• It is not necessary to have access to a power supply or a fixed line connection.
• They provide security – since each user can be identified by their unique identification code.
In 1999 the first of a new generation of mobile phones, known as Wireless Application Protocol or WAP
phones, was introduced that offered the opportunity to access the Internet. What these phones offer is the
facility to access information on web sites that have been specially tailored for display on the small screens
of mobile phones. WAP pages are accessed using wireless techniques from a WAP gateway that is
connected to a traditional web server where the WAP pages are hosted.
In 2001 new services became available on GPRS (General Packet Radio Service). This is approximately five
times faster than GSM and is an 'always on' service which is charged according to usage. Display is still
largely text-based and based on the WAP protocol.
In 2003 the third generation (3G) of mobile phone technology became available based on UMTS (Universal
Mobile Telephone System) UMTS is a realisation of a new generation of broadband multi-media mobile
telecommunications technology with high speed data transfer enabling video calling. 3G technologies enable
network operators to offer users a wider range of more advanced services while achieving greater network
capacity through improved spectral efficiency. Many facilities available from a desktop PC are offered on a
handheld unit.
5.7.3 Mobile Computing Infrastructure – WWANs

At the core of most mobile computing applications are mobile networks. These are of two general types:
the wide area and the local area. The wide area networks for mobile computing are known as wireless wide
area networks (WWAN). The success of mobile computing depends on the capabilities of the WWAN
communication systems.

Communication
tower
Base station Mobile switching

Mobile controller (BSC) station (MSC)
network
Wireless
transmission
Mobile
network Fixed telephone
infrastructure
Mobile Mobile
phone phone
(terminal)
6 The components of a corporate network

Section overview
For a computer to operate on a network, there are a range of different components that are required.
They include the following:
Routers Repeaters Bridges Hub

Switches Protocols Gateway Filters and firewalls
Servers Proxy server Modem Network card and cables
This section will give you an overview of the main components of a corporate network.
The basic components of a network, which act as the front-line gatekeepers, are the router, the firewall,
and the switch. These core components use an Intrusion Detection System (IDS) to look out for possible
malicious attacks on the network, as shown in the diagram below.

6.1 Routers
The router is the outermost security gate. It is responsible for forwarding IP packets to the networks to
which it is connected. These packets can be inbound requests from Internet clients to your Web server,
request responses, or outgoing requests from internal clients. The router should be used to block
unauthorised or undesired traffic between networks. The router itself must also be secured against
LO reconfiguration by using secure administration interfaces and ensuring that it has the latest software patches
4.1 and updates applied.
A router is a device that transfers data from one network to another in an intelligent way. It has the task of
forwarding data packets to their destination by the most efficient route. To do this the router holds a table
that contains a list of all the networks it is connected to, along with the latest information on how busy
each path in the network is, at that moment. This is called the routing table.
When a data packet arrives, the router does the

following:
1 Reads the data packet's destination
address.
2 Looks up all the paths it has available to
get to that address.
Hub
3 Checks on how busy each path is at the
moment Network A
4 Sends the packet along the least congested
Network B
(fastest) path.
Internet
Router
Other tasks the Router can perform:
5 Exchange Protocol information across
networks (see Section 6.6 on protocols).
6 Filter traffic – useful for preventing hacker
attacks, for example.
6.2 Repeaters
All signals fade as they travel from one place to another.
Each type of network cable has a maximum useable length. If you go beyond that length, the signal will be
too weak to be useful.
Of course, computers on a real network can easily be more than 200 metres apart. Therefore, the network
LO cable is split up into segments. Each segment is less than the maximum length allowed. Joining the segments
4.1 together is a device known as a repeater. A repeater boosts the signal back to its correct level.
Smaller distorted
Clean signal signal
200 metres of Ethernet cable
Clean signal Clean signal
Repeater

6.3 Bridge
A bridge does just what you would expect it to do –
it joins two networks together, so as far as data
LO packets are concerned it looks like one large
4.1
network
A bridge is not as capable as a router – but it is less
expensive.
Both networks have to be using the same protocol
(see protocols, Section 6.6).
6.4 Hubs
There are many network topologies available: the star and tree use a hub but the bus and ring do not use
one. To allow the Star and Tree network topologies to work properly, each computer must be able to send
data packets to any other computer on the network.
The network Hub allows computers to share data packets within a network.
Each computer will be connected to a single port on the hub. So if you purchase an 8-port hub, you will be
able to connect up to eight computers together.
You can also daisy chain hubs to allow even more computers to join the network.
Typical network (below) making use of a hub:
LO
4.2
The availability of low-priced network switches has largely rendered hubs obsolete but they are still seen in
older installations and more specialised applications.
6.5 Switches
Switches perform the same job as hubs, but with slightly more intelligence. They can examine each data
packet, and send it to just the recipient, reducing the traffic, and so increasing the network performance.
You can easily configure a switch by sending specially formatted packets to it.
Switches can be managed or unmanaged. Unmanaged switches are the least expensive and are usually found
in home or small business networks. They have no user interface for reconfiguration. Managed switches can
be smart (or intelligent) and allow basic reconfiguration of speeds and port settings, or fully managed
(the most expensive) with many options which can be changed, usually from the central control location for
the whole network. In the event of failure or overload in part of the network, managed switches can be
used to route traffic through alternative paths.

6.6 Network protocol
A protocol is a rather technical word. But it simply means an agreed method of doing something.
Definition
A network protocol is the agreed method of communication to be used within the network. Each device
or computer will use this protocol.
6.6.1 Elements of a network protocol

Some of the things that need to be considered are:
(a) speed of the network – for example, 10Mbit per second.
(b) error checks of the data packets when they arrive – how is it done?
(c) error correction of the data packets – method to be used.
(d) data packets received correctly – what method/signal will be used to tell the other machine that the
data has arrived correctly?
(e) how does the receiving machine know that the sending machine has finished sending all of the data?
What is the code to indicate this?
(f) data compression – does the protocol allow this to take place and if so, what method does it use?
6.6.2 Data collisions

A network cable can only have one data packet in it at any instant. Therefore, if two or more computers want
to place a data packet on to the network at exactly the same time, then a 'data collision' will take place.
The network protocol is set up to deal with this. Basically it declares the collided data as unusable and
forces the two computers to re-send their data packets at slightly different times.
This is fine for a lightly loaded network with only a few computers on-line. The small delay caused by data
collisions will not be noticed. But when a hundred PCs are sharing the same network and they all want to
send their data packets, this may result in thousands of data collisions per second – each one costing a small
amount of time. The network will 'slow down' noticeably.
6.6.3 Common protocols

There are many protocols in use across various networks. Three of the most popular are:
• TCP (Transmission Control Protocol) – the protocol that the Internet uses.
• Kermit – popular for use with modems.
• X.25 – a packet switched protocol.
6.6.4 Protocol stacks

A protocol stack is a group of protocols that all work together to allow software or hardware to perform a
function. The International Standards Organisation (ISO) has developed a seven-layer Open Systems
Interconnection (OSI) model to serve as a standard model for network architecture and the diagram below
shows how the TCP/IP protocol stack fits with the OSI model.

TCP/IP protocol Seven-layer Open Systems Interconnection (OSI) model
stack
Application layer – provides communications services for end user applications
Application or
Process layer Presentation layer – provides appropriate data transmission formats and codes
Session layer – supports the accomplishment of telecommunications sessions
Host-to-Host Transport layer – supports the organisation and transfer of data between nodes
Transport layer in the network.
Internet Protocol Network layer – provides appropriate routing by establishing connections

(IP) among network links
Network Interface Data Link layer – supports error free organisation and transmission of data in
the network
Physical layer – provides physical access to the telecommunications media in
Physical layer the network
6.7 Gateway
There are many different network protocols in use today. For example, the large Internet company called
AOL has its own special email protocol.
A gateway converts the data passing between dissimilar networks so that each side can communicate with
each other i.e. converts data into the correct network protocol.
The gateway is a mixture of hardware components and software. This is unlike a standard 'bridge' which
simply joins two networks together that share the same protocol.
6.8 Filters and firewalls

Not all data packets are equal. If your network is to be kept secure it is often essential that some filtering
takes place. For example, some staff may wish to work from home with their laptops and they need to
access files from within the company network. In this case a filter would be set up that accepts data
packets coming from that particular laptop. Other filtering rules would block unwanted packets trying to
come in.
Just like gateways, a filter can be a mix of hardware and software components. Note that a filter can also
prevent data packets from leaving the company network. For example, a rule could be set up that only
allows an authorised server within the network to send data outside the local network.
A filter is an essential component of a 'firewall'. The role of the firewall is to block all unnecessary ports and
to allow traffic only from known ports. The firewall must be capable of monitoring incoming requests to
prevent known attacks from reaching the Web server. Coupled with intrusion detection, the firewall is a
useful tool for preventing attacks and detecting intrusion attempts, or in worst-case scenarios, the source
of an attack.
Like the router, the firewall runs on an operating system that must be patched regularly. Its administration
interfaces must be secured and unused services must be disabled or removed.
6.9 Servers
In some small networks, every machine is equally likely to have a resource that another machine needs to
use. For example a small home network may be set up like this:

LO
4.2
There are files stored on each computer. One machine is linked to the scanner, whilst another is linked to a
printer. The game machine is linked to the Internet, which all three machines can use.
This is fine for small networks as the number of requests to use a resource is not going to be too high.
But now imagine there are a dozen computers on the network and each one needs to print out a document
every few minutes. The machine that is connected to the printer is going to be tied up most of the time.
In this case it makes sense to allocate a machine exclusively to service printer requests. This machine is
called a printer server.
A similar situation is likely to arise with files and the database so a dedicated file server and database server
might be required.
A server is any machine that provides a service for other users on the network. Common services include:
(a) Email server.
(b) Internet Proxy server – a proxy server is an intermediary between the clients and the server which
checks that requests and responses are from legitimate sources. It can be a physical device (such as a
PC) or software.
(c) Intranet server.
The email server will provide all the usual facilities such as address books, spam filtering and so on.
Quite often, staff want to use the same web site over and over again. The Internet Proxy server will store a
local copy of often-used web pages to speed up access and to reduce bandwidth consumption (which costs
money).
Many companies run their own private internal web services. This is called an intranet and is run from the
intranet server.
6.10 Modems
A modem converts the digital data from the computer into a continuous analogue wave form that the
telephone system is designed to deal with (MODulation). The reason for this is that the telephone system
was originally designed for the human voice i.e. continuous signals. The modem also converts the analogue
signal from the telephone network back into digital data that the computer can understand. (DEModulation).
WiFi modems – In addition to telephone modems, radio has now become very popular as a means of
connecting to the Internet. The device that allows you to do this is called the WiFi modem. Some routers
also provide WiFi access.
6.11 Network cards and cables

Network cards are required in every machine connected to the network. They allow the signal from the
network to be transmitted to the machine.
There are three main methods of transferring data: electrical, radio or microwave and infrared.
6.11.1 Electrical
LO A multi-wired cable with a socket at each end is used to connect the various devices together e.g.
4.1 computer to hub, hub to switch or switch to router and so forth.
The Ethernet network cable transfers data by means of electrical signals. A typical network cable called 'Cat
5' is used which is especially designed to carry the signal efficiently.

6.11.2 Radio or Microwave
Microwaves are just a small part of the radio spectrum, but because they are so widely used, they tend to
be called by their own name.
Data is sent out through aerials mounted on tall towers. The 'cable' is effectively the microwave link
between towers. Some large companies use microwave towers spread along hilltops to allow one office to
communicate with others in the same country. They do this because it is cheaper than renting telephone
lines for carrying the same amount of data.
On a much smaller scale, laptops can communicate with the local area network with radio links.
6.11.3 Infra-Red
This is a very familiar method of transferring data. The television remote control makes use of an infra-red
link.
PDA and personal organisers often make use of an infra-red link to synchronise calendars and 'to-do' lists.
7 Network control issues

Section overview
• Networks that use the Internet are exposed to a wider range of possible threats.
• Control issues that apply to most network configurations include:
– user error.
– unauthorised network access.
– data being intercepted or altered during transmission.
– website denial-of-service attacks.
– malicious software to disrupt the operation of websites.
– hackers altering or destroying data.
– hardware breakdown or fault.
– misuse, criminal acts, programming errors, improper installation, unauthorised software
changes, power failures, floods, fires, earthquakes and other natural disasters.
• Client and server systems are normally easier to secure than peer-to-peer networks.
• Without a central server, it is very difficult to secure peer-to-peer networks.
• There are other control issues associated with spoofing and port addresses.
Computer networks are able to store vast amounts of data. All networks have potential for unauthorised
access and misuse at any network access point.
Generally, centralised networks are easier to control as data is held in a single location and communication
channels are more easily monitored.
7.1 Internet control issues

LO Networks that use the Internet are exposed to a wider range of possible threats. The diagram below
4.4 illustrates common threats to information systems and shows how vulnerabilities exist across the network.

Client (user) Corporate servers Corporate systems
Communication
lines
Software
(operating system)
• User errors Hardware
• Unauthorised • Message • Hacking
access alteration • Viruses and worms • Altering, stealing
• Theft and and copying data
• Viruses and • Theft and fraud
worms fraud • Denial of service attacks
• Hardware failure
• Spyware • Sniffing • Vandalism
• Software failure
7.2 Control issues for most network configurations

LO The main control issues arise from the following situations.
4.4
(a) Users may introduce errors or access systems without authorisation.
(b) Data may be accessed or altered during transmission, for example packet sniffing. Sniffing is
information gathering by capturing data packets as they pass through a particular network interface.
For this to happen, software must be placed on a computer within the target network. This will
normally be done via a virus. Sniffers are hard to detect since they are mainly passive. Sniffers often
position themselves at the junction between networks, and so computers which have access to more
than one network should only be used by trusted and experienced staff, and extra precautions taken
against rogue software.
(c) Networks which connect to the Internet may be prone to Denial of Service attacks. These occur
when a large number of computers on the Internet have become infected with a particular virus, and
through that are all made to repeatedly access the same site at the same time, blocking out any
legitimate users, and possibly causing the site to crash due to overload.
(d) Surviving such an attack is by ensuring the site software is robust enough not to crash, and by
filtering (see Section 6.8) input messages. Output messages should also be filtered as a matter of
course, discarding any with a source address not from this site. This will not stop an attack on this
network, but it will prevent this network being part of an attack on another.
(e) Hackers capable of penetrating corporate systems can destroy or alter corporate data stored in
databases or files.
(f) The system may suffer a malfunction, for example a hardware breakdown, or may not be configured
correctly. Damage may also be caused by misuse, criminal acts, programming errors, improper
installation, unauthorised software changes, power failures, floods, fires, earthquakes and other
natural disasters.
(g) Outsourcing adds to system vulnerability if data and information is held on networks and computers
outside the organisation’s direct control.
If a network is open to the Internet, there is a balance to be struck between being so restrictive as to
prevent genuine users from accessing the system, and being too lax and allowing malicious data packets to
enter.
Genuine users, and in particular users within the company who may be inside a firewall (see Section 6.8),
should be educated to detect possible Trojans (Internet pages that mimic, say, a banking site, and attempt

to get the user to type in user names and passwords), to avoid sites that may be from disreputable sources,
and be very cautious about downloading any software.
It may be advisable in some cases to block program downloading or access to any sites considered
untrustworthy.
7.3 Client and server control issues

Apart from the Internet, client and server systems are normally easier to secure than peer-to-peer
LO networks, as any problems will be isolated to one client if the server is kept secure. Also, since a single
4.4 server computer can be set to handle all information requests or login requests for the entire network,
only one username and password is needed for each user on the network. So a password only needs to be
changed at the server for it to be changed for the entire network.
Information control is also fundamentally easier with this type of network model because individual server
computers can store all the important documents on a single store. It is easy to archive all the company's
documents, as well as provide a secure, easy to access network store for all the users, reducing the
possibility of misplaced documents on the network. Other information can also be controlled by individual
servers, such as saving all the company's email and contact lists on the mail server, or all of the company's
policies and public documents on an internal web server.
With the Client-Server network model, each workstation only needs to have one connection on the
network, and that connection is to the main server. Also, since all the important information of the
network resides on the servers, the workstation maintenance drops since the users can access any
information they need through any workstation, and a faulty workstation computer will have very little
effect on the usefulness of the network.
7.4 Peer-to-peer control issues

Without a central server, it is very difficult to secure this type of network in any way. Passwords can be
LO implemented on each shared disk drive or folder, but in order for the network to be usable, the exact same
4.4 username and password must be entered into each computer acting as a server. To change a password for
a user could take hours of work, especially if the network consists of computers in different locations.
Because of this, what often happens with peer-to-peer networks is that passwords are implemented to
begin with, but after time, either everyone is using the exact same username and password, or the
passwords end up being blank, or the shared disk drives and folders are configured to allow anyone access
without a username or password. In any of these cases, security is almost non-existent, which can be a huge
problem, especially if the network has access to the Internet.
On a peer-to-peer network, it is also very difficult to implement a good backup system because important
documents tend to be stored on different hard disks on different computers. Even with a good backup
policy, there is a high chance that eventually important documents will not get archived because someone
saved them to the wrong location on the network.
7.5 TCP/IP and Spoofing

If the selected protocol is TCP/IP, as it will be for intranets and extranets, there is an inherent weakness.
The protocol was designed thirty years ago with little consideration for security, and there is no way of
verifying if a particular source address is genuine. This allows for spoofing, where a user pretends to be
sending data from a false location.
Also, TCP/IP does not have any inherent encryption, so an attacker may modify packets without the
genuine sender and receiver being aware that anything is wrong.
There is an enhancement to TCP/IP due soon which will address these and other issues, but in the
meantime sensitive data on computers connected to TCP/IP networks should be encrypted or protected by
passwords. Also, filters (see Section 6.8) should be used to remove packets from untrustworthy source
addresses.
For normal web pages, the Hypertext Transfer Protocol (HTTP) is used. This is on top of the TCP/IP
protocol. For the transmission of very sensitive data to or from an Internet page, the protocol HTTPS
(HTTP Secure) should be used. This takes longer than HTTP, and is not suitable for general use.

7.6 Ports
A web address will normally target a particular computer, but then there are still several hundred sub-
addresses which are entry points into different parts of the software. These are called ports. Many of the
port numbers are fixed (e.g. 80 for normal web pages, 110 for incoming email), and more may be assigned
dynamically. An attacker may try many ports to determine which are active, and provide a possible way in.
The protocols which access the ports are TCP/IP and UDP (User Datagram Protocol – a simplified form of
TCP/IP).
The programs which handle the ports are called services. Any services which are not required should be
closed down to deactivate the ports.

Key chapter points
• An organisation's information infrastructure is made up of information technology (IT) components,

IT services, data management and IT staff.
• The IT components, sometimes referred to as the IT platform, comprise hardware, software and
networks and communications technology.
• So, if we list the core elements of an organisation's IT infrastructure individually, we have:
– hardware.
– software.
– networking and telecommunications.
– data management.
– IT services (including staff).
• Organisations utilise a range of information systems relevant to a number of functional areas at
different levels of the organisation. When viewed collectively, this is sometimes referred to as a
hierarchy of systems.
• One way of classifying systems is according to the level at which they operate, for example:
– strategic.
– management.
– knowledge.
– operational.
• A centralised network architecture involves all computer processing being carried out on a single
central processor, usually a mainframe.
• Distributed network architectures spread the processing power throughout the organisation at
several different locations. The majority of processing power is held on PCs spread throughout the
organisation.
• A local area network (LAN) is a system of linked PCs and other devices such as printers.
• Topology refers to how a computer network is physically arranged – popular topologies include star,
ring and tree.
• A wide area network (WAN) is a network of computers which are dispersed on a wider
geographical scale than LANs.
• A corporate network is a combination of computer hardware, cabling, network devices, and
computer software owned by the same company and used together to allow computers to
communicate with each other. The purpose of the network is to provide easy access to information,
thus increasing productivity for users.
• Client-server networks include server computers that hold and provide resources to the network.
• In a 'peer-to-peer' network each computer has equivalent capabilities and responsibilities – devices
communicate direct with each other.
• For a computer to operate on a network, there are a range of different components that are
required. They include the following:
Routers Repeaters Bridges Hub

Switches Protocols Gateway Filters and firewalls
Servers Proxy server Modem Network card and cables

• Risks to network security and integrity include:
– user error.
– unauthorised network access.
– data being intercepted or altered during transmission.
– website denial-of-service attacks.
– malicious software to disrupt the operation of websites.
– hackers altering or destroying data.
– hardware breakdown or fault.
– misuse, criminal acts, programming errors, improper installation, unauthorised software
changes, power failures, floods, fires, earthquakes and other natural disasters.
• Generally, centralised networks are easier to control as data is held in a single location and
communication channels easier to monitor and control.

Quick revision questions
1 Hardware means the various …………… components which comprise a computer system.
What word is missing from the statement above?
2 Which of the following is not one of the three major classes of information systems?
A decision support system
B collaboration system
C management information system
D transaction processing system
3 Drawing on diverse yet predictable data resources to aggregate and summarise data is characteristic
of
A web 2.0.
B decision support systems.
C expert systems.
D transaction processing systems.
4 An information system that provides information that helps senior management with long-term
planning operates at what level of the organisation?
A operational
B knowledge
C management
D strategic
5 …………… workers are people whose jobs consist primarily of creating new information or
knowledge.
6 Centralised networks are generally easier to control and keep secure than decentralised or
distributed networks. Is this statement true or false?
A true
B false
7 In a P2P network, each PC is considered an equal. Is this statement true or false?
A true
B false
8 A small company is installing a computer network. Employees are to be issued with a handbook to
help them to understand the networking terms. Provide a brief explanation of the following terms
for the handbook.
(a) Local Area Network and Wide Area Network
(b) Client-server and peer-to-peer

Answers to quick revision questions
1 Hardware means the various physical components which comprise a computer system, as opposed
to the non-tangible software elements.
2 B You should have identified 'collaboration system' as being outside the three major classes of
information system.
3 B Drawing on diverse yet predictable data resources to aggregate and summarise data is
characteristic of decision support systems.
4 D If an information system that provides information that helps senior management with long-
term planning it is operating at the strategic level.
5 Knowledge workers are people whose jobs consist primarily of creating new information or
knowledge.
6 The statement is True. Centralised networks are generally easier to control and keep secure than
decentralised or distributed networks.
7 The statement is True. In a P2P network, each PC is considered an equal.
8 A local area network connects devices over a relatively short distance.
A wide area network spans a relatively large geographical area.
A client-server network is a configuration in which desktop PCs are regarded as clients that request
access to services on a more powerful server.
Peer-to-peer computing is a form of distributed processing that links computers via the Internet or
private networks so they can share processing tasks.

Answers to chapter questions
1 The correct answer is B information technology. This is the term used to refer to all of the
computer-based information systems used by organisations, and their underlying technologies.
2 The role of an organisation's operations support systems is to:
• effectively process business transactions.
• control industrial processes.
• support enterprise communications and collaboration.
• update corporate databases.
The systems which support the operations include:
• Transaction Processing Systems (TPS).
• Process control systems (PCS).
• Enterprise collaboration systems – information systems that use a variety of information
technologies to help people work together.
Management support systems (MSS) include:
• Management Information Systems (MIS).
• Decision Support Systems (DSS).
• Executive Information Systems (EIS)
3 The correct answer is A. An information system can be defined technically as a set of interrelated
components that collect (or retrieve), process, store and distribute information to support decision
– making and control in an organisation.
4 Decision support systems (DSS) are often referred to as D business intelligence systems.
5 The correct answer is A. Decision support systems. DSS have more analytical power than other
systems enabling them to analyse and condense large volumes of data into a form that helps
managers make decisions.
6 The correct answer is C. Several computers connected together is called a computer network.
7 An intranet is an Internet-like network within an organisation. It is usually less expensive than
proprietary groupware software.
Intranet environments include a combination of the organisation's own networked computers and
Internet technologies e.g. web-browsers to view internal web pages. Each employee will have a
browser to access a server, which holds corporate information.
The main difference between an intranet and the Web is that while the Web is open to anyone, the
intranet is private and is protected from public visits by firewalls.
The intranet provides:
• a universal e-mail system.
• a set of collaborative tools.
• an electronic library.
• an application sharing system.
• a company communications network.
It can be used for:
• company newspapers.
• induction material.
• on-line procedure and policy manuals.
• employee web pages.
• internal databases.

Intranet environments include a combination of the organisation's own networked computers and
Internet technologies, used for communication purposes – e-mail, chat groups, web tools. Each
employee will have a browser to access a server, which holds corporate information.
The benefits of intranets include:
• savings in storage, printing and distribution
• better use of on-line documents leading to improvements in productivity and efficiency
• easy to update information
• material available on-line may be accessed from remote locations, which could lead to more
flexible working patterns
An extranet is an intranet that is accessible to authorised outsiders with varying levels of access
rights enabling control over what people can view.
The organisation can use firewalls to ensure that access to its internal data is limited and remains
secure. They can also be used to authenticate users, making sure that only authorised people using a
valid username and password can gain access to the extranet.
One of the benefits of an extranet is that it allows the organisation to share part of its business
information or operations with suppliers, customers, vendors and other business partners using the
Internet.

Chapter 2
Database concepts

Database concepts LO2
Illustrate the application of database concepts for accounting information LO2.1
Explain the need for data collection and storage LO2.2
Describe database systems and data storage models LO2.3
Explain data modelling, design and implementation LO2.4
Analyse controls for data and databases and their effectiveness LO2.5
Identify and analyse the ethical issues related to data capture and storage LO2.6
Topic list
1 Data collection and storage

2 Data and information sources
3 The data hierarchy
4 Databases and database systems
5 Data storage models
6 Data modelling and design
7 Database implementation
8 Databases and Accounting Information Systems (AIS)
9 Controls and ethics
53
Introduction
In this chapter we consider the role played by data and databases within an organisation.
Data feeds an organisation's information systems. There is no point investing heavily in high quality
information systems unless the data that feeds them is of an equally high standard – accurate, appropriate
and up-to-date.
Most systems utilise databases in some way. In this chapter we explain how data and databases are
structured and how they should be managed.
Later in the chapter we consider the role of databases in relation to Accounting Information Systems (AIS)
and explore some of the ethical questions raised by the vast amounts of data held in computerised
databases today.

Before you begin
covered.
1 List five reasons why an organisation would collect and store data. (Section 1)
2 Identify three internal and three external sources of data or information. (Section 2)
3 What is a database record? (Section 3)
4 Define the term 'database system'. (Section 4)
5 List the four main database storage models. (Section 5)
6 What does an Entity Relationship Model show? (Section 6)
7 What are the main steps involved when implementing a database? (Section 7)
8 Explain how databases are used in Accounting Information Systems (AIS). (Section 8)
9 Explain how encryption could help maintain database confidentiality. (Section 9)
10 Discuss how databases may present a threat to privacy. (Section 9)
2: Database concepts 55
LO
2.2
1 Data collection and storage
Section overview
• We start this chapter by considering why organisations need to collect and store data.
Reasons include:
– To record transactions.
– For planning purposes.
– To facilitate control.
– To enable performance to be measured.
– To facilitate decision-making.
Definitions
Data are the raw material for data processing. Data consists of numbers, letters and symbols and relates to
facts, events, and transactions.
Information is data that have been processed in such a way as to be meaningful to the person who
receives it.
Some of the main reasons organisations collect and store data are explained in the following paragraphs.
1.1 Recording transactions

Data relating to each business transaction or event is required for a number of reasons. Documentation of
transactions can be used as evidence in a case of dispute. There may be a legal requirement to record
transactions, for example for accounting and audit purposes. Detailed information on production costs can
be built up allowing a better assessment of profitability. Similarly, labour used in providing a particular
service can be measured. Information systems capture transactions data.
1.2 Planning
Organisations make decisions on a day-to-day basis. Once decisions are made, it is necessary to plan how
to implement the steps necessary to make them effective. Planning requires data and information relating to
available resources, possible time-scales for implementation and the likely outcome under alternative
scenarios. Data feeds information systems that provide planning tools.
1.3 Controlling
Once a plan is implemented, data is required to assess whether it is proceeding as expected or
whether there is some unexpected deviation from the plan. It may consequently be necessary to take some
form of corrective action. Data captured by information systems can be used to monitor and control the
outcomes of plans.
1.4 Performance measurement

Just as individual operations need to be controlled, so overall performance must be measured in order to
enable comparisons against budget or plan to be made. This may involve the collection of data relating
to, for example, costs, revenues, volumes, time-scale and profitability. The collection, analysis and
presentation of such data can be performed by information systems.
1.5 Decision making

Data and information is also required to make informed decisions. There are information systems
available that support the decisions of an organisation's senior management.

LO
2.2
2 Data and information sources
Section overview
• Data and information captured and stored in an organisation's information systems comes from a
variety of internal and external sources.
Data and information collected and then utilised by information systems comes from both inside and
outside the organisation.
2.1 Internal information

This is data collected from within the organisation. Capturing such data involves the following:
(a) A system for collecting or measuring transactions data – for example sales, purchases, inventory
turnover and so on. This sets out procedures for what data is collected, how frequently, by whom,
and by what methods, and how it is processed, and filed or communicated.
(b) Informal communication of information between managers and staff (for example, by
word-of-mouth or at meetings).
(c) Communication between managers.
The following are examples of internal information.
2.1.1 Accounting records

Accounts receivable ledgers, accounts payable ledgers, general ledgers, cash books and other
accounting records hold information that may be of great value outside the accounts department, for
example sales information for the marketing function.
To maintain the integrity of its accounting records, an organisation operates controls over transactions.
These also give rise to valuable information. An inventory control system, for example, will include details
of purchase orders, goods received notes and goods returned notes, which can be analysed to provide
management information about speed of delivery, say, or the quality of supplies.
2.1.2 Personnel records

Information about personnel will be held, possibly linked to the payroll system. Additional information
may be obtained from this source if, say, a project is being costed and it is necessary to ascertain the
availability and rate of pay of different levels of staff, or the need for and cost of recruiting staff from outside
the organisation.
2.1.3 Production data

Much information will be produced by a production department about machine capacity, fuel
consumption, movement of people, materials, work in progress, set up times and maintenance
requirements.
2.1.4 Timesheets
Many service businesses, notably accountants and solicitors, need to keep detailed records of the time
spent on various activities, both to justify fees to clients and to assess the efficiency and profitability of
operations.
2.2 External data and information

Organisations often need to collect information concerning environmental factors. The following table
describes some of these factors using the popular PEST framework (Political, Economic, Social and
Technological).
Factor Comment
Political/legal National or local politics may affect how an organisation operates. Changes in legislation may
put new responsibilities or liabilities on an organisation.
Economic Economic factors affect an organisation's finances such as the availability of loans or sales levels.
Social Society's views may put pressure on how the organisation is run, for example pressure to
reduce environmental pollution.
Technological Technological advances may affect an organisation's production and/or management processes.
Technology may also allow the development of new products and services which were not
previously possible.
Other areas an organisation may require external data and information on include:
(a) Competitors – how successful are they, are they developing new products?
(b) Customers – what are their needs, how large is the potential market, are there any new market
segments?
(c) Suppliers – what are their prices, what is the quality of their products like, are there any new
potential suppliers in the market?
Capturing data from outside the organisation might be entrusted to particular individuals, or might be
'informal'.
Routine formal collection of data from outside sources includes the following:
(a) A company's tax specialists will be expected to gather information about changes in tax law and
how this will affect the company.
(b) Obtaining information about any new legislation on health and safety at work, or employment
regulations.
(c) Research and development (R & D) work often relies on information about other R & D work
being done by another company or by government institutions.
(d) Marketing managers need to know about the opinions and buying attitudes of potential
customers. To obtain this information, they might carry out market research exercises.
Informal gathering of information from the environment goes on all the time, consciously or
unconsciously, because the employees of an organisation learn what is going on in the world around
them – perhaps from newspapers, television reports, meetings with business associates or the trade press.
2.2.1 External data sources

An organisation's files (paper and computerised) include external information such as invoices, letters,
e-mails, advertisements received from customers and suppliers. Sometimes additional external
information is needed, requiring an active search outside the organisation. The following sources may be
identified:
(a) The government.
(b) Advice or information bureau.
(c) Consultancies.
(d) Newspaper and magazine publishers.
(e) There may be specific reference works which are used in a particular line of work.
(f) Libraries and information services.
(g) Increasingly businesses can use each other's systems as a source of data, for example via Electronic
Data Interchange (EDI).
Electronic sources of information have become dominant in recent years. Many information provision
services are now provided via the Internet. As the rate of Internet use increases, greater numbers of
people and organisations are using it to source information on a vast range of topics. The websites of

many of the sources identified above would include general information that may be useful. Facebook and
Twitter pages are other possible sources.
Whether using traditional or electronic means to gather information, it is important to ensure the source
providing the information is credible.
The phrase environmental scanning is used to describe the process of gathering external data and
information from a wide range of sources.
Exam comments
Exam questions could test your understanding of why data collection and storage is important.
LO
2.3 3 The data hierarchy
Section overview
• The way in which computer data is stored can be viewed as a hierarchy as follows: bit, byte, data
field, field, record, file and database.
3.1 The data hierarchy

Computer data is made up of a hierarchy: bit, field, record, file and database (as explained below).
3.1.1 Bit
The smallest item of computer storage is referred to as a bit.
3.1.2 Byte (or character)

Eight bits create a byte of data that can represent a single character, for example a letter.
3.1.3 Data field

Several characters combine to form a data field, for example an account balance. Other names for a data
field are 'attribute,' 'column,' or simply 'field.'
3.1.4 Record
At the fourth level, data fields combine to form a complete record. A database record stores all the
information about one file entity, for example one employee in a payroll file.
Record structure
The data fields in each record are referred to collectively as the record structure. In many accounting
applications, this structure is fixed, meaning that each record contains the same number, same type, and
same-sized data fields as every other record on the file. This would probably be the case for payroll
records.
In other applications, either the number of data fields in each record might vary, or the size of a given data
field in each record might vary. For example, in a file of customer complaints, the memo field in each record
might vary in length to accommodate different-sized descriptions of customer problems.
Primary key or key field
The primary key is the data field in each record that enables a database system to uniquely distinguish one
record from another. In a payroll record, the primary key might be the employee's tax file number. Other
organisations may allocate each employee a unique employee number and use this as the key field. The
primary key enables users and computer programs to find a specific record.
It is possible to search a database using data fields which are not unique across records, for example a
payroll file could be searched by surname.
Data fields from a payroll record
Employee
number First Tax file Hourly
(key field) Surname name number Start date Dept rated? Rate
E01046 Walsh Barry NR123456 Z 01/01/2010 M Y $22.50
3.1.5 File (or table)

At the fifth level of the data hierarchy, a set of common records forms a file, or using Microsoft Access
terminology, a table. A file or table contains a set of related records, for example a set of employee or
customer records.
Master files store relatively permanent or static information, for example, part number and part
description for an individual inventory record. Transaction files typically store transient information, for
example inventory purchases and issues for a specific time period.
3.1.6 Database
Finally, at the highest level, several tables or files create a database, for example a collection of files that
contain all the information for an accounting application. In an inventory module, for example, this database
might contain a part-number master table, a supplier table, a price table and an order transaction table.
LO
2.3 4 Databases and database systems
Section overview
• The term 'database system' is used to describe a wide range of systems that utilise a central
pool of data.
Definitions
A database is a collection of data organised to service many applications. The database provides
convenient access to data for a wide variety of users and user needs.
A database management system (DBMS) is the software that centralises data and manages access to
the database. It is a system which allows numerous applications to extract the data they need without the
need for separate files.
The only required elements for something to qualify as a database are that it should contain data and that it
should have a logical structure to allow easy access to that data. Some tasks can be carried out using either
a spreadsheet or a database package e.g., simple cash flows could be kept on either. However, there are
differences between the two types of package.
Spreadsheets provide a more flexible working environment that is not limited in its structure. They are
particularly good at handling numerical data and calculating results, and so are appropriate for many financial
applications.
Database systems have sophisticated data retrieval and reporting facilities that are not normally found in
spreadsheets. They are more appropriate for conventional record-keeping tasks where the main
requirement is to retrieve information and produce transaction documents and reports.
Database systems have sophisticated data retrieval and reporting facilities that are not normally found in
spreadsheets. They are more appropriate for conventional record-keeping tasks where the main
requirement is to retrieve information and produce transaction documents and reports. The term 'database
system' is used to describe a wide range of systems that use a central pool of data. However, not every
collection of data is a database; the term database implies that the data is managed to some level of quality
(measured in terms of accuracy, availability, usability, and resilience) and this in turn often implies the use of
a Database Management System (DBMS).

Definition
A Database Management System (DBMS) is a software program that enables the creation and
management of databases.
In fact, most of today's database systems are referred to as a Relational Database Management
System (RDBMS) because of their ability to store related data across multiple tables. The data can be
accessed or reassembled in many different ways without having to change the table forms.
Some of the more popular relational database management systems include:

• Microsoft Access
• DB2 from IBM
• Microsoft SQL Server
• Oracle DBMS
The term 'database system' is used to describe a wide range of systems that use a central pool of data.
Input data
Database
management Database
system
Application
programs
Branch and
Sales application Staff payroll Other
personnel
statistics etc analysis, etc. applications
statistics, etc.
Example database system
4.1 Logical view and physical view of a database system

A database management system provides the ability for many different users to share data and process
resources. But as there can be many different users, there are many different database needs, so how can a
single, unified database meet the differing requirement of so many users?
A DBMS minimises these problems by providing two views of the database data: a physical view and a
logical view.
The physical view deals with the actual, physical arrangement and location of data in the direct access
storage devices. Database specialists use the physical view to make efficient use of storage and processing
resources. Users, however, may wish to see data differently from how they are stored, and they do not
want to know all the technical details of physical storage. After all, a business user is primarily interested in
using the information, not in how it is stored.
The logical view/user’s view, of a database program represents data in a format that is meaningful to a user
and to the software programs that process those data. That is, the logical view tells the user, in user terms,
what is in the database. One strength of a DBMS is that while there is only one physical view of the data,
there can be an endless number of different logical views. This feature allows users to see database
information in a more business-related way rather than from a technical, processing viewpoint.
4.2 The characteristics of a database system
The way in which data is held on a system affects the ease with which the data is able to be accessed and
manipulated. A database system has the following characteristics:
(a) Shared. Different users are able to access the same data for their own processing applications. This
removes the need to hold the same data in different files.
(b) Controls to preserve the integrity of the database.
(c) Flexibility. The database system should provide for the needs of different users, who each have
their own processing requirements and data access methods. The database should be capable of
evolving to meet future needs.
4.2.1 Database queries

A database can be interrogated by a query language. A query language is a formalised method of
constructing queries in a database system. It provides the ways in which you ask a database for data. Some
query languages can be used to change the contents of a database. SQL, short for Structured Query
Language, is a popular language.
4.3 Advantages of database systems

The advantages of a database system include the following:
(a) Avoidance of unnecessary duplication of data (data redundancy). The same information is held
only once, leading to reduced storage space and
(b) Less processing. If a piece of data changes, it has to be updated only once as it is recorded only once.
(c) Data independence; the database does not have to be altered if programs using it are changed. The
database management system handles the changes.
(d) Data is looked upon as serving the organisation as a whole, not just for individual departments.
The database concept encourages management to regard data as a resource that must be properly
managed.
(e) Greater formality over security and control of access.
(f) The installation of a database system encourages management to analyse data, relationships
between data items, and how data is used in different applications.
(g) Consistency – because data is only held once, the possibility of departments holding conflicting data
on the same subject is reduced.
(h) Data on file is independent of the user programs that access the data. This allows greater
flexibility in the ways that data can be used. New programs can be easily introduced to make use of
existing data in a different way.
(i) If all data concerning each entity is in one place, more useful and faster processing will be possible.
(j) Developing new application programs with a database system is easier because the programmer
is not responsible for the file organisation.
4.4 Disadvantages of database systems

The disadvantages of database systems relate mainly to security and control:
(a) There are problems of data security and data privacy. There is potential for unauthorised access
to data. Administrative procedures for data security must supplement software controls.
(b) Since there is only one set of data, it is essential that the data should be accurate and free from
corruption.
(c) Since data is held once, but its use is widespread, the impact of system failure would be greater.
(d) If an organisation develops its own database system from scratch, initial development costs will
be high.

4.5 Ethical issues related to data capture and storage
LO
2.6
Definitions
Ethics is concerned with what is right and what is wrong. To act ethically generally means to 'do the right
and fair thing' in the eyes of society as a whole.
Privacy, in the context of information and databases, is concerned with the right of an individual or
organisation to control access to information relating to them.
Professions such as law and accountancy have a codified set of ethics its practitioners are expected to
honour. Violations are dealt with in the harshest possible terms, and even minor lapses can result in
significant penalties. No such codification exists for Information Systems (IS) and technology (IT)
professionals. They generally abide by personal codes of conduct and are essentially self-policing.
The technology environment is becoming ever more challenging. Areas such as data access and capture,
processing speed, tracking and monitoring and job redesign are just a few examples of IT capabilities with
ethical considerations. Electronic databases enable organisations to capture and store vast amounts of data
about individuals and other organisations. Information can be retrieved and manipulated cheaply, quickly and
easily.
Some ethical issues associated with electronic databases such as privacy, unauthorised data linking,
propagation of errors and responsibility for correction and sharing and profiling are discussed below.
4.5.1 Privacy
Databases often contain data that should be kept confidential, 'sensitive data'. For example, a database that
supports the processing of on-line transactions would hold customer names, addresses and credit card
numbers. A payroll database includes employee salary details; a medical database holds patients' medical
histories. Most countries have data protection legislation designed to protect individuals from unauthorised
disclosure and distribution of this type of data, for example the Privacy Act in Australia and the Data
Protection Act in the UK.
Living in a free society, we can do business with any organisation as we see fit and when conditions change,
we are free to take our business elsewhere. Let us say a person has a car insurance policy with Beta
Indemnity, and over the course of time has numerous accidents and files a series of claims. The person then
applies for a new policy with Midtown Mutual. Does Beta have an ethical obligation to supply information to
Midtown that might affect its decision on the conditions for that policy? If not, and if our ability-impaired
driver has a serious accident, does Beta bear any responsibility for withholding information that might have
prevented new insurance, and possibly even the license to drive, from being issued? Without technological
advances in processing high data volumes, enabling data about consumers to be easily shared among
organisations, it would be difficult if not impossible to build up a comprehensive ‘life file’ about anyone.
Does the fact that technology enables this to happen necessarily mean it should?
Prior to the advent of technology enabling mass capture, storage, and processing of data, maintaining the
security of that data and ensuring it was not misused was relatively easy. Critical and confidential data was
kept on paper, in locked files, in a secure file room, with access that was controlled by a responsible
person. Today, we have terabyte-sized databases that are tabulated and cross-referenced with others to
provide all sorts of information about us to all sorts of people. As individuals, we have little or no control
over that data. When you apply for a car loan your personal financial data is legitimately provided by the
credit reporting agencies to enable your lender to make an appropriate financial decision as to whether you
are a good risk. The lending institution subsequently uses that data to market products to you. That was
not the original intention of the transaction by which the data was supplied, but there is nothing inherently
illegal about it. However, is it ethical for that organisation to use an asset to which it wouldn't ordinarily
have had access and in an entirely different manner than what was agreed by the two parties to begin with?
Does this constitute an invasion of your privacy?
4.5.2 Unauthorised data linking and sharing

Holders of databases may decide to not only use data for their own business, but could also be tempted to
sell a database, possibly infringing privacy rights.
Databases can be linked together. Information from a range of sources can be combined to create a
detailed profile on a person or organisation. The result is often referred to as a data mosaic. Data mosaics
can be rearranged for different uses and shared easily. The bigger the mosaic and the greater the number of
users, the greater the risk of misuse of information.
For example, every time you use a debit or credit card, make an online purchase, access an ATM, or
complete virtually any financial transaction, a significant amount of data about you and your activity is
recorded. In the simplest application, companies use that data to issue bills, record payments, or update
portfolios. This is basic recordkeeping. However, technology has enabled more sophisticated uses of that
data.
As just one example, data mining using segmentation analysis can swiftly analyse buying patterns and
‘suggest’ additional purchases on the basis of the product you are trying to buy. Is this an ethical use of data?
The information being used is all about you, but it was collected by the company with which you were
doing business. Is it your data or theirs? If it is their data, do you have the right to tell them how to use it?
Not too many of us would have much of a problem with technology enabling the bank to quickly and
accurately apply interest to our accounts, but do we have the same attitude when that same bank uses that
data for marketing purposes?
4.5.3 Propagation of errors and responsibility for correction

Errors in a database can create real problems for individuals and organisations, for example an incorrect
credit rating. The wider the error has spread, the more difficult it is to correct effectively. This raises
questions such as who is responsible for tracking down every agency that might have acquired the error.
Often this is unclear, which results in the injured party committing time and effort to try and correct errors
that weren't of their making.
When organisations share information, one of the partners may discover anomalies in the supplied data.
After correcting the data, does that entity have an ethical responsibility to pass the edits back to the
supplier? Your company’s payroll system is operated by the finance department and supported by IT. Which
department is accountable for the accuracy of data maintained in that system?
A salesperson loses her laptop while on a business trip. Confidential corporate data was on the hard drive,
possibly in violation of company policy, and the laptop was neither password-protected nor encrypted.
How do you assess relative responsibility? In many cases involving accuracy and security of data, the lines of
ownership and accountability are blurred.
4.5.4 Profiling
Databases enable people and organisations to identify individuals with certain characteristics. For example, a
family holiday supplier may target people living in certain postcodes who have two or more children. Some
people find this type of targeted, unrequested marketing attention annoying.
Profiling has also been used by government agencies, such as airport authorities and the police, to identify
'suspects'. For example, utility records have been used to identify people who use unusual amounts of water
and electricity as possible illegal drug producers. Many innocent individuals have been investigated on the
basis of this type of profiling.
Airlines can collect and cross-reference an enormous amount of data on travellers. Patterns can emerge
that could allow them to draw conclusions identifying individuals as possible security risks. Is this profiling,
and if so, is it ethically challenged? If airlines do not do this and someone who could have been stopped at
the gate boards a flight and hijacks the plane, is the airline ethically responsible for its own inaction?
Exam comments
Ethical concerns relating to data capture and storage are topical and therefore likely to be tested in your
exam.
Case studies
Some of the US's largest databases are truly vast. The US Internal Revenue Service (IRS) maintains records
on over 75 million taxpayers. Ford Motor Company maintains a customer database of 50 million records.
Citicorp uses a database of 30 million records.

LO
5 Data storage models
2.3
Section overview
• There are four main types of database storage models – hierarchical, network, relational and
object-oriented.
A data storage model is a specification describing how a database is structured and used. There are many
options for defining a database and storing the application's data. Because a database consists of data in
many files there must be some kind of structure or organisation of data to be able to access data from one
or more files easily. Among the most popular structures are hierarchical, network and relational data
storage technologies. These types of data storage differ not only in the way they physically manage the
storage and retrieval of data, but also in the conceptual models they present to the user and programmer.
In recent years, the relational database has generally become the de facto standard for database storage.
This is due both to the usability of the relational model itself, and because it provides a standard interface
called Structured Query Language (SQL) that allows many different database tools and products to work
together in a consistent and understandable way. Additionally, a relational database typically provides
mechanisms for handling referential integrity, data validation, and a host of administrative processes to set
up and maintain the application's data.
5.1 The hierarchical model

The hierarchical model shows data in a tree-like format. Upper segments of the model are connected to
lower segments in a parent-child relationship. A parent can have more than one child, but a child can have
only one parent. Such relationships can be expressed conveniently in a hierarchy. Each data item is related
to only one item above it in the hierarchy, but to any number of data items below it.
In a customer database, for example, the hierarchical model might be used to show customers and
customer orders. An extract from a parts department database might be structured as follows:
Hierarchical structures are appropriate when systems must handle large numbers of routine requests for
information e.g. an airline reservation system. The hierarchical nature of the model makes it unsuitable for
situations involving 'many-to-many' relationships.
5.2 The network model

The main advantage of a network database over the hierarchical model is that relationships can be
established between the parent and child in both directions. This means that a child table can have multiple
parents and a parent table can be linked to multiple child tables.
The network database model makes it much easier to build more complex databases, however, the user
still must have a good understanding of the underlying structure to efficiently access and manage the data.
Returning to our part sales example, a network model is shown below:
5.3 The relational model

The relational database model is the most commonly used today. The model organises data elements in a
series of tables consisting of rows and columns. A row represents a record (or entity). Each column is a
field or attribute e.g. address, telephone number or part number.
Changes made in one portion of the database are propagated throughout the database through the usage of
integrity constraints and relational links.
The primary key is used to identify a record. Data in one table can point to data in another table, as long
as there is one data attribute that exists in both tables.
Data from these tables can be extracted and or linked provided that any two share a common data
element. For example, the customer code could be used to link the Customer table with the Order table.
Once the link has been established between two or more tables a query can permit any combination of the
data from the tables to be viewed.
These views are obtained by using enquiry tools such as Structured Query Language (SQL). This permits an
application to create a unique data set (record) from a common set of data (database) in a fashion that
meets the application requirements. The two main benefits of a relational database are quick access to data
and the easily implemented data integrity.

5.4 Object-oriented database
Object-oriented databases emerged in the mid-1980s, but relational databases remain the most popular.
The main difference with an object-oriented database is that database 'records' are treated as properties of
an object rather than as a group of related fields. Links can be established between different objects and
their associated properties and classes. Objects may hold other objects, allowing them to inherit properties.
The technical aspects of what exactly defines an object-orientated database and how such a database
operates are relatively difficult to understand without a background in computer systems and object-
orientated programming. These aspects are beyond the scope of this syllabus.
For our purposes, it is sufficient to know that object-orientated databases exist, and their main benefit is
that modern programming languages are based around the use of objects and the ability of objects to
automatically inherit properties from other objects.
Some computing observers recognise another type of database, the object-relational database. This
combines aspects of the relational model with concepts from the object-oriented model. This model may
eventually become the industry standard, but currently there are no recognised international standards.
As a result, databases built using this model are proprietary and may have compatibility issues with other
implementations.
Exam comments
Exam questions could test your knowledge and understanding of the different data storage models.
LO
2.4 6 Data modelling and design
Section overview
• An Entity Relationship Model (ERM) may be used to establish and model the logical data
requirements of a system.
To ensure data is able to be used effectively, databases must be designed effectively and the data organised
efficiently. There are several modelling techniques available to help plan and design a database.
6.1 A static structure model (Entity Relationship Model)

An Entity Relationship Model (ERM) (also known as an entity model or a logical data structure)
provides an understanding of the logical data requirements of a system independently of the system's
organisation and processes. An ERM is an example of a static structure model.
When talking about data and databases, an entity is an item (a person, a job, a business, an activity, a
product, an inventory item etc) about which information is stored. An attribute is a characteristic or
property of an entity. For a customer, the main attributes include customer name and address, amounts
owing, date of invoices sent and payments received, credit limit.
An ERM can show four relationships:
• One-to-one relationship (1:1).
• One-to-many relationship (1:M).
• Many-to-one relationship (M:1).
• Many-to-many relationship (M:M)
6.1.1 One-to-one relationship (1:1)

With a one-to-one relationship, an entity is related to only one of the other entity shown. For example, a
one-to-one relationship exists between company and finance director. The model below shows one company
which employs one finance director. These diagrams are sometimes called Bachmann diagrams.
6.1.2 One-to-many relationship (1:M)
For example, the relationship employs also exists between company and director. The company employs
more than one director.
6.1.3 Many-to-one relationship (M:1)

This is really the same as the previous example, but viewed from the opposite direction. For example,
many sales managers report to one sales director.
6.1.4 Many-to-many relationship (M:M)

The relationship between product and part is many-to-many. A product is composed of many parts, and a
part might be used in many products.
When analysing relationships the correct classification is important. If the one-to-many relationship
customer order contains part numbers is incorrectly described as one-to-one, a system designed on the
basis of this ERM might allow an order to be entered with one item and one item only.
Example: Building an ERM

A diagram modelling part of a warehousing and despatch system is shown below. This indicates that:
(a) A customer may make many orders.
(b) That an order form can contain several order lines.
(c) That each line on the order form can only detail one product, but that one product can appear on
several lines of the order.

6.2 An event model (Entity Life History)
As we have seen, Entity Relationship Models take a static view of data. We will now look at a modelling
tool that focuses on data processes.
An Entity Life History (ELH) shows the processes that happen to an entity. An ELH is a type of event
model.
Data items do not always remain unchanged – they may come into existence by a specific operation and be
destroyed by another. For example, a customer order forms part of a number of processes, and is affected
by a number of different events. At its simplest, an entity life history displays the following structure:
Entity life histories identify the various states in which an entity can legitimately be. It is really the functions
and events which cause the state of the entity to change that are being analysed, rather than the entity itself.
The following notation rules are used for Entity life histories:
(a) Three symbols are used. The main one is a rectangular box. Within this may be placed an asterisk or
a small circle, as explained below.
(b) At the top level the first box (the 'root node') shows the entity itself.
(c) At lower levels the boxes represent events that affect the life of the entity.
(d) The second level is most commonly some form of 'create, amend, delete', as explained earlier (or
birth, life, death if you prefer). The boxes are read in sequence from top to bottom and left to
right.
(e) If an event may affect an entity many times (iteration) this is shown by an asterisk in the top right
hand corner of the box. A customer account, for example, will be updated many times.
(f) If events are alternatives (selection) – for example, accept large order or reject large order – a
small circle is placed in the top right hand corner.
Note the three types of process logic referred to above:
• Sequence.
• Iteration (or repetition).
• Selection.
A simple example follows.
o o
LO
2.4 7 Database implementation
Section overview
• Database implementation should be formally planned and managed to ensure the database is
fit for purpose.
Implementing a database requires formal planning. Many of the steps involved are similar to other systems
implementation projects covered elsewhere in this Study Manual (Chapter 4).
The general systems development and implementation information provided in Chapter 4 can be applied to
many of the steps listed below.
Step 1: Define the scope of the project and the proposed database
• Identify the groups and functions within the organisation that will be served by the database.
• Identify the existing applications that will be converted to the database system.
• Prepare project proposal and obtain management approval.
Step 2: Organise the project

• Appoint a project manager and select the Database Administrator (DBA).
• Form a database design team.
• Establish regular meetings and periodic management reporting for design team.
Step 3: Select the Database Management System (DBMS)

• Document the database requirements in a formal request for tender document.
• Appraise the tenders.
• Select the DBMS vendor.

Step 4: Develop an implementation plan
• Identify data and files to be included.
• Estimate developer hours required to modify applications programs.
• Estimate support hours required to verify data using conversion.
• Develop implementation timetable.
Step 5: Design the database and the infrastructure

• Identify detailed data requirements.
• Determine data structure.
• Decide where in the organisation's IT infrastructure the database will be located.
• Identify hardware requirements.
• Decide security measures.
• Finalise and approve design specifications.
Step 6: Training
• Establish training requirements and the training schedule.
• Train programmers and the DBA.
Step 7: Generate a test database

• Programmers code database framework and DBMS.
• Code conversion programs for data to be transferred.
• Generate the database.
• Test and debug.
• Review and approve test results.
Step 8: Develop a detailed data conversion plan

• Plan programming assignments for each program to be modified and each data file to be converted.
• Schedule users to verify and correct file contents.
• Prepare conversion schedule and obtain approval from all involved.
Step 9: Incorporate existing applications and train database users

• If possible incorporate one application at a time into the new database.
• Ensure users are trained and are able to operate the database.
• Approve revised applications as they are converted.
• Begin using database for new applications.
Step 10: Fine-tune the database

• Speak to users and monitor DBMS data and modify database as required.
• Ensure database security is robust and working as intended.
Step 11: Periodically review database performance

• Ensure the database is operating as intended.
• Evaluate the database and the project.
Question 1: DBMS
What is a database management system (DBMS)?
LO
2.1 8 Databases and Accounting Information Systems
(AIS)
Section overview
• Accounting Information Systems (AIS) apply database concepts and techniques to produce
meaningful accounting information.
Definition
An Accounting Information System (AIS) is a collection of data and processing procedures that
records and creates accounting related information.
Accounting Information Systems use databases in a number of ways. For example, the accounts receivable
ledger stores customer data, the accounts payable ledger stores information about suppliers, and payroll
holds information about employees.
An AIS collects, records, stores, and manipulates financial data, and converts this data into meaningful
information for financial reporting and management decision making.
Throughout this chapter we have illustrated how database concepts apply to AIS – for example, payroll.
9 Controls and ethics

Section overview
• Computerised databases enable organisations to store vast amounts of data about individuals
and other organisations. This raises privacy, ethical and control issues.
Controls are required to protect the security and integrity of data held in databases.
As databases are held within an organisation's information infrastructure, security controls that protect an
organisation's information systems as a whole also provide protection to databases. Controls more relevant
to all aspects of an organisation's information systems are covered in Chapter 6. In this chapter section we
focus on controls most relevant to database security.
LO
2.5
9.1 Database security and controls
Many databases maintained by organisations contain sensitive data, for example credit card details. There
have been cases in recent years where sensitive data has been lost or compromised, through either hacking,
theft or carelessness, for example leaving a laptop containing sensitive data on a train.
Definitions
Database security aims to protect the confidentiality, integrity and availability of data held in the database.
Database integrity relates to data accuracy and consistency within the database.
We will now look at some specific control measures intended to protect the database.

9.1.1 Encryption
Encryption aims to protect confidentiality. The encryption process encodes data in such a way that means
only authorised users, who have the correct 'key', can read the data. Encryption therefore renders data
unreadable to unauthorised users.
Data may be encrypted inside the database ('at-rest') and/or during communication ('in-transit'). Different
encryption algorithms include Data Encryption Standards (DES), Triple DES or 3DES, and Advanced
Encryption Standards (AES).
9.1.2 User rights or privileges

User Access Controls (UAC) aim to protect database integrity. One UAC is the allocation of appropriate
rights or privileges to database users. For example, some users may have the right to view certain aspects
of the data, other users may have the right to alter data. User accounts that are no longer required should
be deleted.
9.1.3 User passwords

User passwords are another access control that aims to protect data integrity. Requiring a valid user name
and password combination to enter the database makes unauthorised access far more difficult. It is
important an effective password policy is enforced that ensures passwords are robust, not obvious and are
changed regularly.
9.1.4 Input controls

Input controls aim to ensure the accuracy, completeness and validity of data input.
(a) Data verification involves ensuring data entered matches source documents.
(b) Data validation involves ensuring that data entered is not incomplete or unreasonable. Various
checks can be used, depending on the data type.
(i) Check digits. A digit calculated by the program based on the entry being checked to validate
it.
(ii) Control totals. For example, a batch total totalling the entries in the batch.
(iii) Hash totals. A system generated total used to check the reasonableness of numeric codes
entered.
(iv) Range checks. Used to check the value entered against a sensible range, e.g. balance sheet
account number must be between 5 000 and 9 999.
(v) Limit checks. Similar to a range check, but usually based on a upper limit e.g. must be less
than 999 999.99.
It is possible for data to be mis-keyed, but still be accepted by the system as valid (because it is in the
correct format).
9.1.5 Processing controls

Processing controls should ensure the accuracy and completeness of processing. Programs should be
subject to development controls and to rigorous testing. Periodic running of test data is also recommended.
9.1.6 Output controls

Output controls should ensure the accuracy, completeness and security of output. The following
measures are possible:
• Investigation and follow-up of error reports and exception reports.
• Batch controls to ensure all items are processed.
• Controls over distribution/copying of output including hard copy, electronic communication
methods such as e-mail and the use of portable storage media.
9.1.7 Database activity logs and Database Activity Monitoring (DAM)
Most Database Management Systems (DBMS) include some monitoring capability that provide an audit trail
(a log) detailing database activity by user. The log can be examined for unusual activities, usually through
some automated process.
Audit trails are the last line of database defence as they detect the existence of a potential violation rather
than preventing it.
Some organisations use an additional tool, Database Activity Monitoring (DAM) software. DAM tools sit
outside the database and monitor activity 'live'. The DAM software alerts the database administrator of any
activity considered potentially suspicious, rather than relying upon subsequent inspection of the audit trail.
9.1.8 Database administrator (DBA)

Control over data can be facilitated by the appointment of a database administrator, who controls and
sets standards for:
• The input of data.
• Its definition, for instance the development of logical data models.
• Physical storage structures.
• System performance.
• Security and integrity of data, e.g. maintenance of the data dictionary (see later).
• Back-up and recovery strategies.
9.1.9 Information policy document

Details of data controls and standards should form part of the organisation's information policy document.
This should also include details of how data is acquired, standardised, organised and maintained together
with user rights and rules for sharing information.
For example, an information policy may specify that only selected members of the payroll and human
resources department would have the right to view or change sensitive employee data, such as an
employee's salary.
The database administrator (or in large organisations, a data administration team) is responsible for
developing the information policy, data dictionary development and monitoring how data is used.
9.1.10 Data dictionary

The data dictionary is an index of data held in a database. It provides a record of the following information:
• Field names, types, lengths and default values.
• A list of the entity, attribute and relationship types.
• A list of all the processes which use data about each entity type.
• How to access the data (a data dictionary is sometimes called a data directory).
• What data codes and symbols mean.
• The origin of the data.
• Possible range of values.
• Ownership of the data.
The data dictionary is a form of technical documentation. It is also a control tool and ensures that all in
the organisation define data consistently.
9.2 Availability
Database controls and security measures aim to protect the confidentiality and integrity of the database and
also aim to ensure the database is available and able to be used effectively by authorised users.
The security measures described above help achieve this by reducing the chances of unauthorised activity
and damage to the database. It is also important to ensure the database is backed-up regularly and
appropriately to ensure efficient data recovery if required.

The data stored in commercial databases must be complete, comprehensive and accurate. It is also vital that
such systems are easy to use and serve their strategic missions.
Data that is inaccurate, out of date or inconsistent can create serious operational and financial problems for
businesses. Poor quality data leads to ill-informed decisions which result in financial losses.
We cover data quality issues, in detail, in Chapter 6.
Case study
The Gartner Group consultants reported that more than 25 per cent of the critical data in large US
Fortune 1 000 companies' databases is inaccurate or incomplete. This includes incorrect product codes and
product descriptions, faulty inventory descriptions, erroneous financial data, incorrect supplier information,
and incorrect employee data. Gartner believes that customer data degrades at a rate of two per cent per
month, making poor data quality a major obstacle to successful customer relationship management (Gage
and McCormick, 2005).
Key chapter points
• Organisations collect and store data for a number of reasons:

– to record transactions.
– for planning purposes.
– to facilitate control.
– to enable performance to be measured.
– to facilitate decision-making.
• Data and information captured and stored in an organisation's information systems comes from a
• The way in which computer data is stored can be viewed as a hierarchy as follows: bit, field, record,
file and database.
• The term 'database system' is used to describe a wide range of systems that utilise a central pool of
data.
• There are four main types of database storage models: hierarchical, network, relational and object-
oriented.
• An Entity Relationship Model (ERM) may be used to establish and model the logical data
requirements of a system.
• Database implementation should be formally planned and managed to ensure the database is fit for
purpose.
• Accounting Information Systems (AIS) apply database concepts and techniques to produce
meaningful accounting information.
• Computerised databases enable organisations to store vast amounts of data about individuals and
other organisations. This raises privacy, ethical and control issues.

1 Distinguish 'data' from 'information'.

2 Data and information captured and stored in an organisation's information systems comes from a
variety of ………………….. and ………………….. sources.
What two words are missing from the statement above?
3 A computer record would normally include more than one field.
Is the statement above true or false?
A true
B false
4 What is SQL?
5 There are four main types of database storage models. Hierarchical, relational and object-oriented
are three. Which model is missing?
6 What type of relationship is shown in the diagram below?
7 The implementation of a new database should not be constrained by formal planning – a flexible 'see
how we go' approach is best.
A true
B false
8 An ………………….. ………………….. ………………….. is a collection of data and processing
procedures that records and creates accounting related information.
What three words are missing from the statement above?
9 In the context of computer databases, what does the abbreviation DAM mean?
1 Data is the raw material for data processing. Data consists of numbers, letters and symbols and
relates to facts, events, and transactions. Information is data that has been processed in such a way
as to be meaningful to the person who receives it.
2 Data and information captured and stored in an organisation’s information systems comes from a
3 The statement is True. Computer data is made up of a hierarchy: bit, field, record, file and
database.
4 SQL is short for Structured Query Language, and is a popular database query language.
5 There are four main types of database storage models – hierarchical, network, relational and
object-oriented.
6 The relationship shown is a many-to-one relationship (M:1), many sales managers reporting to one
sales director.
7 The statement is false. Database implementation should be formally planned and managed to ensure
the database is fit for purpose.
8 An Accounting Information System is a collection of data and processing procedures that
9 The abbreviation DAM stands for Database Activity Monitoring. DAM software tools sit outside
the database and monitor activity ‘live’. The DAM software alerts the database administrator of any
activity considered potentially suspicious, rather than relying upon subsequent inspection of the audit
trail.

Answer to chapter question
1 A database management system (DBMS) is the software that manages access to a database. The
DBMS enables numerous applications to operate from the database without the need for separate
files.
Chapter 3
ERP systems and

data analysis
Data analysis tools LO3
Identify and explain the role of application and data analysis tools LO3.1
Illustrate the components of an enterprise-wide resource-management system, LO3.2

highlighting the centralised database and workflow management aspects of these
systems
Analyse different types of productivity software LO3.3
Describe data mining and its uses LO3.4
Topic list
1 Enterprise Resource Planning (ERP) systems

2 Knowledge management and productivity software
3 Data warehousing
4 Data analysis using business intelligence tools
5 Data mining
81
Introduction
We start this chapter by considering the role of Enterprise Resource Planning (ERP) software, focusing on
the centralised database and workflow management aspects of these systems.
Then we discuss the concept of knowledge management, and the software that can help an organisation
gather and manage knowledge and information. Productivity software is covered as part of this discussion.
Later, we focus on the use of data warehouses, before turning our attention to tools used to utilise the
data, information and knowledge stored in organisational information systems.
Don't become too focused on the detailed IT aspects of these topics. What is important for professionally
qualified accountants is an understanding of the principles and thinking behind these systems and techniques
– and most importantly a focus on the business benefits technology can bring.

Before you begin
covered.
1 What is an Enterprise Resource Management (ERM) system? (Section 1)

2 Identify two examples of productivity software. (Section 2)
3 Distinguish between an intranet and an extranet. (Section 2.5)
4 What is a digital dashboard? (Section 4)
5 What is the purpose of data mining? (Section 5)
3: ERP systems and data analysis 83

LO
3.2
1 Enterprise Resource Planning (ERP) systems
Section overview
• Enterprise Resource Planning (ERP) systems, sometimes referred to as Enterprise Resource
Management (ERM) systems, integrate different functional areas of an organisation in a single
system. Two important elements of ERP systems are:
– A centralised database.
– Workflow management.
Definition
Enterprise Resource Planning (ERP) systems integrate the planning, management, and use of all of an
organisation's resources. (Laudon and Laudon 2009).
Enterprise Resource Planning (ERP) systems provide unity and co-ordination across different functional
areas of an organisation. They eliminate the need for separate systems and separate data silos within an
organisation. The two most popular ERP systems are SAP and Oracle.
1.1 The role of the centralised database

The ERP system is usually built around a unified central database that holds data that is used by all
system modules.
The centralised database supports a number of integrated modules designed to support all of the key
activities of the enterprise. The tightly integrated nature of the system enables data to flow easily across
functional boundaries (as opposed to individual functional areas operating their own independent system).
Reporting is also simplified, as all data is held in one database.
ERP originated in manufacturing, but has spread to almost all sectors, including government agencies.
Systems can cover almost all functions of an organisation, regardless of the organisation's business. A typical
implementation will include managing the key elements of the supply chain such as purchasing, inventory
control, production planning and customer service, including order tracking. ERP systems also often provide
HR modules enabling control of staff scheduling and staff payments.
The use of ERP systems in e-business is now widespread, with applications to connect customers and
supply chain members and to facilitate e-commerce.
1.2 ERP and workflow

An important element of Enterprise Resource Planning software is the ability to manage workflow.
Workflow is a term used to describe the defined series of tasks within an organisation to produce a final
outcome. The workflow software aspect of ERP systems provide the information necessary to control
business processes, which are 'a set of related steps or procedures designed to produce a specific outcome'
(Laudon and Laudon).
At each stage in the workflow, one individual or group is responsible for a specific task. Once the task is
complete, the workflow software ensures that the individuals responsible for the next task are notified and
receive the data they need to do their stage of the process.
The workflow application within the ERP system enables workflow to be managed by the software,
either in part or completely. Some human intervention may still be required, but the functions that can be
automated are handled by the application. For example, if a purchase order needs to move through a
number of departments for authorisation, the workflow application handles this process. When all of the
required individual authorisations are complete, the software would notify the person who raised the order
and allow the order to be placed.

Business processes can be restricted to one functional area (e.g. human resources) or can span a number of
functional areas. Order fulfilment, for example, could span sales, production, logistics, inventory control,
quality assurance and accounts. Another example, in a publishing setting, a document might be automatically
routed from writer to editor to proof-reader to production.
An insurance company could use ERP software to ensure a claim was handled consistently from the initial
call to claim settlement. The workflow application would ensure that each person handling the claim used
the correct online form and successfully completed their step before allowing the process to continue to
the next step.
1.2.1 Workflow reporting

Workflow applications enable detailed reporting on the process itself. For example, reporting on how
many times each workflow was executed, what was the average execution time and how long people took
to perform their tasks. This enables the identification of bottlenecks and of areas for process improvement.
Case study
SAP Workflow is designed to facilitate and automate business processes involving tasks performed by users
(people in the workplace). It ensures that the right work is assigned in the right sequence at the right time
to the right person in the workflow.
Each step of a business transaction can be easily monitored throughout the initiation and completion of
business processes. SAP Workflow enables the process owners to track deadlines, determine the workload
as well as provide statistics on the length of time to complete work processes.
SAP Workflow can be linked to other software tools such as Microsoft Outlook or Lotus Notes.
1.3 ERP implementations – have these been successful?

As ERP implementations impact on so many areas of the business, carrying out an ERP implementation
while maintaining high standards in day-to-day operations is difficult.
As they are wide ranging, ERP implementations tend to be relatively expensive. They also carry
significant 'hidden' costs through requiring organisations to change the way they operate.
ERP also poses significant challenges in the areas of information security and business continuity
planning. Even a successful ERP implementation will bring increased risk of major computer system failure.
When operating a series of smaller, separate systems, a breakdown would impact upon a relatively small
area of operation. If there is a failure with ERP the impact is likely to be extremely disruptive.
Some businesses have been restructured to fit the restrictions of the ERP software, a reversal of the normal
strategy.
Possibly the most repeated criticism is that many ERP implementations have failed to deliver significant
efficiency improvements.
On the other hand, Enterprise Resource Planning software has been implemented successfully in some
organisations, for example where it has been implemented as a means of rationalising and integrating
systems where mergers and acquisitions led to an unco-ordinated mix of systems.
ERP has also proved effective in supply chain management through facilitating reduced lead times.

LO
3.3 2 Knowledge management and productivity software
Section overview
• Knowledge management describes the process of collecting, storing and using the knowledge
held within an organisation.
• A wide range of information systems are utilised for knowledge management purposes. These
include office automation systems, group collaboration systems, knowledge work systems and
artificial intelligence systems.
• Productivity software is a term used to describe office application software such as Microsoft
Office – including word processing, spreadsheet, scheduling, presentation and other types of
software used by individuals to improve their productivity. There is overlap between productivity
software and office automation systems.
2.1 Knowledge management

A significant amount of company resources are wasted because organisations are not aware of the
knowledge they and their staff already possess. Knowledge management attempts to address this
through implementing processes for the collection, storage and use of knowledge.
Definitions
Knowledge is information within people's minds.
Knowledge management describes the process of collecting, storing and using the knowledge held
within an organisation.
Knowledge is widely recognised as a sustainable source of competitive advantage. Superior knowledge

enables a company to produce unique products or services, or to produce products and services to a
higher level of quality or at a lower cost than competitors.
Knowledge is valuable as it may be used to create new ideas, insights and interpretations and for decision
making. However knowledge, like information, is of no value unless it is applied.
2.1.1 Knowledge management programs

Knowledge management programs are attempts at:
(a) Designing and installing techniques and processes to create, protect and use explicit knowledge,
which is knowledge that the company knows that it has. Explicit knowledge includes facts,
transactions and events that can be clearly stated and stored in management information
systems.
(b) Designing and creating environments and activities to discover and release tacit knowledge. Tacit
knowledge is expertise held by people within the organisation that has not been formally
documented.
Tacit knowledge is a difficult thing to manage because it is invisible and intangible. We do not know what
knowledge exists within a person's brain, and whether he or she chooses to share knowledge is a matter of
choice.
The motivation to share hard-won experience is sometimes low; the individual is 'giving away' their value
and may be very reluctant to lose a position of influence and respect by making it available to everyone.
Organisations should encourage people to share their knowledge. This can be done through a culture of
openness and rewards for sharing knowledge and information.

2.2 Knowledge creation
Japanese companies have a strong focus on tacit knowledge. They motivate knowledge creation through
visions of products and strategies coupled with organisational cultures that promote sharing, transparency
and proactive use of knowledge and innovation.
Human resource policies such as rotation of employees through different jobs and functions support the
expansion of knowledge.
2.3 Organisational learning

The process by which an organisation develops its store of knowledge is sometimes called organisational
learning.
A learning organisation is centred on the people that make up the organisation and the knowledge they
hold. The organisation and employees feed off and into the central pool of knowledge. The organisation
uses the knowledge pool as a tool to teach itself and its employees.
Case study
Facilitating knowledge sharing
World-class companies now realise that the best ideas do not necessarily come from the executive
boardroom but from all levels of the company; from line workers all the way through to top management.
Companies that have cultures that encourage best practice sharing can unlock the rich stores of
knowledge within each employee. Sharing promotes overall knowledge and facilitates further creativity.
World-class companies are innovatively implementing best practice sharing to shake them of out of the rut
of 'the way it's always been done'. Programs such as General Electric's Work-Out sessions help employees
challenge conventions and suggest creative new ideas that drive process improvement, increased efficiency,
and overall, a stronger bottom line.
The fundamental goal of knowledge management is to capture and disseminate knowledge across an
increasingly global enterprise, enabling individuals to avoid repeating mistakes and to operate more
intelligently – striving to create an efficient learning organisation.
The best companies create a best practice-sharing culture through all levels of the organisation, using both
internal and external sources of best practices. They then capture that knowledge and communicate it to all
employees.
2.4 Information systems used in knowledge management

Information systems play an important role in knowledge management, helping with information flows
and helping formally capture the knowledge held within the organisation.
Any system that encourages people to work together and share information and knowledge will aid
knowledge management. Examples are shown in the following table – further explanation follows the table.
What the systems facilitate Examples

Knowledge collation and distribution Office automation systems and productivity
software
• Word processing
• Electronic schedulers
• Desktop databases
• Spreadsheets
• Web publishing
• E-mail

What the systems facilitate Examples
Knowledge sharing Group collaboration systems
• Groupware – including messaging, conferencing, and
Web 2.0 technologies such as Wikis, blogs and
folksonomies
• Intranets
• Extranets
Knowledge creation Knowledge work systems
• Computer Automated Design
• Virtual reality
• Investment workstations
Knowledge capture and codification Artificial intelligence systems
• Expert systems
• Neural networks
• Fuzzy logic
• Intelligent agents
2.5 Distributing and sharing knowledge

2.5.1 Office Automation Systems (OAS) and productivity software
Knowledge work is dependent on the efficient production and distribution of documents and other forms
of communication such as voice messaging systems.
Office Automation Systems (OAS) and productivity software are often used to present, analyse and/or
distribute information and knowledge. There isn't one single accepted definition for either of these software
groups.
Generally though, productivity software is interpreted as referring to general office application software
such as Microsoft Office – including word processing, spreadsheet, scheduling, presentation and other types
of software used by individuals to improve their productivity. This overlaps with the Office Automation
Systems (OAS) category we have just described.
We have looked at productivity software and OAS in the context of knowledge management, but
remember they are used for a very wide range of tasks. Almost all organisations apply tools such as
spreadsheet software to many situations. You should be familiar with popular Microsoft Office applications
such as Word, Excel, PowerPoint and Outlook, or similar products.
2.5.2 Groupware
Definition
Groupware is a term used to describe software that provides functions for the use of collaborative work
groups.
Typically, groups using groupware are small project-oriented teams that have important tasks and tight
deadlines The most widely-used groupware products are Microsoft Outlook and Lotus Notes.
However, there are many related products and technologies.
It is when groupware is used to share information with colleagues that it comes into its own. Features of
groupware include the following:
(a) Messaging, an e-mail account to send and receive messages.
(b) Access to an information database, and customisable 'views' of the information held on it, which
can be used to standardise the way information is viewed in a workgroup.
(c) Group scheduling, to keep track of colleagues' schedules and to enable meetings to be arranged,
including booking the meeting room and required resources.

(d) Public folders. These collect, organise, and share files with others on the team or across the
organisation.
(e) Other users can be given 'delegated or shared access' to another's groupware folders and send
mail on their behalf, or read, modify, or create items in public and private folders on their behalf.
(f) Conferencing. Participation in public, online discussions with others.
(g) Assigning tasks. A task request can be sent to a colleague who can accept, decline, or reassign the
task. After the task is accepted, the groupware will keep the task status up-to-date on a task list.
(h) Voting type facilities that can, say, request and tally responses to a multiple-choice question sent in
a mail message (e.g. 'Here is a list of options for this year's Christmas party').
(i) Hyperlinks in mail messages. The recipient can click the hyperlink to go directly to a Web page or
file server.
(j) Wikis. A Wiki is a website that allows users to easily create new web pages on the site, to make
links between the pages, and to edit existing pages. Wiki sites are used by many companies to
encourage collaboration between individuals and groups. One of the most widely known public Wiki
sites is Wikipedia, an on-line encyclopedia.
(k) Blogs. A Blog is a website containing descriptions of events and personal experiences, or
comments or reviews. A Blog can also be an individual entry, or a series of entries on a particular
topic. Blogs are usually informal, and can be a diary by a single person, or have contributions from
many sources. Often readers are able to add comments to an entry. Blogs have a huge number of
uses within a business, for instance: examples of conducting an interview, operating a machine, or
closing a sale; reports of field trips or meetings with customers; company or department news;
preparation for coming events of reviews of past ones; descriptions of working in various
departments and at different levels.
(l) Folksonomies. A Folksonomy is a classification that arises when people collaborate to create and
manage the links between, for example, Wikis, Blogs and normal web pages. The process is generally
known as tagging, and consists of attaching labels to various items or pages, and using these to link
or jump to the items from other places.
(m) Workflow management with various degrees of sophistication.
2.6 Creating knowledge

Knowledge workers are people whose jobs consist primarily of creating new information and knowledge.
They are often members of a profession such as doctors, engineers, authors, lawyers and scientists.
2.6.1 Knowledge Work Systems (KWS)

Knowledge Work Systems (KWS) are information systems that facilitate the creation and integration of
new knowledge into an organisation. They provide knowledge workers with tools such as:
• Analytical tools.
• Powerful graphics facilities.
• Communication tools.
• Access to external databases.
• A user-friendly interface.
The workstations of knowledge workers are often designed for the specific tasks they perform. For
example, a design engineer would require sufficient graphics power to manipulate 3-D Computer Aided
Design (CAD) images; a financial analyst would require a powerful desktop computer to access and
manipulate a large amount of financial data (an investment workstation).

The components of a KWS are shown in the following diagram:
SOFTWARE
External
knowledge Graphics Visualisation
base Modelling Simulation
Document management
Communications
User
interface
Hardware platform: knowledge workstation
Knowledge work system

Virtual reality systems are another example of KWS. These systems create computer generated
simulations that emulate real-world activities. Interactive software and hardware (e.g. special headgear)
provide simulations so realistic that users experience sensations that would normally only occur in the real
world.
Case studies
Virtual reality
Burger King have used virtual reality stores to test new store designs.
Volvo have used virtual reality test drives in vehicle development.
2.6.2 Expert systems
Definition
An expert system is a computer program that captures human expertise in a limited domain of
knowledge.
Expert system software uses a knowledge base that consists of facts, concepts and the relationships
between them on a particular domain of knowledge and uses pattern-matching techniques to 'solve'
problems.
Rules of thumb or ('heuristics') are important. A simple example might be 'milk in first' when making a cup of
tea: this is a rule of thumb for tea making that saves people having to rethink how to make a cup of tea every
time they do so. A simple business example programmed into a credit check may be: 'Don't allow credit to a
person who has no credit history and has changed address twice or more within the last three years'.
For example, many financial institutions now use expert systems to process straightforward loan
applications. The user enters certain key facts into the system such as the loan applicant's name and most
recent addresses, their income and monthly outgoings, and details of other loans. The system will then:
(a) Check the facts given against its database to see whether the applicant has a good previous credit
record.
(b) Perform calculations to see whether the applicant can afford to repay the loan.
(c) Make a judgment as to what extent the loan applicant fits the lender's profile of a good risk (based
on the lender's previous experience).
(d) Suggest a decision.

A decision is then suggested, based on the results of this processing. This is why it is now often possible to
get a loan or arrange insurance over the telephone, whereas in the past it would have been necessary to
go and speak to a bank manager or send details to an actuary and then wait for him or her to come to a
decision.
Other applications of expert systems include:
(a) Legal advice.
(b) Tax advice.
(c) Forecasting of economic or financial developments, or of market and customer behaviour.
(d) Surveillance, for example of the number of customers entering a supermarket, to decide what
shelves need restocking and when more checkouts need to be opened.
(e) Diagnostic systems, to identify causes of problems, for example in a factory, or in healthcare.
(f) Education and training, diagnosing a student's or worker's weaknesses and providing or
recommending extra instruction as appropriate.
A diagram of an expert system:
(a) The knowledge base contains facts and rules from past experience.
(b) The knowledge acquisition program is a program which enables the expert system to
incorporate new knowledge and rules.
(c) The working memory stores the facts and rules being used by the current enquiry, and the
current information given to it by the user.
(d) The inferencing engine is the software that executes the reasoning. It decides which rules apply,
and allocates priorities.
2.6.3 When are expert systems effective?

Expert systems are best suited to situations where:
(a) The problem is well defined.
(b) The expert can define rules by which the problem can be solved.
(c) The investment in an expert system is cost-justified.
The knowledge base of an expert system must be kept up-to-date.
Expert systems are not suited to high-level, unstructured problems as these require information from a
wide range of sources rather than simply deciding between a few known alternatives.

LOs
3.1
3.4 3 Data warehousing
Section overview
• A data warehouse consists of a database, containing data from various operational systems, and
reporting and query tools.
Definitions
A data warehouse is a database that contains data from other databases, and other sources, that enables
data to be analysed outside of operational systems.
A data mart is similar to a data warehouse but the mart holds data relating to a specific department,
function or area of the business.
3.1 What is a data warehouse?

A data warehouse consists of a database, containing data from various operational systems, and reporting
and query tools.
A data warehouse contains data from a range of internal and external sources. One reason for including
individual transaction data in a data warehouse is that if necessary the user can drill-down to access
transaction level detail. Data is increasingly obtained from newer channels such as customer care systems,
outside agencies and websites.
Data is copied to the data warehouse as often as required – usually either daily, weekly or monthly. The
process of making any required changes to the format of data and copying it to the warehouse is usually
automated. The result should be a coherent set of information available to be used across the organisation
for management analysis and decision making. The reporting and query tools available within the
warehouse should facilitate management reporting and analysis.
The reporting and query tools should be flexible enough to allow multidimensional data analysis, also
known as on-line analytical processing (OLAP). Each aspect of information (e.g. product, region, price,
budgeted sales, actual sales, time period and so on) represents a different dimension. OLAP enables data to
be viewed from each dimension, allowing each aspect to be viewed in relation to the other aspects.
3.1.1 Features of data warehouses

A data warehouse is subject-oriented, integrated, time-variant, and non-volatile.
Subject-oriented A data warehouse is focused on data groups, not application boundaries. Whereas the
operational world is designed around applications and functions such as sales and purchases, a
data warehouse world is organised around major subjects such as customer, supplier, product
and activity.
Integrated Data within the data warehouse must be consistent in format and codes used – this is referred
to as integrated in the context of data warehouses. Data must arrive in the data warehouse in a
consistent integrated state. The data import routine should 'cleanse' any inconsistencies.
Time-variant Data is organised by time and stored in 'time-slices'. Data warehouse data may cover a long
time horizon, perhaps from five to ten years. Data warehouse data tends to deal with trends
rather than single points in time. As a result, each data element in the data warehouse
environment must carry with it the time for which it applies.
Non-volatile Data cannot be changed within the warehouse. Only load and retrieval operations are made.
Organisations may build a single central data warehouse to serve the entire organisation or may create a
series of smaller data marts. A data mart holds a selection of the organisation's data for a specific
purpose. A data mart can be constructed more quickly and cheaply than a data warehouse. However, if too
many individual data marts are built, organisations may find it is more efficient to have a single data
warehouse serving all areas.

The components of a data warehouse are shown in the following diagram.
3.1.2 Advantages of data warehouses

Advantages of setting up a data warehouse include the following:
(a) Decision makers can access data without affecting the use of operational systems.
(b) Having a wide range of data available to be queried easily encourages the taking of a wide perspective
on organisational activities.
(c) Data warehouses have proved successful in some businesses for:
(i) Quantifying the effect of marketing initiatives.
(ii) Identifying and understanding an enterprise's most profitable revenue streams.
(iii) Improving knowledge of customer behaviour.
3.1.3 Limitations of data warehouses

Some organisations have found they have invested considerable resources implementing a data warehouse
for little return. To benefit from the information a data warehouse can provide, organisations need to be
flexible and prepared to act on what they find. If a warehouse system is implemented simply to follow
current practice it will be of little value.
Other limitations exist, particularly if a data warehouse is intended to be used as an operational system
rather than as an analytical tool. For example:
(a) The data held may be outdated.
(b) An efficient regular routine must be established to transfer data into the warehouse.
(c) A warehouse may be implemented and then, as it is not required on a day-to-day basis, be ignored.
Case studies
Data gathering and use
Gathering data is the easy bit. Many companies have a transactional database at their disposal – the difficult
part is figuring out how to use the data to drive more profitable relationships with customers. Data that is
of little value should be discarded. There might be hundreds of columns on a database that can be
segmented at the touch of a button but, unless this information can result in some action with regard to the
customer, it is redundant.

It might be tempting to take advantage of every customer 'touch point' to acquire more knowledge but
consumers are increasingly asking 'What's in it for me?' In the right circumstances they will provide
information but unless it is relevant to them and there is a tangible benefit, companies risk alienation.
Ward & Daniel (2006), when writing about benefits management, make the point that many management
information systems projects and data warehouse investments are expected to bring the general benefit of
'improved decision making'. For benefits to be realised, and corporate performance enhanced, it is
important that this is more closely defined: who is going to be able to make improved decisions, and which
of their decisions will be improved? Using a marketing example, the following benefits could be set out:
'Improved decision making by marketing staff to ensure increased customer responses from campaigns', or
'Improved decisions by sales staff to ensure they follow up the leads with the highest potential value'.
LO
3.1
4 Data analysis using business intelligence tools
Section overview
Business intelligence (BI) tools enable users to analyse, manipulate, and report on data. Examples include:
– Digital dashboards
– Multidimensional databases
– Enterprise Information Portals (EIP)
– E-commerce analytics
Definitions
Business intelligence (BI) applications enable the data held in databases to be manipulated and analysed.
4.1 What are business intelligence tools?

Business intelligence (BI) tools or applications transform data into information and present that information
to end users in a meaningful and usable manner.
These tools enable business users to analyse, manipulate, and report on corporate data using familiar, easy-
to-use interfaces. Users are presented with views of data in a highly summarised form that supports
comparative analysis.
BI systems include two types of information systems:
(a) Systems that provide easily accessible information in a structured format – for example 'digital
dashboards'.
(b) Systems that provide data analysis tools – for example, multidimensional data analysis or data mining.
Business intelligence tools are now a central technology for e-commerce customer analytics and
information portals.
4.2 Digital dashboards

Definition
Digital dashboards are software tools that provide a high level, summarised view of the performance of
an enterprise.
A digital dashboard (sometimes called an executive dashboard, an enterprise dashboard or a management

cockpit) provides rapid access to timely information and direct access to management reports.

The dashboard can be customised to display business data across a wide range of areas, for example sales
figures, expenses, profitability, production, customer satisfaction measures and so on. It provides easy
access to summarised information and exception reports. The information is presented in a clear, user
friendly format, usually including graphics.
Common features / capabilities of digital dashboards
Feature / capability Comment

Exception reporting Reports or indicators that highlight deviations larger than specified
parameters.
Trend analysis Trend information covering past periods and future projections.
Ad-hoc analysis The facility to produce on-demand queries and reports.
Drill-down The facility to drill-down on highly summarised indicators to reveal the
underlying data.
Current status Real-time access to selected metrics.
Key performance indicators (KPIs) Summarised data relevant to tracking KPIs which are relevant to factors
relevant to Critical success factors identified as critical to the success of the organisation.
(CSFs)
An example is shown below.

Digital dashboard – example
4.3 Multidimensional databases

Multidimensional databases store data in matrices along related attributes, or dimensions, that are common
to the business, such as product, time, cost, geographical spread and sales. Because there can be many
dimensions in a multidimensional data store, they are often referred to as 'hypercubes' or simply 'cubes'.
Data is extracted from the working database or data warehouse into smaller, local databases on the
desktop. BI tools can then analyse and report on the data, for example 'what if' analyses, simulations and
forecasting techniques.

4.4 Enterprise information portals (EIP)
Enterprise information portals (EIP) serve as a gateway to an organisation's information and knowledge.
They deliver personalised business data and content directly to employees, business partners and
customers. The portal is often similar to a website and extranet combined.
B2C (business-to-consumer) relationships can be enhanced by providing information (e.g. product
specifications, technical notes, and service information) in a portal-like structure personalised for a
particular customer's needs. B2B (business-to-business) on-line trading communities are almost exclusively
based on some type of portal design.
4.5 E-commerce analytics

With the rapid growth of e-commerce initiatives across virtually all industries, business intelligence
practices have found new areas of applicability and usage. Organisations collect and store mountains of data
generated from B2B and B2C interactions. This data should be analysed and acted upon. For example,
Google analytics enable organisations to monitor the effectiveness of different aspects of their website.
4.6 Benefits of data analysis using business intelligence tools

Organisations that exploit their corporate data gain a competitive advantage over those who do not.
Business intelligence products, including desktop and enterprise query and reporting tools, multidimensional
databases and data warehousing products, are used by many organisations to make better-informed
decisions.
Case study
Business intelligence and IT infrastructure
JJB Sports, a retailer of sports equipment based in the UK, completed a £500 000 upgrade to its business
intelligence and merchandise management system in 2008, cutting reporting times by half.
The upgrade included a new IT infrastructure that consists of servers connected to an existing storage area
network, and an Oracle database. Access to accurate and timely information on merchandise sales,
inventory levels and store performance is crucial in meeting customers' needs.
LO
3.4
5 Data mining
Section overview
• Data mining software looks for hidden, previously unknown patterns and relationships in large
pools of data.
Definition
Data mining is the analysis of data with the aim of discovering previously unknown, potentially useful
relationships.
There are many different definitions of data mining. However, the principle of data mining relates to the use
LO
3.4 of advanced analytical techniques to discover useful relationships in large databases.
For example, the sales records for a particular brand of golf club might, if sufficiently analysed and related to
other market data, reveal a seasonal correlation with the purchase of tennis equipment by the same people.
Data mining differs from the use of structured query language to access large databases, in that the latter is
simply summarising data that is already in the database. Data mining, on the other hand, is looking for

‘hidden’ relationships in the data that can then be used to find rules in that data and to predict future trends
arising from those rules.
The data to be mined will normally be in a database. However, that data must be prepared for mining prior
to mining taking place. The analyst may need to select, sample, aggregate, filter, cleanse, and transform data
in preparation for mining.
Some people’s definition of data mining is linked with their definition of data warehousing. Data warehouses
are for storing data, not turning it into information, whereas data mining turns data into information.
5.1 Features of data mining tools

Popular website data mining tools include NetTracker and EasyMiner (from MINEit software). IBM’s
InfoSphere Warehouse Modeling is a DB2 extender that provides a set of SQL stored procedures and user-
defined functions to build a model and store it in a DB2 table. These procedures and functions are referred
to as ‘easy mining procedures’. The model is set up using graphical wizards to create mining tasks that
specify the type of model to be built, the parameter settings, the data location and the data settings e.g.,
which columns to use in the model.
Data mining tools (software programs) will contain various features to extract data from databases. They
include support for the following outputs:
• Creation of classification and prediction models - these use trend analysis to determine the level of
variables in the future, e.g. demand for different products in a supermarket based on past purchasing
history.
• Discovery of associations and sequential patterns in large databases - patterns in this situation are
normally hidden until the data mining tool identifies the relationships and reports these back to the
user.
• Automatic segmentation of databases into groups of related records - this will help users undertake
further analysis on one segment of the database, e.g. by geographical area or type of customer.
• Discovery of similar patterns of behaviour within special time sequences - in a supermarket, this
analysis can be by day, week or year, for example, to try and determine how purchasing patterns
change over different time frames.
5.2 Data mining outputs

Modern data mining programs will include state-of-the-art Graphical User Interface (GUI) facilities, including
online help, task guides, and a graphical representation of the mining base and its objects. A progress
window displayed during mining operations shows time elapsed and estimated quality of model results.
Repeatable sequences allow a data mining program to construct a sequence of mining operations that can
be saved and subsequently modified and repeated. This will save significant amounts of time when programs
have to be run regularly. When mining is complete, mining results can be exported to the user’s preferred
analysis tools, such as spreadsheets or user-orientated databases.
The actual results obtained from data mining will vary according to the data being mined and the specific
activities of the organisation. For example, outputs from data mining of information from web sites will
include:
• Drill down capabilities allowing users to obtain further analysis on visitors to the website.
• Analysis of the traffic over the website, including times of access and pages accessed.
• Store of website accesses in a database for further analysis.
• Delivery of reports by email according to specific output criteria and recipient.
• Real time reports available on website traffic for access and analysis.
• Summary reports available with the option to output data for further analysis.

5.3 Types of results obtained
The process of data mining normally results in five different types of results being obtained.
Associations - are occurrences that are linked to a single event i.e, where one event can be correlated to
another event. For example, in a supermarket it may be found that people who purchase beer also buy
peanuts 35% of the time. However, when there is a ‘special offer’ on peanuts then beer and peanut
purchases are linked 50% of the time. Having access to this type of information will help the store manager
plan for appropriate special offers in the store as well as deciding where to place goods on the shelves.
Placing beer and peanuts on the same shelf may well increase the sales of these products because the
purchases are highly correlated.
Sequences - occur where events are linked over time, that is, one event leading to another later event.
For example, it may be found that 55% of the time, the purchase of curtains is followed by a purchase of a
rug after two months. Sending a direct mail shot to purchasers of curtains with details of an offer on
rug/carpet purchases may help to increase further the number of rugs sold.
Classification - aims to recognise patterns within the database for specific groups of items. This information
is used to try and predict the activity of specific items within that group. For example, some people tend to
change their credit card on a regular basis. By analysing the characteristics of the group of people with credit
cards, a card issuer may find it possible to identify those people most likely to change their card. Having
identified those people, special offers can be devised to try and stop them changing their credit card.
Clustering - works in a similar way to classification, although in this situation no groups have been defined.
In this situation, data mining involves finding groups within the entire database, perhaps by splitting the
database by geographical region or by age groupings. Specific characteristics can then be applied to those
groups to help identify trends.
Forecasting - is used to discover patterns in the data that can lead to predictions about the future. In this
sense, forecasting is simply extrapolating existing trends into the future to help determine the value of
different figures. For example, trying to determine the value of sales for the next six months based on sales
figures for the past five years.
Data mining can also be used to locate individuals within the database and then target those individuals with
specific offers or information. For example, some supermarkets send out offers to their customers based
on their individual purchase of goods within the store. Information on individual purchases is collected using
a ‘store card’ which has a unique reference number for each individual. All purchases are logged at the
checkout using this number. Within the customer database, sales trends for each customer can be
established. Supermarkets can then send ‘money off’ coupons to each customer, based on their personal
buying habits, to encourage the purchase of other products. However, the coupons vary depending on the
spending habits of that customer. The aim of sending out the coupons is to encourage more purchases
within the store as well as purchasing specific products, which may have a higher profit margin.
Question 1: Data warehouse and data mining

The Westhampton University provides tuition to degree level to 10 000 students, both on campus and by
distance learning courses. The University has 24 different departments, each of which specialises in one specific
area, such as economics, geography or astronomy.
Over the past ten years, information systems have been developed in each department to meet the specific
needs of that department. However, the systems are incompatible with each other and use a wide range of
software applications.
The systems are becoming expensive to operate, as well as requiring duplication of input for students that
study in more than one department. Additional duplication occurs when student details have to be entered
into the central University database, which is used for monitoring total student numbers.
The Board of Management of the University has decided that the University should develop and implement an
integrated database for future information requirements and place all existing data into a single data
warehouse. The new system must meet the information requirements of the central database as well as those
of the individual departments.

Required
Identify the main issues that would have to be overcome to implement a data warehouse at the University and
comment briefly on whether data mining would be useful following the warehouse implementation.
Exam comments
Exam questions could test your understanding of what data mining is and the types of relationship it may
uncover.
Case study
Data mining technology
Facebook and MySpace, the social networking giants, have both used data mining software to tailor the
advertisements presented to different users. In some cases the technology has improved the likelihood of
members clicking on an advert by up to 80 per cent. Factors taken into account include user group
membership and personal interests to formulate detailed portraits that can be used by advertisers to target
ads.
Case study
A step-by step approach to improving performance through IT
Step 1 Implement a data warehouse

A data warehouse is a computer loaded with a database product such as Oracle or
Microsoft SQL server. For larger volumes of data a toolset has been developed called
OLAP (on-line analytical processing) which allows summary information to be created and
stored. As a consequence of this, on-line and instant enquiries can be made on
customer/product/regional performance by date/period range.
Step 2 Reporting tools
In order to get an overall picture of your organisation's performance you will usually need
to access data from different operation applications. All too often the data is not the same
across these systems. New systems promise the latest technology for reporting and
enquiries. Enterprise Resource Planning (ERP) and Customer Relationship Management
(CRM) packages promise to integrate your different applications smoothly and give you a
single point of access to all data.
There are a myriad of reporting tools. One that is regularly overlooked is the spreadsheet.
It is surprising how many organisations go out and buy expensive new knowledge-
management tools when they already have a product that will deliver all the
reporting/enquiry performance they require.
Step 3 Intranet-enabled-reporting/enquiries
Most larger companies now have a corporate intranet. This typically holds information on
employee 'phone and contact details, standard forms for holiday requests, terms and
conditions of employment and so on. It is also possible to integrate reporting into an
intranet. Web page development tools allow the display of information from a data
warehouse. The benefit of using a web browser is that it allows for remote access to the
information quickly and easily.
Step 4 Client/supplier access to information
By this stage you have business data from your different systems in a single data warehouse
and are using analysis tools to access this. Your intranet enables staff to access key
information quickly and easily wherever they are. Why not make some of this information
available to business partners? For example, why not make customer sales order
information to your customers and even suppliers? This is where the Internet can give your
organisation real commercial benefit.

Step 5 Streamline transaction processing
The next step is to look at the possibility of streamlining your business processes. Why not
allow customers to generate their own orders via the web? Security is always a concern, as
is the resilience of the IT infrastructure, but these challenges are surmountable.
Step 6 Train staff in what you already have
Do staff really understand existing business systems? Are they familiar with what the web
can offer the organisation? Put together a comprehensive training program.
Step 7 Get board buy-in
It is essential the board and senior management actively support the implementation.
A diagram showing how data, databases, a data warehouse and various data analysis tools work together
follows:
Databases, multi dimensional data cubes, data warehouse and data analysis tools

Key chapter points
• Enterprise Resource Planning (ERP) systems, sometimes referred to as Enterprise Resource

Management (ERM) systems, integrate different functional areas of an organisation in a single system.
Two important elements of ERP systems are:
– A centralised database.
– Workflow management.
• Knowledge management describes the process of collecting, storing and using the knowledge held
within an organisation.
• An intranet is an internal network used to share information. Intranets use Internet technology and
protocols. The firewall surrounding an intranet fends off unauthorised access. An extranet is an
intranet that is accessible to authorised outsiders.
• A wide range of information systems are used for knowledge management purposes. These include
office automation systems, group collaboration systems, knowledge work systems and artificial
intelligence systems.
• Productivity software is a term used to describe office application software such as Microsoft Office
– including word processing, spreadsheet, scheduling, presentation and other types of software used
by individuals to improve their productivity. There is overlap between productivity software and
office automation systems.
• A data warehouse consists of a database, containing data from various operational systems, and
• Business intelligence (BI) tools enable users to analyse, manipulate, and report on data. Examples
include:
– Digital dashboards.
– Multidimensional databases.
– Enterprise Information Portals (EIP).
– E-commerce analytics.
• Data mining is the analysis of large pools of data to unearth unsuspected or unknown relationships,
patterns and associations. These relationships will be used to determine rules in the data, and predict
future trends arising from those rules.

1 An Enterprise Resource Planning (ERP) system includes separate, distinct databases for each
organisational function. Individual ERP modules use their own data.
A true
B false
2 Distinguish between explicit knowledge and tacit knowledge.
3 Match the following types of system (left column) with how they help knowledge management (right
column).
Knowledge work systems Knowledge distribution
Artificial intelligence systems Knowledge sharing
Office automation systems Knowledge creation
Group collaboration systems Knowledge capture and codification
4 Artificial intelligence and expert systems are the same thing.

A true
B false
5 Microsoft Word is an example of both productivity software and Office Automation System
software.
A true
B false
6 Distinguish between a data warehouse and a data mart.
7 A ………………. …………………. is a software tool that provides a high level, summarised view of
the performance of an enterprise.
What two words are missing from the statement above?
8 What type of software looks for hidden, previously unknown patterns and relationships in large
pools of data?

1 The statement is False. Enterprise Resource Planning (ERP) systems are built around a unified
central database that holds data that is utilised by all system modules.
2 Explicit knowledge is knowledge that an organisation already stores in formal systems. It includes
facts, transactions and events that can be clearly stated and stored in information systems.
Tacit knowledge is expertise held by people within the organisation that has not been formally
documented.
3 The correct combinations are shown below.
Knowledge work systems Knowledge creation
Artificial intelligence systems Knowledge capture and codification
Office automation systems Knowledge distribution
Group collaboration systems Knowledge sharing
4 The statement is False. Artificial intelligence (AI) is the development of computer-based systems
designed to behave as humans. Artificial intelligence systems are based on human expertise,
knowledge and reasoning patterns. An expert system is one example of AI. Expert systems are
computer programs that capture human expertise in a limited domain of knowledge.
5 The statement is True. Microsoft Word is an example of both productivity software and Office
Automation System software.
6 A data warehouse consists of a database, containing data from various operational systems, and
reporting and query tools. A data mart is similar, but generally smaller. It holds a selection of the
organisation's data for a specific purpose.
7 A digital dashboard is a software tool that provides a high level, summarised view of the
performance of an enterprise.
8 Data mining software looks for hidden, previously unknown patterns and relationships in large
pools of data.

1 A data warehouse consists of a database, containing data from various operational systems, and
The following issues would need to be addressed if a data warehouse is to be implemented at the
Westhampton University.
(a) The 24 different departments use different systems and data, a common format for data held
in the data warehouse needs to be selected and applied.
(b) Manipulating the data into the required format for import into the warehouse would require
an automated data conversion program. Different conversion routines will be required to
cope with the different systems that will feed the warehouse.
(c) The effort required establishing and implementing a data warehouse may not be justified. The
data warehouse would hold historical student data which is not essential for the day to day
tuition of current students.
(d) The data warehouse should incorporate a reporting and query tool that allows users to view
and analyse data. All staff that may be required to access data held in the warehouse will
require training to enable them to extract that data they require.
(e) Data warehouses require staff to maintain and administer them. Data must be copied to the
data warehouse as often as required. As operational data will be held on other systems, it is
likely that data would be copied to the data warehouse at the end of each academic year.
Other tasks associated with the system will include the assigning of appropriate access rights
to users, and establishing back-up routines.
(f) Data warehouses are often used in a business context in conjunction with data mining, which
involves searching for patterns within information that are able to be exploited. It is unlikely
that data mining could be applied beneficially in the context of the University – hidden
patterns related to student course selection are unlikely to bring any benefit.

Chapter 4
Systems design and
development
Design, configuration and operation of information systems LO5
Illustrate information systems design, configuration and operations LO5.1
Distinguish between systems development and maintenance LO5.2
Describe the systems development life cycle LO5.3
Explain the activities undertaken during the review and maintenance stage of the LO5.4
systems development life cycle
Explain aspects of the operation and maintenance of the systems development life LO5.5
cycle
Identify and explain the role of typical controls used in project management LO5.6
Describe typical controls used in systems design, development, and maintenance LO5.7
activities
Topic list
1 The systems development life cycle and project management

2 Feasibility study
3 System investigation
4 System analysis
5 System design
6 System implementation
7 System review
8 System maintenance and operations
9 Controls used in systems design, development and maintenance activities
105
Introduction
In this chapter we introduce a methodology for designing and developing information systems – the
systems development life cycle (SDLC).
We shall use the SDLC as a foundation to explain the processes and controls which organisations use when
creating new systems and maintaining them once they have been implemented.

Before you begin
covered.
1 What are the criteria on which the success of projects are judged? (Section 1.1)
2 What cost categories are considered when considering a project's feasibility? (Section 2.3)
3 What are the tools used in system investigation? (Section 3.1)
4 What is a DFD? (Section 4.1)
5 What is meant by a system's logical design? (Section 5.1)
6 What is unit integration testing? (Section 6.2)
7 What are metrics? (Section 7.2)
8 What is adaptive maintenance? (Section 8.1)
4: Systems design and development 107

LO
5.3
1 The systems development life cycle and project
management
Section overview
• Developing a new system is no small or easy undertaking and it is important for the project to
be carefully managed to ensure a successful result. The systems development life cycle is a
methodology for developing information systems to ensure they are properly planned, cost-effective
and meet the needs of users.
In the early days of computing, systems were developed in a fairly haphazard fashion and poorly planned.
The consequences were often badly designed systems, which cost too much to make and which were not
suited to users' needs.
As early as the 1960s, developers attempted to bring order to the development process. Since then, a
number of systems development life cycle (SDLC) models have been created. The original 'typical'
SDLC is sometimes referred to as the waterfall model – this is because it involves a sequence of stages
in which the output of each stage becomes the input for the next stage. These stages can be
characterised and divided up in different ways, including the following:
• Project planning, feasibility study - establishes a high-level view of the intended project and determines
its goals.
• Systems analysis, requirements definition - refines project goals into defined functions and operation of
the intended application. Analyses end-user information needs.
• Systems design - describes desired features and operations in detail, including screen layouts, business
rules, process diagrams, pseudo code and other documentation.
• Implementation - the real code is written here.
• Integration and testing - brings all the pieces together into a special testing environment, then checks
for errors, bugs and interoperability.
• Acceptance, installation, deployment - the final stage of initial development, where the software is put
into production and runs in the actual business structure.
• Maintenance - includes what happens during the rest of the software’s life: changes, correction,
additions, and moves to a different computing platform. This, the least glamorous and perhaps most
important step of all and goes on seemingly forever.
1.1 SDLC models

• The Waterfall method is a basic model for most application development and is the oldest of the
models. However, it assumes that the only role for user is in specifying requirements, and that all
requirements can be specified in advance. Unfortunately, requirements grow and change throughout
the process and beyond, calling for considerable feedback and iterative consultation. Consequently,
many other SDLC models have been developed.
• The Fountain model - recognises that although some activities cannot start before others - such as
the need for a design before starting coding - there is a considerable overlap of activities throughout
the development cycle.
• The Spiral model - emphasises the need to go back and reiterate earlier stages a number of times as
the project progresses. It is a series of short waterfall cycles, each producing an early prototype
representing a part of the entire project. This approach helps demonstrate a proof of concept early in
the cycle, and it more accurately reflects the disorderly, even chaotic evolution of technology.
• Rapid Prototyping or Rapid Application Development - with this model, initial emphasis is on
creating a prototype that looks and acts like the desired product in order to test its usefulness. This
model provides the user with a ‘look and feel’ which serves to stimulate the process senses. The
prototype is an essential part of the requirements determination phase, and may be created using tools

different from those used for the final product. Once the prototype is approved, it is discarded and the
‘real’ software is written.
• Iterative Development – an initialisation phase creates the simplest system that contains the key
aspects of the product, and that users can interact with. A Control List is then made which defines the
items still to be implemented, and these are added and the list refined in a cyclic process where the
designers and implementers learn from the testing and analysis of previous versions.
• The Incremental model - divides the product into builds, where sections of the project are created
and tested separately. This approach will likely find errors in user requirements quickly, since user
feedback is solicited for each stage and because code is tested sooner after it is written.
1.2 Systems development life cycle activities

LO
We have already noted that the systems development life cycle (SDLC) is a conceptual model used in
5.3 project management and that it describes the main stages involved in an information system development
project, from an initial feasibility study through to maintenance of the completed application.
The individual steps of the systems development lifecycle can best be remembered by the mnemonic
‘PADDI’ as outlined in the diagram below:
P Planning (feasibility)
• Planning stage
Review and
A Analysis
• Analysis stage maintenance
• Design stage D Design
• Development stage
D Development
• Implementation stage.
I Implementation
The first step is to identify a need for the new system. This will include determining whether a business
problem or opportunity exists, conducting a feasibility study to determine if the proposed solution is cost
effective, and developing a project plan.
This process may involve end users who come up with an idea for improving their work or may only
involve Information Systems (IS) people. Ideally, the process occurs in tandem with a review of the
organisation's strategic plan to ensure that IT is being used to help the organisation achieve its strategic
objectives. Management may need to approve concept ideas before any money is budgeted for its
development.
The activities associated with the steps outlined by the mnemonic ‘PADDI’ follow:
Planning (P) - will include establishing the terms of reference and a project feasibility study. The terms of
reference will include details as to what is expected from the project team.
The project feasibility study is concerned with justifying the system in terms of the benefits it will bring to
the organisation. The study will look at the volume and nature of transactions, the operating costs and the
availability of alternatives.
System analysis (A) - this stage will include a detailed investigation of the existing system in order to
discover the precise nature of the users’ needs and the way in which the system currently operates. The
performance achieved by the existing system should be measured for effectiveness - providing a benchmark
for the new system. This stage will involve fact finding exercises and documentation of the system to enable
the production of an outline specification of users’ needs. The information that has been collected must be
summarised, sorted and critically judged. This will help to identify any problems, inefficiencies and
bottlenecks in the current system. The information will be recorded in a series of dataflow diagrams (DFDs)

and entity-relationship (ER) diagrams so that the system can be designed. All the facts recorded have to be
established in a format that allows critical evaluation. The format would normally include:
• narrative: costs, equipment, main difficulties, coding, forms/documents
• DFDs (dataflow diagrams) and organisational charts: communication lines, departments, outputs,
main areas causing bottlenecks, etc.
• tables: volumes of data processed, frequencies
• documentation files: containing samples of documents, forms occurring in each system.
System design (D) - alternatives to the existing system need to be considered. There may be a variety of
alternatives but obviously the most effective and economical for the actual company concerned is required.
Once the alternatives have been considered then a selection must be made and the design of the new
system can begin. At this stage all detailed operating characteristics will be designed in terms of inputs,
outputs, and files. All processes (manual and computer) will be defined. All controls and security aspects will
be agreed. The analyst will produce a specification that will include the following details:
• data inputs, processes and outputs
• file structures
• program specifications for each program in the system
• a test schedule for each program
• a test schedule for the overall system
• the method of implementation
• a detailed time schedule for hardware/software acquisition
• operating instructions
• training schedule for users
• system performance measurement.
System development (D) - will include the acquisition of hardware and software and consideration of
whether to develop the system internally or externally. The system should be tested to ensure that it
works and that it meets the needs of the users.
System implementation (I) - this stage will include the following steps.
• Preparation of the detailed specification used to create computer programs and relevant user
documentation (user manuals).
• Testing of programs so that master files can be created for extensive field trials.
• Planning and execution of changeover procedures.
• Validation of the system by parallel running etc.
System maintenance and review - the system must be regularly reviewed and maintained during its life
to ensure that its objectives are being achieved and that performance is satisfactory.
1.3 System operations

System operations comprise the tasks and activities which need to be performed as part of the day-
to-day running of the system. Tasks may be recurring and if so should be scheduled to ensure that the
system is fully functional and performs as specified.
Operations usually run alongside system maintenance and may be performed by the same person,
however in large systems different individuals or teams may perform the role.
Examples of key tasks and activities covered by system operations include:
(a) Ensuring systems are available for use during defined hours of operation.

(b) Ensuring documentation is updated for any changes that occur, for example as a result of
system maintenance.
(c) To carry out servicing of the system as required.
(d) To purchase consumables needed by the system (toner, paper and CD-ROMs).
(e) To test system security and maintain security controls such as passwords.
(f) To back-up the system as required.
(g) To provide staff training on the system.
(h) To monitor and maintain records of system performance and system logs and to
recommend maintenance if required.
LO
5.6
1.4 Project management
Developing a new system, even with a framework such as the SDLC to go by, is no small or easy
undertaking and it is important for the project to be carefully managed to ensure a successful result.
Projects are usually deemed successful if they are completed at the specified level of quality, on time
and within budget.
Constraint Comment
Scope or The work that was specified has been done and all the deliverables have, in fact, been
Functionality delivered.
Budget The project should be completed without exceeding authorised expenditure.
Timescale The progress of the project must follow the planned process, so that the 'result' is ready
for use at the agreed date. As time is money, proper time management can help contain
costs.
It is possible to add a fourth constraint: Quality, which extends the Scope constraint such that the end
result conforms to the project specification. In other words, the result should achieve what the project was
supposed to do
An article in Financial Management (June 2006) helpfully summarises the factors that contribute to successful
project delivery as follows:
(a) Proper planning with regard to time, cost and resource constraints.
(b) The involvement of users (among other key stakeholders) in development and delivery processes,
to ensure that their needs are met (without subsequent changes).
(c) Competent and committed project staff, with the right skills.
(d) Ownership by senior managers on the basis of a clear business case.
(e) Careful management of constraints: control procedures for monitoring the pace,
money/resource usage and conformance of the project.
(f) Risk assessment and management, allowing for risk reduction and contingency planning.
(g) Clear criteria for business case and precise measurements of performance, so that project
success can be evaluated and lessons learned.
1.5 Controlling a project
Exam comments
You can see from the list above that there are many important considerations for a project manager to
think about when managing a project. The focus of the syllabus and the exam is on the controls used in
project management.

Project managers often make use of sophisticated software and systems which define a set of
standards for controlling project activities. Published standards (described below) include PMBOK and PMA
BOK.
1.5.1 Project Management Body of Knowledge (PMBOK)

Published by the USA based Project Management Institute (PMI), this is the most widely used
framework worldwide.
It assumes that most organisations or departments are organised either:
• Functionally, where managers control permanent activities such as sales or human resources; or
• By Project, where each manager controls all aspects of a project, which is a temporary activity.
Functional Management can result in a Weak Matrix Organisation:
Function Manager Function Manager Function Manager
Staff Staff Staff
Staff Staff Staff Project
Appointing project managers with control over staff in a number functional areas creates a ‘Balanced
Matrix’, and creating a new function area containing a pool of such project managers results in a ‘Strong
Matrix’.
PMBOK assumes that each phase of a project (eg. Design Phase, Implementation Phase) is accomplished by
five groups of processes:
• Initiating – recognising the needs, and committing the necessary resources;
• Planning – devising and maintaining a workable scheme;
• Executing – coordinating people and other resources;
• Monitoring and Controlling – measuring progress and taking corrective action;
• Closing – formal acceptance of a completed project.
The completion of one process implies the start of the next, and the outputs of a process (documents, etc)
become the inputs of the next, though in complex projects these groups may overlap considerably in time.
Management Processes may also be grouped into the following Knowledge Areas:
1 Integration – creating and executing a Project Plan to coordinate the various elements of the project,
and establish a Change Control system to coordinate changes across the whole project;
2 Scope – ensuring the project includes all the work required, and no more;

3 Time – ensuring timely completion by defining and scheduling activities;
4 Cost – planning, estimating, budgeting, and controlling to ensure completion within the approved
budget;
5 Quality – planning, evaluation, and monitoring to ensure the project satisfies the needs it was created
to address.
6 Human Resources – planning, acquisition, and development of individuals and teams to make the
best use of them;
7 Communications – generation, storage, and dissemination of project information;
8 Risk – identifying and quantifying risks, and defining and controlling responses;
9 Procurement – acquiring goods and services from outside the organisation.
The Australian Institute for Project Management (AIPM) included these nine areas into the
Australian National Competency Standards for Project Management (ANCSPM).
1.5.2 Association for Project Management Book of Knowledge (APM BoK)

The APM sets the European standards. The BoK does not advocate a particular method. It provides a
framework for projects to run in by identifying the key areas of knowledge that project managers need to
know and apply. These are in three groups:
• Contextual – the relationship to the organisation and its model;
• Behavioural – leadership, etc.;
• Technical – essentially the same as the nine knowledge Areas above.
1.5.3 PRINCE2
PRINCE was developed by the UK Government. The acronym PRINCE stands for PRojects IN
Controlled Environments.
The latest version of PRINCE, PRINCE2 is now the de facto UK standard for systems project management
and is widely used in other countries.
Stage control is the process undertaken by the project manager to ensure that any given stage of the
project remains on course. A project might consist of just one stage.
PRINCE2 project control includes a structure of reports and meetings as follows:
(a) A project initiation meeting agrees the scope and objectives of the project and gives approval for
it to start.
(b) The completion of each project stage is marked by an end stage assessment, which includes
reports from the project manager and the project assurance team. The next stage does not
commence until its plans have been reviewed and approved.
(c) Mid stage assessments are optional and may arise if, for example, a stage runs for a particularly
long time or it is necessary to start a new stage before the current one is complete.
(d) Highlight reports are submitted regularly by the project manager to their superiors. These
reports are the main overall routine control mechanism and their frequency (often monthly) is
agreed at project initiation. They are essentially progress reports and should include brief summaries
of project schedule and budget status.
(e) The checkpoint is the main control device used by the project team itself. Meetings are held more
frequently than highlight reports are prepared (possibly weekly) and provide a basis for continuing
progress review by team leaders and members.

1.6 Project changes
Sometimes projects need to change, for example where a particular stage is delayed or unforeseeable
problems occur. Other possible causes of changes to the original project plan include:
(a) The availability of new technology.
(b) Changes in personnel.
(c) A realisation that user requirements were misunderstood.
(d) Changes in the business environment.
(e) New legislation e.g. data protection.
The earlier a change is made the less expensive it should prove. However, changes will cost time and
money and should not be undertaken lightly.
When considering a change an investigation should be conducted to discover:
(a) The consequences of not implementing the proposed change.
(b) The impact of the change on time, cost and quality.
(c) The expected costs and benefits of the change.
(d) The risks associated with the change, and with the status quo.
The process of ensuring that proper consideration is given to the impact of proposed changes is known as
change control.
In the remainder of this chapter, we will look in greater detail at the activities undertaken during each stage
of systems development.
Question 1: PRINCE2
Which of the following is the main control device for a project team operating under PRINCE2?
A checkpoint
B highlight report
C mid stage assessment
D end stage assessment
LO 2 Feasibility study
5.5
Section overview
• A feasibility study is a formal study to decide what type of system can be developed which best
meets the needs of the organisation.
A feasibility study team should be appointed to carry out the study (although individuals might be given
the task in the case of smaller projects). The team should include people from departments affected by the
project as well as those with the required technical and business knowledge. With larger projects it may
well be worthwhile for a small firm to employ a professional systems analyst and then appoint a
management team to work with the analyst.
Once the team is assembled the study begins. A common approach is to look at the existing system
for problems, generate possible alternative solutions and evaluate them.

2.1 Problem investigation and options
In some circumstances the 'problem' (for example, the necessity for a real-time as opposed to a batch-
processed application) may be quite exact; in others it may be characterised as 'soft' (related to people
and the way they behave).
The study may uncover or suggest a number of possible options for a new system. The study should
evaluate these and recommend one for adoption, usually in the feasibility study report.
2.2 Cost-benefit analysis

A new system should not be recommended unless it can be justified. The justification for a new system
would have to come from:
(a) An evaluation of the costs and benefits of the proposed system.
(b) Other performance criteria.
Cost-benefit analysis before or during the development of information systems is complicated by the fact
that many of the system cost elements are poorly defined (particularly for development projects) and that
benefits can often be highly qualitative and subjective in nature.
In general, the best cost estimates will be obtained for systems bought from an outside vendor who
provides a cost quotation against a specification. Less concrete cost estimates are generally found with
development projects where the work is performed by the organisation's own employees.
2.3 Costs
The costs of a new system can be classified into a number of categories – the following table provides some
examples.
Cost Examples
Equipment costs • Computers and peripherals
• Ancillary equipment
• The initial system supplies (flash drives, CD-ROMs, paper)
Installation costs • New buildings (if necessary)
• The computer room (wiring, air-conditioning if necessary)
Development costs • Measuring and analysing the existing system
• Software/consultancy work
• Systems analysis and programming
• Changeover costs such as file conversion
Personnel costs • Staff training
• Staff recruitment/relocation
• Staff salaries and pensions
• Redundancy payments
• Overheads
Operating costs • Consumable materials (memory sticks, toners, CD-ROMs, stationery)
• Maintenance
• Accommodation costs
• Heating/power/insurance/telephone
• Standby arrangements, in case the system breaks down

2.4 Benefits
The benefits from a proposed new system must also be evaluated. These should include:
(a) Savings because an inefficient old system will no longer be operated.
(b) Extra savings or revenue benefits because of the improvements or enhancements that the new
system should bring. For example better inventory control (with a new inventory control system)
and so fewer inventory losses from obsolescence or lost sales due to stock-outs.
Some benefits might be intangible, or impossible to give a money value to:
(a) Greater customer satisfaction, arising from a more prompt service.
(b) Improved staff morale from working with a 'better' system.
(c) Better decision making is hard to quantify, but may result from improved system features and
analysis tools.
2.5 Overall feasibility

A potential system's overall feasibility should be judged against four criteria:
(a) Technical feasibility – is the system possible given any hardware or software restrictions?
(b) Operational feasibility – is the proposed system realistic given the operational constraints of the
organisation, i.e. will it fit the organisation?
(c) Economic feasibility – does the system make economic sense, i.e. do the benefits outweigh the
costs?
(d) Social feasibility – is the system compatible with the organisation's culture, or is it possible for the
organisation's culture to adapt to the system?
LO
5.5 3 System investigation
Section overview
• System investigation is a detailed fact-finding exercise about the areas and system under
consideration. Methods employed include the use of interviews and questionnaires.
Once the project team has determined that the project is feasible, it has to determine the existing system's
inputs, outputs, processing methods and volumes so that the new system can perform the tasks
which it is needed for. As part of this, the team should review the organisational structure and examine
controls, staffing and costs. It should also consider the expected growth of the organisation and its future
requirements.
3.1 System investigation tools

A number of tools are available to project teams to help them investigate the current system and the
organisation's future requirements. These tools include:
(a) Interviews. Interviewing members of staff can be an effective method of fact finding. Although they
can be time consuming for the investigator, who may have several to conduct, and therefore
expensive.
(b) Questionnaires. The use of questionnaires may be useful whenever a limited amount of specific
information is required from a large number of individuals. Questionnaires may be used as the
groundwork for interviews with some respondents being interviewed subsequently. A main benefit
of questionnaires is that many respondents find questionnaires less imposing than interviews and may
therefore be more prepared to express their opinion.

(c) Observation. Observing operations may be used to check facts obtained by interview or
questionnaire. The observer must remember that staff may act differently simply because they know
they are being observed. This is a difficult problem to overcome as observing staff without their
knowledge may not be ethical.
(d) User workshops. User workshops are meetings with the emphasis on practical exercises and are
used to help establish and record user requirements. They should be facilitated by a facilitator who
co-ordinates the workshop activities with the aim of ensuring the objectives of the session are
achieved.
(e) Document review. The investigator should collect and study documents that relate to systems
which are currently in use. This may be wide ranging and, for example, may include organisation
charts, procedures manuals and standard operational forms.
(f) Existing systems. User requirements for a new system can also be identified by looking at existing
systems. Examples of areas where existing systems can provide useful information include file
structures, transaction volumes, screen design, user satisfaction and processor speed. It is important
to remember however, that a duplicate of the existing system is not required. The aim is to produce
a better system – which is likely to involve changes to existing working methods.
LO
5.5
4 System analysis
Section overview
• System analysis examines why current methods are used, what alternatives are available,
what restricts the effectiveness of the system and what performance criteria are required
from a new system.
Systems analysis is a process which examines why current methods are used and what alternatives
might achieve the same or better results. A variety of fact-finding techniques are available to determine how
a system operates, what document flows occur, what work processes are involved and what personnel are
involved. Common techniques used include data flow diagrams, entity relationship modelling and entity life
histories and decision tables.
4.1 Data flow diagrams

Data flow diagrams are often produced during systems analysis to provide a diagrammatic representation
of how the system works.
The following four symbols are used in data flow diagrams:

An entity is a source or destination of data which is considered external to the system (not necessarily
external to the organisation). It may be people or groups who provide data or input information or who
receive data or output information.
A data store is a point which receives a data flow and holds data.
A data flow represents the movement or transfer of data from one point in the system to another.
Data processes involve data being used or altered. The processes could be manual, mechanised or
computerised.
An example of a data flow diagram follows:

Within this organisation, the Stores department places requests for purchases and accepts delivery of
the goods, the Purchasing department places orders, and receives and pays invoices. The top section of
the diagram starts with the Purchase request being sent from Stores to Purchasing. The bottom section
starts with the Supplier sending an invoice.
Note the following points shown on the diagram:
(a) Each process is numbered, but this is only for ease of identification. The numbers are not meant
to show the strict sequence of events.
(b) Each process box has a heading, showing where the process is carried out or who does it. The
description of the process should be a clear verb like 'prepare', 'calculate', 'check' (not 'process',
which is too vague).
(c) The same entity or store may appear more than once on the same diagram (to prevent
diagrams becoming overly complicated with arrows crossing each other). When this is done an
additional line is put within the symbol.
(d) Data stores are given a reference number (again sequence is not important). Some analysts
like to use 'M' with this number if it is a manual store, and a 'D' if it is a digital or computerised
store.
4.2 Entity relationship modelling and Entity life histories

Entity relationship models (ERMs) provide an understanding of the logical data requirements of a
system independently of the system's organisation and processes. They take a static view of data.
An entity life history (ELH) is a diagram of the processes that happen to an entity over its life. They
provide a dynamic view of data.
We covered ERMs and ELHs, in the context of database design, in Chapter 2.
4.3 Decision tables

Decision tables are used as a method of defining the logic of a process (i.e. the processing operations
required) in a compact manner. They are particularly useful in situations where a large number of logical
alternatives exist.
The basic format consists of four quadrants divided by intersecting double lines.
Condition stub Condition entry
Action stub Action entry
The purpose of the condition stub is to specify the values of the data that require testing. The condition
entry specifies what those values might be. Between them, the condition stub and condition entry show
what values an item of data might have that a computer program should test for. Establishing conditions will
be done within a computer program by means of comparison checks.
The action entry quadrant shows the action or actions that will be performed for each rule. In the
computer program, instructions specify the action to take, given the conditions established by comparison
checks.

LO
5.7 5 System design
Section overview
• System design is a technical phase which addresses in particular inputs, outputs, program
design, dialogue design, file design and security.
In this stage the new system should be designed to meet an agreed (by users, developers, management)
requirements specification. There are two types of design, logical and physical.
5.1 Logical design

Logical design involves describing the purpose of a system, i.e. what the system will do. Logical
design does not include any specific hardware or software requirements as it is more concerned with the
processes to be performed. Models such as data flow diagrams or written descriptions may be used to
show and explain what a system will do.
5.2 Physical design

Physical design refers to the actual 'nuts and bolts' of the system, for example the technical specifications
for the hardware and software required.
5.3 System configuration

The term, system configuration, refers to the hardware, software and processes that comprise a
system. In other words it defines what the system consists of.
On a deeper level, the hardware, software and processes themselves need to be configured, or set,
so that the system operates efficiently. For example, a system's resources (such as available memory
and storage space) may need to be adjusted to enable software programs to run effectively.
LOs
5.1
5.5
6 System implementation
Section overview
• System implementation describes a number of processes which take the new system's logical
and physical design through to the point where it is ready for operations.
The main stages in the implementation of a computer system once it has been designed are as follows:
(a) Installation of the hardware and software.
(b) Testing.
(c) Staff training and production of documentation.
(d) Conversion of files and database creation.
(e) Changeover.
The items in the list above do not necessarily happen in a set chronological order, and some can be
done at the same time. Therefore the requirements for implementation vary from system to system.

6.1 Installation
Installing a mainframe computer or a large network is a major operation that is carried out by the
manufacturer/supplier. If just a few PCs are being installed in a small network, this may be able to be
performed by non-specialists.
Most new software is provided on CD-ROM and may be able to be installed by non-specialists, depending
upon the complexity of the system and the checks required to ensure all is operating as intended.
6.2 Testing
A system must be thoroughly tested otherwise there is a danger that it will go live with faults that might
prove costly. The scope of tests and trials will vary with the size and complexity of the system. To ensure a
coherent, effective approach to testing, a testing plan should be developed. The following types of testing
may be used:
(a) Logic testing. Before any programs are written the logic behind them should be checked. This
process would involve the use of flow charts or data flow diagrams. The path of different types of
data and transactions are manually plotted through the system, to ensure all possibilities have been
catered for and that the processing logic is correct.
(b) Program testing. This involves processing test data through all programs. Test data should be of
the type that the program will be required to process and should include invalid/exceptional items to
test whether the program reacts as it should.
(c) Unit testing and unit integration testing. Unit testing means testing one function or part of a
program to ensure it operates as intended. Unit integration testing involves testing two or more
software units to ensure they work together as intended.
(d) System testing. System testing has a wider focus than program testing and extends into areas such
as the practicalities of input, system flexibility, the system's ability to cope with peak transaction
volumes and to produce information when required. System testing involves testing before
installation (known as off-line testing) and after implementation (on-line testing).
(e) User acceptance testing. This is used to establish whether users are satisfied that the new system
meets the system specification when used in the actual operating environment. Users process test
data, system performance is closely monitored and users report how they felt the system meets
their needs. Test data may include some historical data, because it is then possible to check results
against the 'actual' output from the old system. This form of testing also has the benefit of helping
the new users accept the new system and any changes to how they perform their work.
6.3 Training
Staff training in the use of a new system is essential if the return on investment is to be maximised. Training
should be provided to all staff who will use the system. Examples of situations where significant training
is likely to be required include, when:
• A new system is implemented.

• An existing system is significantly changed.
• Job specifications change.
• New staff are recruited.
• Skills have been forgotten.
Training should focus on the specific tasks the user is required to perform e.g. entering an invoice
or answering a query. There are a range of options available to deliver training, as shown below:

Training method Comment
Individual tuition 'at desk' A trainer could work with an employee observing how they use a system and
suggesting possible alternatives.
Classroom course The software could be used in a classroom environment, using 'dummy' data.
Computer-based training (CBT) Training can be provided using CDs, or via an interactive web site.
Case studies and exercises Regardless of how training is delivered, it is likely that material will be based
around a realistic case study relevant to the user.
Software reference material Users may find on-line help, built-in tutorials and reference manuals useful.
The training method applicable in a given situation will depend on the following factors:
• Time available.
• Software complexity.
• User skill levels.
• Facilities available.
• Budget.
User documentation may be used to explain the system to users. Much of this information may be
available on-line using context-sensitive help e.g. 'Push F1 for help'.
LOs 6.4 File conversion

5.1
5.5 Most computer systems are based around files containing data. When a new system is introduced, files
5.7 must be created that conform to the requirements of that system. The various scenarios that file
conversion could involve are outlined in the following table:
Existing data Comment
Held in manual (i.e. paper) Data will be keyed into the new system – probably via input forms, so that data
files entry operators have all the data they require in one document. This is likely to
be a time-consuming process.
Held in existing computer How complex the process is in converting the files to a format compatible with
files the new system will depend on technical issues and the coding systems used. It
may be possible to automate much of the conversion process.
Held in both manual and Two separate conversion procedures are required.
computer files
Existing data is incomplete If the missing data is crucial, it must be researched and made available in a
format suitable for the new system – or suitable for the file conversion process.
The file conversion process is shown in the following diagram, which assumes the original data is held in
manual files.

It is essential that the 'new' converted files are accurate. Various controls can be used during the
conversion process, including:
(a) One-to-one checking between records on the old and new systems.
(b) Sample checking. Selecting and checking a sample of records, if there are too many to check
individually.
(c) Built-in data validation routines in automated conversion processes.
(d) Control totals and reconciliations. These checks could include checking the total number of
records, and the value of transactions.
LOs
5.1
5.5 6.5 Changeover
5.7
Once the new system has been fully and satisfactorily tested the changeover (sometimes called
hjandover) can be made. There are four main methods of system changeover:
(a) Direct ('Big Bang') changeover. The old system is completely replaced by the new system in one
move. This may be unavoidable where the two systems are substantially different, or where the
costs of parallel running are too great.
While this method is comparatively cheap, it is risky (system or program corrections are difficult
while the system has to remain operational). The new system should be introduced during a quiet
period, for example over a public holiday or during an office closure.
(b) Parallel running. The old and new systems are run in parallel for a period of time, both processing
current data and enabling cross checking to be made. This method provides a degree of safety should
there be problems with the new system. However, if there are differences between the two systems
cross-checking may be difficult or impossible.
Parallel running delays the actual implementation of the new system, which may be perceived
as a lack of confidence in the system. Also, more staff are required to cope with systems running
concurrently.
This cautious approach, if adopted, should be properly planned, and the plan should include:
• A firm time limit on parallel running.

• Details of cross-checking procedures.
• Instructions on how errors are to be dealt with e.g. errors found in the old system.
• Instructions on how to report and act on any major problems in the new system.

(c) Pilot operation. Pilot operation involves selecting part or parts of an organisation (e.g. a
department or branch) to operate running the new system in parallel with the existing system. When
the branch or department piloting the system is satisfied with the new system, they cease to use the
old system. The new system is then piloted in another area of the organisation.
Pilot operation is cheaper and easier to control than running the whole system in parallel, and
provides a greater degree of safety than a direct changeover.
(d) Phased changeover. Phased or modular changeover involves selecting a complete section of the
system for a direct changeover, e.g. in an accounting system the general ledger. When this part is
running satisfactorily, another part is switched – until eventually the whole system has been changed.
A phased series of direct changeovers is less risky than a single direct changeover, as any problems
and disruption experienced should be isolated in an area of operations.
The relative advantages and disadvantages of the various changeover methods are outlined in the
following table:
Method Advantages Disadvantages

Direct ('Big Bang') Quick Risky
changeover
Minimal cost Could disrupt operations
Minimises workload If it fails, it will be costly
Parallel running Safe, built-in safety Costly - two systems need to be operated
Provides a way of verifying results of new Time-consuming
system
Additional workload
Pilot operation Less risky than direct changeover Can take a long time to achieve total
changeover
Less costly than complete parallel running
Not as safe as complete parallel running
Phased changeover Less risky than a single direct changeover Can take a long time to achieve total
changeover
Any problems should be in one area – other
operations unaffected Interfaces between parts of the system may
make this impractical
LO
5.7 7 System review
Section overview
• A system should be reviewed after implementation, and periodically, so that any unforeseen
problems may be solved and to confirm that it is achieving the desired results.
The system should have been designed with clear, specified objectives, and justification in terms of cost-
benefit analysis or other performance criteria. Once it has been implemented the project team can
review the system's actual performance against what was expected.
LO
5.4 7.1 Review
A post-implementation review should establish whether the objectives and targeted performance
criteria have been met, and if not, why not, and what should be done about it. In appraising the operation of
the new system immediately after the changeover, comparison should be made between actual and
predicted performance.

This will include:
(a) Consideration of throughput speed (time between input and output).
(b) Use of computer storage (both internal and external).
(c) The number and type of errors/queries.
(d) The cost of processing (data capture, preparation, storage and output media).
A special steering committee may be set up to ensure that post-implementation reviews are carried out,
although the internal audit department may be required to do the work of carrying out the reviews.
The post-implementation measurements should not be made too soon after the system goes live, or else
results will be abnormally affected by 'teething' problems, lack of user familiarity and resistance to change. A
suitable period is likely to be between one month and one year after completion (the appropriate length of
time will depend upon the role of the system, and how complex it is).
7.2 Measuring performance

The new system's performance should be looked at carefully, analysed and recommendations made to
make improvements and learn from any mistakes made during the development process.
Metrics (quantified measurements) can be used to gauge system quality and may also allow the early
identification of problems. They should be carefully thought out, objective and stated clearly. Examples of
metrics include system response time, the number of transactions that can be processed per minute, the
number of bugs per hundred lines of code and the number of system crashes per week.
Many facets of system quality are not easy to measure statistically (e.g. user-friendliness). Indirect
measurements such as the number of calls to the help-desk per month can be used as an indication of
overall quality/performance.
Performance reviews can be carried out to look at a wide range of systems functions and characteristics.
Technological change often gives scope to improve the quality of outputs or reduce the extent or cost of
inputs.
The findings of a post-implementation review should be formalised in a report which should include:
(a) A summary of findings, emphasising any areas where the system has been found to be
unsatisfactory.
(b) A review of system performance which addresses the matters outlined above, such as run times
and error rates and whether it meets users' needs.
(c) A cost-benefit review that compares the forecast costs and benefits identified at the time of the
feasibility study with actual costs and benefits.
(d) Recommendations as to whether any further action or steps should be taken to improve
performance. The report should also make recommendations on how the project was managed to
help future initiatives.
LOs
5.2 8 System maintenance and operations
5.7
Section overview
• There are three types of systems maintenance. Corrective maintenance is carried out to
correct an error, perfective maintenance aims to make enhancements to systems and adaptive
maintenance takes account of anticipated changes in the processing environment.

8.1 Distinguish between systems development and maintenance
LO During the changeover (handover) stage, the responsibilities for the software system are transferred from
5.2 the development team to the team performing maintenance and support. In this phase software, hardware,
data and knowledge is transferred from developer to maintainer.
Predelivery Changeover Postdelivery
Maintainability Software Evolution

Maintenance planning Data Maintenance
Hardware
Knowledge
Maintenance must be included in the initial planning of a system with the allocation of adequate staff and
resources. The software must be structured and the documentation must be of a high enough standard to
allow people who are unfamiliar with the system to make any necessary changes to one part without
impairing other parts.
Definition
Maintenance is the process of modifying an information system to continually satisfy organisational and user
requirements.
We can distinguish between hardware and software maintenance in costs as well as in objectives.
Hardware maintenance - the purpose of maintaining computer system hardware is to keep the equipment
in working order without changing its functionality. Traditionally, this aspect of system maintenance has
been covered by maintenance contracts with equipment manufacturers.
Systems maintenance - the principal effort in system maintenance is directed at maintaining the applications
software. Software maintenance includes all modifications of a software product after it has been turned
over to operations. The cost of this maintenance over the useful life of an application is typically twice the
development cost.
The traditional view of software maintenance deals with the correction of faults and errors that are found
after the delivery of the product. However, other significant changes are made to the product as software
evolves. These changes can happen when the product needs to meet the new environment or new user
requirements, or even to increase the product’s maintainability.
Some characteristics of software that affect software maintenance are system size, age, and structure.
Understanding the characteristics of software will facilitate maintaining the software more efficiently. It is
also important to look at how software maintenance fits into the relationship between products and
services. Software maintenance, including software operation, has relatively more aspects of a service than a
product does, whereas software development yields a product rather than a service.
LO
5.4
8.2 System maintenance
Regular maintenance of the system is required to keep it up-to-date and meeting the needs of users.
The key features of system maintenance are flexibility and adaptability. These mean:
(a) The system, perhaps with minor modifications, should cope with changes in the computer user's
procedures or volume of business.
(b) The computer user should benefit from advances in computer hardware technology without having
to switch to another system altogether.
Besides environmental changes, three factors contribute to the need for maintenance:

Factor Comment
Errors However carefully and diligently the systems development staff carry out systems testing and
program testing, it is likely that bugs will exist in a newly implemented system. Most should be
identified during the first few runs of a system. The effect of errors can obviously vary
enormously.
Poor If old systems are accompanied by poor documentation, or even a complete lack of
documentation documentation, it may be very difficult to understand and therefore update them.
Programmers may opt instead to patch up the system with new applications using newer
technology.
Changes in Although users should be consulted at all stages of systems development, problems may arise
requirements after a system is implemented because users may have found it difficult to express their
requirements, or may have been concerned about the future of their jobs and not participated
fully in development.
Cost constraints may have meant that certain requested features were not incorporated. Time
constraints may have meant that requirements suggested during development were ignored in
the interest of prompt completion.
There are therefore three broad types of system maintenance as described below:
(a) Corrective maintenance is carried out when there is a systems failure of some kind. For example
a defect in processing or in an implementation procedure. Its objective is to ensure that systems
remain operational.
(b) Perfective maintenance is carried out in order to perfect the software, or to improve it so that
the processing inefficiencies are eliminated and performance is enhanced.
(c) Adaptive maintenance is carried out to take account of anticipated changes in the processing
environment. For example, new taxation legislation might require changes to be made to payroll
software.
Corrective maintenance usually consists of action in response to a problem. Much perfective
maintenance consists of making enhancements requested by users to improve or extend the facilities
available. The user interface may be amended to make software more user friendly.
Provision must also be made to ensure computer hardware is maintained. A hardware maintenance
contract should specify service response times in the event of a breakdown, and include provision for
temporary replacement equipment if necessary. Maintenance services may be provided by the computer
manufacturers or suppliers, or by a third-party maintenance company.
8.3 System operations

System operations comprises the tasks and activities which need to be performed as part of the day-
to-day running of the system. Tasks may be recurring and if so should be scheduled to ensure that the
system is fully functional and performs as specified.
Operations usually run alongside system maintenance and may be performed by the same person,
however in large systems different individuals or teams may perform the role.
Examples of key tasks and activities covered by system operations include:
(a) Ensuring systems are available for use during defined hours of operation.
(b) Ensuring documentation is updated for any changes that occur, for example as a result of
system maintenance.
(c) To carry out servicing of the system as required.
(d) To purchase consumables needed by the system (toner, paper and CD-ROMs).
(e) To test system security and maintain security controls such as passwords.

(f) To back-up the system as required.
(g) To provide staff training on the system.
(h) To monitor and maintain records of system performance and system logs and to
recommend maintenance if required.
9 Controls used in systems design, development and

maintenance activities
Section overview
• Project control is the continuous monitoring of the project for deviations from plan (time, cost, and
scope) and the execution of corrective action. There are two key elements to the control of any
project: gates and milestones (clear, unambiguous targets of what, by when); and an established
means of communication.
9.1 Project constraints

LO The primary project constraints are the trade off between time, resources and performance criteria (or
5.3 time, cost and scope), often referred to as the ‘project triangle’. The project must be defined to manage
these constraints.
Time - there are two aspects to the time dimension of a project:
1 an overall time constraint on a project (sometimes called a deadline) by when the project must be
completed
2 a ‘time budget’ for the project. This is often expressed in terms of resource availability and
measured in man-hours or man-days
Project scope - there are two aspects to the scope dimension of a project.
1 a certain series of tasks or activities to be performed in reaching the project solution
2 an expected quality level associated with each task. It is also important that the tasks are
performed well, and that the sponsor’s quality expectations are met
Cost - there are two aspects to cost
1 a budget available for project completion, which the project manager should not exceed without
authorisation
2 the need, in most projects, to prove that the benefits of the project exceed the costs
9.2 Project control

Project control is the continuous monitoring of the project for deviations from plan (time, cost, and scope)
and the execution of corrective action. A basic control system should have the following components:
• A plan - a statement of what is to happen
• Observations - measurements of what is happening
• Comparisons - between expectations and actual
• Corrections - actions designed to re-direct what is happening back to what should happen
• Updates - of forecasts and or plan as appropriate
This involves scheduling, monitoring and controlling:
Scheduling - is the planning of durations, deadlines and priorities to make the best use of available
resources. For a project, it timetables a logical sequence of tasks leading up to completion date, probably by

working backwards from a feasible deadline. Everybody involved in a task must be given adequate notice of
work schedules; the schedules themselves should allow a realistic time allocation for each task, if employees
and subordinate managers are to accept the plan without resentment.
One of the techniques for scheduling is the Work Breakdown Structure (WBS). This analyses the content
of work and cost by:
• identifying the key elements
• breaking each element down into component parts
• continuing to breakdown until manageable work packages have been identified. These can then be
allocated to the appropriate person.
The activities in a WBS need to be measurable in terms of cost, resources and time and provide an
identifiable end product - a deliverable.
Monitoring - a well-constructed plan with clear deliverables should make it very easy to track progress.
The project manager should set up mechanisms whereby the team regularly reviews what tasks have been
completed and/or delayed and what the impact is on the rest of the plan. The process of monitoring takes
place at varying time intervals and at different stages of the project. The common factor is that the process
will measure actual performance against planned performance, with particular consideration to time,
resources, costs and quality.
Controlling - there are two key elements to the control of any project: gates and milestones (clear,
unambiguous targets of what, by when); and an established means of communication.
Gates are tests which must be passed at key points in the project, in order to indicate that the products
and processes are on track. They may take the form of:
• technical reviews
• risk assessments
• completion of documents
• demonstrations or test cases
• project audits
Milestones are important checkpoints or interim goals for a project. They are points in a project, which
provide an absolute measure of progress. Generally, milestones are the completion of tasks or stages of the
project with clear ‘deliverables’ (tangible items that are given to the users or sponsor), such as a report.
Deliverables are an important element to assessing the status of the project and the quality of the work.
Milestones allow the time spent on a project to be controlled more effectively, as it is easy to compare the
actual time of milestone achievement with the planned time.
Monitoring and controlling the project includes: vetting on progress; milestones achieved or missed; and
costs of equipment and manpower compared to budget. This takes place on a continuous basis throughout
the system development and implementation phases. The controlling activities within this stage will include
the following.
• Prevention of deviations from the planned activities.
• Correction of deviations from the plan.
• Prevention of any future deviations by revising future plans, targets, performance standards and
monitoring systems.
• Implementation of conclusions from monitoring, reviewing or evaluating the project.

9.3 Controls used in systems design
LO In systems design the design functions and operations are described in detail, including screen layouts,
5.3 business rules, process diagrams and other documentation. The output of this stage will describe the new
system as a collection of modules or subsystems.
Design elements describe the desired software features in detail, and generally include functional hierarchy
diagrams, screen layout diagrams, tables of business rules, business process diagrams, pseudo code, and a
complete entity-relationship diagram with a full data dictionary. These design elements are intended to
describe the software in sufficient detail that skilled programmers may develop the software with minimal
additional input design.
Systems design controls include:
• systems authorisation activities
• user specification activities
• technical design activities
• internal audit participation
9.4 Controls used in systems development

Controlling the schedule for the development of an information system is a challenge. Numerous
unexpected circumstances might arise that can push an IS development project beyond its scheduled due
date. However, just as with any other type of project, the key to effective project control is to measure
actual progress and compare it to planned progress on a regular basis and to take corrective action
immediately.
The changes that commonly become necessary during IS development projects include the following:
• Changes to the interface such as added fields, different icons, colours, menu structures or buttons, or
completely new screens.
• Changes to reports such as added fields, different subtotals and totals, different selection criteria or
different order of fields.
• Changes to online queries such as different ad hoc capabilities, access to different fields or databases,
different query structures or additional queries.
• Changes to database structures such as additional fields, different field names, data storage sizes,
relationships among the data or completely new databases.
• Changes to software processing routines or processing speeds such as higher throughput rates or
response times.
• Changes to storage capacities such as an increase in the maximum number of data records.
• Changes to business processes such as changes in work or data flow, addition of new clients needing
access or completely new processes that must be supported.
Systems development controls include:

• program testing
• user test and acceptance procedures
• risk assessment and laying the foundation for defining security requirements.

Risk assessment includes:
• threat identification
• vulnerability identification
• risk analysis
• control recommendations and
• documentation
9.5 Systems maintenance controls

Maintenance includes all the activity after the installation of software that is performed to keep the system
operational. It is generally agreed that for large systems, removing all the faults before delivery is extremely
difficult and faults will be discovered long after the system is installed. As these faults are detected, they
have to be removed. Maintenance may also be needed due to a change in the environment or the
requirements of the system. Furthermore, often after the system is installed and the users have had a
chance to work with it for some time, requirements that are not identified during requirement analysis
phase will be uncovered. This occurs, since the experience with the software helps the user to define the
needs more precisely. There might also be changes in the input data, the system environment and output
formats. All these require modification of the software.
Maintenance involves making sure the system is always up to date, ensuring that it is in line with current
information requirements and that it works as expected. For an IS system, the run-to-run control is a
control device to ensure that no records are lost, unprocessed, or processed more than once for each of
the computer runs (processes) that the records must flow through.
Maintenance systems are integral in achieving control of the total software process and when properly
applied lead to higher quality. There are four main controls:
1. Formal authorisation
2. Technical specifications
3. Retesting - the test data must be designed such that all modules are tested. The results of the test
are compared against predetermined results to identify programming and logic errors.
4. Updating the documentation

Key chapter points
• Developing a new system is no small or easy undertaking and it is important for the project to be
carefully managed to ensure a successful result. The systems development lifecycle is a methodology
for developing information systems to ensure they are properly planned, cost-effective and meet the
needs of users.
• The systems development life cycle (SDLC) can be described using the main stages involved in an
information system development project, from an initial feasibility study in the planning stage through
analysis, design, development and implementation to maintenance of the completed application.
• A feasibility study is a formal study to decide what type of system can be developed which best
meets the needs of the organisation.
• System investigation is a detailed fact-finding exercise about the areas and system under
consideration. Methods employed include the use of interviews and questionnaires.
• System analysis examines why current methods are used, what alternatives are available, what
restricts the effectiveness of the system and what performance criteria are required from a new
system.
• System design is a technical phase which addresses in particular inputs, outputs, program design,
dialogue design, file design and security.
• System implementation describes a number of processes which take the new system's logical and
physical design through to the point where it is ready for operations.
• A system should be reviewed after implementation, and periodically, so that any unforeseen problems
may be solved and to confirm that it is achieving the desired results.
• There are three types of systems maintenance. Corrective maintenance is carried out to correct an
error, perfective maintenance aims to make enhancements to systems and adaptive maintenance
takes account of anticipated changes in the processing environment.
• Project control is the continuous monitoring of the project for deviations from plan (time, cost, and
scope) and the execution of corrective action. There are two key elements to the control of any
project: gates and milestones (clear, unambiguous targets of what, by when); and an established
means of communication.
• Published standards for Project Control include the Project Management Body of Knowledge
(PMBOK), the Association for Project Management Book of Knowledge (APM BoK), and PRINCE2.

1 In the systems development life cycle (SDLC) which stage comes after feasibility study?
A system analysis
B system design
C system investigation
D system implementation
2 When conducting a feasibility study a number of costs and benefits of the proposed system are
analysed. Which of the following is a tangible benefit as opposed to an intangible benefit?
A increased customer satisfaction
B improved efficiency resulting in lower operating costs
C improved staff morale
D better decision making
3 Which of the following methods of system investigation is the most expensive to conduct?
A interviews
B questionnaires
C document review
D looking at existing systems
4 Which method of system analysis provides an investigator with a basic understanding of how a
system works?
A data flow diagrams
B entity relationship modelling
C entity life histories
D decision tables
5 The term 'system configuration' describes the:
A hardware specification of a system
B software specification of a system
C purpose of the system
D hardware, software and processes of which a system comprises
6 Which method of system changeover is the most expensive?
A direct changeover
B parallel running
C pilot operation
D phased changeover
7 Which of the following are direct measures of system quality?
I throughput speed
II number of errors
III number of calls to the help desk
A I and II only
B I and III only
C II and III only
D I, II and III
8 Which of the following are examples of system operations?
I testing system security
II updating the system for changes in legislation
III purchasing consumables needed by the system
A I and II only
B I and III only
C II and III only
D I, II and III

1 C System investigation follows the feasibility study.
2 B Cost savings are a tangible benefit, the others are all intangible benefits.
3 A Interviews are more time consuming than the other options and therefore more
expensive.
4 A Data flow diagrams provide an investigator with a basic understanding of how a system
works.
5 D ‘System configuration’ describes the hardware, software and processes of which a system
comprises.
6 B Parallel running is the most expensive as it requires both systems to be running together
for a period of time.
7 A The number of calls to the help desk is an example of an indirect measure.
8 B Updating the system for changes in legislation is adaptive maintenance, not system
operations.

1 A Checkpoints are the main control device used by project teams operating under PRINCE2.

Chapter 5
Accounting information systems

Accounting information systems LO6
Explain the role of accounting information systems in business LO6.1
Define an accounting information system LO6.2
Illustrate the types of accounting information systems and their roles LO6.3
Analyse the evolution of accounting information systems and their importance to LO6.4
accountants
Identify and describe the key advantages and disadvantages of accounting LO6.5
information systems
Explain the key differences between the various types of data processing techniques LO6.6
Analyse the relationship between ethics and accounting information systems LO6.7
Topic list
1 Accounting information systems (AIS)

2 Types of accounting information system
3 The evolution of accounting information systems
4 Data processing techniques
5 Ethics and accounting information systems
137
Introduction
It is impossible to think of an accountant in a modern organisation not having some knowledge of

Accounting Information Systems (AIS) – what they are, how they affect the organisation and its employees
and how they can make businesses more competitive and efficient. This chapter is concerned with their
role, the types, their evolution and the processing associated with accounting information systems. We
briefly look at the way computerised information systems impact on how accounting data is captured,
processed, and communicated. The last part of the chapter analyses their relationship with ethics.

Before you begin
covered.
1 AIS adds value to an organisation by (Section 1.2)
I improving efficiency.
II sharing knowledge.
III improving the internal control structure.
A answers I and II only
B answers I, II, and III
2 Cost accounting systems may be used to determine the cost of performing service (Section 2.4)
functions, such as those performed by hospitals or governmental agencies, as well
as to determine the cost of manufactured products
A True
B False
3 Briefly explain what the initials REA represent. (Section 3.5)
4 Which of the following statements is not true with respect to the characteristics (Section 4.2)
of the Master and the Transaction files?
A A transaction file is similar to a ledger in a manual accounting system.
B A transaction file contains records that hold the details of daily events
affecting an attribute of the master file.
C A master file should only contain data that are of a permanent or
semi-permanent nature.
D Records in the transaction file are used to update some of the data
in the master file.
E None of the above.
5 Which of the following comparisons is incorrect? (Section 4.3.4)
A A production database is used daily and typically has lots of transactions
running against it. A warehouse database gets new data more frequently,
but in lower volumes.
B A production database is typically associated with a particular application
area but the data warehouse database tries to model fragmented data as
parts of the entire enterprise so that it focuses on subject areas rather than
application areas.
C A production database works best when it is as small as possible, whereas
a data warehouse database works best when it has as much data as it can get.
D A data warehouse can provide historical information; an operational
system typically has only a snapshot view of the business.
5: Accounting information systems 139

6 Which of the following statements on the fair information practices principles (Section 5.2)
is incorrect?
A Individuals have rights of access, inspection, review and amendment to
systems that contain information about them.
B There must be no use of personal information for purposes other than
those for which it was gathered without prior consent.
C Governments have the right to intervene in the information
relationships among private parties.
D Managers of systems are not responsible and cannot be held accountable
and liable for the damage done by systems.
7 The key members of management of a company may articulate and demonstrate the
importance of sound integrity and ethical values to employees by which of the
following actions? (You may select more than one). (Section 5.1)
A day-to-day actions and decision-making.
B interactions with suppliers, customers, and other external parties that
reflect fair and honest dealings.
C performance appraisals and incentives that diminish temptations inconsistent
with financial reporting objectives.
D intolerance of ethical violations at all levels.

1 Accounting information systems (AIS)
Section overview
• Accounting information systems (AIS) generally lie at the foundation of an organisation's enterprise-
wide information system. Hence, an understanding of the role they play is critical to successful
management, auditing, and information systems development in today's evolving business
environment.
1.1 What is an accounting information system?

Accounting information systems (AIS) combine the study and practice of accounting with the design,
implementation, and monitoring of information systems. Such systems use modern information technology
resources together with traditional accounting controls and methods to provide users with the financial
information necessary to manage their organisations.
The purpose of an AIS is to accumulate data and provide decisions makers (investors, creditors, and
managers) with information to make decisions. The approach or tool used to produce accounting
information includes manual systems, complex computer and IT systems or a combination of these two
extremes.
Accounting information systems change the way internal controls are implemented and the type of
audit trails that exist within a modern organisation. The lack of traditional forensic evidence, such as paper,
necessitates the involvement of accounting professionals in the design of such systems. Periodic involvement
of public auditing firms can be used to make sure the accounting information system is in compliance with
current internal control and financial reporting standards. After implementation, the focus of attestation is
the review and verification of system operation.
Definition
An accounting information system (AIS) is the system that collects, records, stores and processes
data to keep and maintain its accounting system. This includes the purchase, sales, and other financial
processes of the business.
LO An alternative definition is 'the processing, presentation, and use of accounting information for internal
6.2 reporting to managers and external reporting to shareholders, creditors, and government.'
Boochholdt J (Accounting Information Systems Transaction Processing and Control. The McGraw-Hill companies,
1999) defines accounting information systems as systems that operate functions of data gathering,
processing, categorising and reporting financial events with the aim of providing relevant information for the
purpose of score keeping, attention directing and decision-making.
1.2 Advantages and disadvantages of AIS

An accounting information system (AIS) is designed for businesses to use for recording their financial
transactions. Information is entered, processed, stored and distributed through this type of system. The
three basic functions of an AIS are:
(1) to collect and store data about the organisation’s business activities and transactions efficiently and
effectively
(2) to provide management with information useful for decision making
(3) to provide adequate internal controls
Accounting Information Systems (AIS) have many benefits; however, there are also some disadvantages to
them.

1.2.1 Advantages of AIS
LO The basic features of an AIS include:
6.5
• built-in programs performing journalising, posting and preparation of trial balance and reports
• use of modules: general ledger, inventory, accounts receivable, accounts payable
• data entered in one module automatically updates information in other modules
• general ledger and accounting reports updated automatically
This leads to the following advantages:
• Typically enter data only once
• Ability to process large number of transactions quickly
• Automatic posting of transactions
• Error reduction - many human errors are eliminated
• Fast response time
• Flexible and fast report production
• More timely information.
Accounting software gives faster data entry than manual accounting, and allows documents such as invoices,
purchase orders and payroll to be collated and printed quickly and accurately. Because of its efficiency and
ease of use, the AIS also improves inventory control and payment collection, saving time and improving cash
flow. Because the AIS updates some records automatically, the accounting records will always be up to
date, saving time in updating.
A big advantage of AIS is that they automate and streamline reporting. Reporting is a major tool for
organisations to accurately see summarised, timely information used for decision-making and financial
reporting. The AIS pulls data from the centralised database, processes and transforms it, and ultimately
generates a summary of that data as information that can now be easily analysed by managers or other
decision makers.
This means that:
• there is no need to reconcile financial and cost profits.
• the probability of error is less because recording takes place in one set of accounts.
• there is no confusion arising from different stock valuations and methods of depreciation and profits.
• information generated on an integrated system is quicker, thus helping management in decision
making.
Consolidation is one of the greatest hallmarks of reporting as people do not have to look through an
enormous number of transactions.
The third function of an AIS is to provide adequate internal controls to accomplish the following objectives:
• to ensure that the information is reliable
• to ensure that business activities are performed efficiently
• to safeguard the organisation’s assets.
The advantages associated with this are that the AIS provides for adequate documentation of all business
activities and is designed for effective segregation of duties.
After the wave of corporate scandals from large companies such as Enron and WorldCom, pressure was
put on enforcing public companies to implement strong internal controls into their transaction-based
systems. This was made into law in the US with the passage of the Sarbanes Oxley Act of 2002, which
stipulated that companies must generate an internal control report stating who is responsible for an
organisation’s internal control structure and outlines the overall effectiveness of these controls. Since most
of these scandals were rooted in the companies' accounting practices, much of the emphasis of Sarbanes
Oxley was put on computer-based accounting information systems. Today, AIS vendors tout their
governance, risk management and compliance features to ensure business processes are robust and
protected and the organisation's assets (including data) are secured.

1.2.2 Disadvantages of AIS
Using an accounting information system comes with its own set of problems, such as the need to protect
against data loss through power failure or viruses, and the danger of hackers gaining access. Failure to
include basic information security unwittingly creates significant business and professional risks. For
example, without effective security, a hacker may be able to access user passwords, providing entry to an
array of system capabilities and information. Such breaches can have serious legal consequences. Or, trade
secrets may be uncovered and disseminated, diminishing competitive advantage and profits. Computer fraud
and embezzlement is also a concern, and the organisation needs to instigate a system of controls for who
has access to the information, particularly customer information. If there is a security breach and data is
stolen, management can be held personally liable for the loss of data. Inadequate information security
increases the opportunity for manipulation, falsification, or alteration of accounting records. Unauthorised
or inappropriate access to the accounting information system, or the failure to establish and maintain
separation of duties as part of a system of internal control, may make it difficult to ensure that valid and
accurate transactions are recorded, processed, and reported. There is also a need to make sure that the
data has been correctly entered into the system, as a mistake in data entry can throw off a whole set of
data.
At the point of data collection, it is important to establish security controls that ensure that transaction or
event data are valid, complete, and free from material errors. Masquerading (pretending to be an authorised
user) and piggybacking (tapping into telecommunications lines) are examples of hacker activities that can
seriously impact valid data collection.
Threats to accounting information systems can also occur during the data processing phase. Creating illegal
programs, accessing or deleting files, destroying or corrupting a program’s logic through viruses, or altering
a program’s logic to cause the application to process data incorrectly all represent threats. Threats to
database management might include unauthorised access that allows altering, deleting, corrupting,
destroying, or stealing data. The failure to maintain backup files or other retrieval techniques represents a
potentially devastating loss of data. Threats to the information generation and reporting phase must also be
considered. For example, the theft, misdirection, or misuse of computer output could damage the
competitiveness or reputation of the organisation.
Learning an accounting information system can often be difficult and time-consuming. Individuals must be
trained on a system, and this can cause a disadvantage to the organisation in terms of time and manpower.
An accounting information system is made up of many different components, and almost all systems are
computerised. Because of their complexity, some people may find them hard to use. It can take weeks or
months for a person to understand an accounting system, and usually the individual still does not
understand completely what the system is capable of. If the employee quits working at the organisation, it
can take weeks or months, once again, to train another employee.
Companies often change their way of doing business to keep up with the latest trends. An accounting
information system is difficult to set up because every company is unique in its own way. In order to keep
up with changes, accounting information systems must be re-evaluated often. Changes often need to be
made in a system in order to process information efficiently. This can be a disadvantage because it costs
money and takes time for the re-evaluation.
1.3 Role of accounting information systems in business

The role of an AIS is to facilitate the processing of the company's transactions as well as reducing
uncertainty and improving:
• The management decision-making process.
• Its internal control.
• The quality of the financial reporting.
• The ability to plan and schedule activities.

The diagram below gives an overview of the role.
Information system
Information users Cost and revenue determination Decision support

Investors Job costing CVP (cost, volume,
Creditors Process costing profit) analysis
Managers Activity based costing Performance evaluation
Owners Assets and liabilities Incremental analysis
Customers Plant and equipment Budgeting
Employees Loans and equity Capital allocation
Regulatory agencies Receivables, payables and cash Earnings per share
Cash flows Ratio analysis
from operations
from financing
from investing
LO As well as processing the company's transactions, an AIS fulfils three important business functions.
6.1
(1) It can collect and store data about organisational activities, resources, and personnel.
(2) It transforms data into information that is useful for making decisions so management can plan,
execute, control, and evaluate activities, resources, and personnel.
(3) It provides adequate controls to safeguard the organisation's assets, including its data, to ensure the
assets and data are available when needed and the data are accurate and reliable.
1.4 Contributing to the organisation's value chain

Porter (in Competitive Advantage) grouped the various activities of an organisation into a value chain.
The margin is the excess the customer is prepared to pay over the cost to the firm of obtaining resource
inputs and providing value activities.
A well-designed AIS can contribute to the organisation's value chain by
(a) Improving the quality and reducing the costs of products or services. For example, the
system can monitor machinery so operators are notified immediately when performance falls outside
acceptable quality limits. This helps maintain product quality. It also reduces the amount of wasted
materials and the costs of having to rework.
(b) Improving the efficiency and effectiveness of the organisation's supply chain. For example,
allowing customers to access the company's inventory and sales order entry systems directly can
reduce the costs of sales and marketing activities. By getting this type of access their customers'
costs and time of ordering may reduce and both sales and customer retention rates may increase. A
well-designed AIS can make operations more efficient by providing more timely information. For

example, a just-in-time manufacturing approach requires constant, accurate, up-to-date information
about raw materials inventories and their locations.
(c) Sharing knowledge. An AIS can make it easier to share knowledge and expertise and perhaps
improve operations and even provide a competitive advantage.
(d) Improving the internal control structure. Security, control and privacy are important issues in
today's world. With the proper internal control structure, an AIS can protect systems from
problems such as fraud, errors, equipment and software failures, and natural and political disasters.
(e) Improving decision-making. The system can provide assistance in all phases of decision making
i.e. identifying the problem, collecting and interpreting information, evaluating ways to solve the
problem, selecting a solution methodology, and implementing the solution. Reports can help to
identify potential problems. Different decision models and analytical tools can be provided to users.
Query languages can facilitate the gathering of relevant data upon which to make the decision.
Various tools, such as graphical interfaces, can help the decision maker interpret decision model
results and evaluate and choose among alternative courses of action. In addition, the AIS can provide
feedback on the results of actions.
2 Types of accounting information system

Section overview
• Accounting is the means by which information about an enterprise is communicated and, therefore,
is sometimes called the language of business. Many different users have need for accounting
information in order to make important decisions. These users include investors, creditors,
management, governmental agencies, labour unions, and others. Because the primary role of
accounting information is to provide useful information for decision-making purposes, it is
sometimes referred to as a means to an end, with the end being the decision that is helped by the
availability of accounting information.
2.1 Accounting systems

Accounting in itself is a very wide and a diverse field. Information systems that interface with the AIS
include: payroll, tax, cost, managerial and investment accounting.
LO The main types of accounting systems are:
6.3
(1) Financial accounting which is the standard accounting used to provide information about an
organisation's performance. Legal and GAAP (Generally Accepted Accounting Principles) guidelines
are provided in the recording process. Internal control and auditing are part of this system.
(2) Tax accounting is principally based on Australian Tax Office (ATO) regulations. Its objective is to
ensure that the organisation is paying what is due or what it owes to the Government in the form of
taxes. Tax accounting systems include taxation as it applies to individuals, partnerships and
corporations, estate and trusts, international taxation and special tax issues and topics.
(3) Cost accounting, which includes product costing and activity-based costing, focuses on activities
involved in production, the service process, the departmental units within an organisation as well as
other resources.
(4) Management or managerial accounting as the name implies is principally for the internal use of
the management of the business specifically for planning, monitoring and decision making. The system
enables decision support, organisational control and cost and profit management and investment
management. Unlike other accounting systems, managerial accounting looks more at the future for
planning and as such, is integrated with other disciplines.
Management functions include:
• Planning, e.g. budgeting.
• Organising and directing e.g. adopting new production schemes such as JIT inventory systems.
• Implementing plans and decision making e.g. choosing whether to make, lease or purchase a
product.
• Selecting distribution channels, raw materials and process as well as acquiring assets e.g.
property.

(5) Payroll accounting – this accounting system is the only operation in a business that is almost
completely governed by various federal, state, and local laws and regulations. Rules establish who is
an employee, what is time worked, when overtime is to be paid, what deductions are made, when to
pay an employee, and when taxes are paid. Lack of compliance with these laws and regulations can
result in both fines and back-pay awards. With each new year, payroll administrators must keep
abreast of the changes in legislation that affect their firms' payroll record keeping.
2.2 Financial accounting (reporting)

The role of internal financial reporting is to:
• Interpret and record business transactions.
• Classify similar transactions into useful reports.
• Summarise and communicate information to decision makers.
LO Its specific role is to provide information about economic resources, claims to resources, and changes in
6.3 resources and claims. It also provides information useful in assessing the amount, timing and uncertainty of
future cash flows and can provide information useful in making investment and credit decisions.
The role of external financial reporting is to produce the primary financial statements:
• The balance sheet – what the company owns and owes.
• Income statement – how good the company is at making money.
• Statement of cash flows – how they are paying for their operations and their future growth.
2.2.1 The financial reporting system

The law dictates management's responsibility for providing stewardship information to external parties. This
reporting obligation is met via the financial reporting system (FRS). Much of the information provided takes
the form of standard financial statements, tax returns and documents required by the regulatory agencies.
The primary recipients of financial statement information are external users such as shareholders, creditors
and government agencies. Generally speaking, outside users of information are interested in the
performance of the organisation as a whole. Therefore, they require information that allows them to
observe trends in performance over time and make comparisons between different organisations. Given the
nature of these needs, financial reporting information must be prepared and presented by all organisations
in a manner that is generally accepted and understood by external users.
OPERATIONS
Costs and expenses of

property, plant, equipment,
Stock investors
salaries and raw materials
Dividends paid to
stock investors –
detailed on the CASH
statement of
changes in equity
Income from sales
Bond investors
Interest paid to bond investors – detailed

on the income statement
The diagram outlines:

(a) Operations – detailed on the income statement
This is where a company actually 'makes' money, by creating and selling whatever it is that it sells.
Part of the revenue from sales is cycled back to pay costs and expenses. the net result – the
earnings, or profit – is shown as the 'bottom line' on the income statement and becomes the cash
flow from operations on the cash flow statement.

(b) Cash
A business needs sufficient amounts of cash to sustain its daily operations and to pay for future
growth. The cash flow statement details the flow of cash between the business and the outside
world, and classifies it into three main categories – operations, financing and investing – represented
on the diagram by the four solid arrows.
(c) Stock investors
Proceeds from new stock sales is shown in the financing section of the cash flow statement; the total
amount raised from stock sales is detailed with the shareholders' equity section of the balance sheet.
Dividends paid to stock investors – detailed on the statement of changes in equity – this is a natural
way for a 'mature' company to use its profits from operations, once further growth would no longer
provide a superior return on invested capital.
(d) Bond investors
Proceeds from new bond sales is shown in the financing section of the cash flow statement; interest
paid to bond holders is shown on the income statement; and the company's total amount of bond
debt is included in the liabilities section of the balance sheet.
Interest paid to bond investors – detailed on the income statement – in a company with heavy debt,
this can be a major siphoning off of money from the income statement, so one way a company can
increase its future earnings is to pay off some of its debt.
2.2.2 The accounting cycle

The accounting cycle is the series of steps we go through to record transactions during every fiscal period.
Many of the terms used in describing the accounting cycle and the recording process itself referred
originally to pencil-and-paper documents and manual transaction processing. The availability of sophisticated
accounting computer software or relational databases simplifies much of the recording process. However,
we still use much of the same terminology, and it's a good idea to have a basic acquaintance with the jargon.
The diagram below shows the steps in the accounting cycle.
1. Analyse business transactions
9. Prepare a post-closing trial 2. Journalise the transactions

balance
8. Journalise and post closing entries 3. Post to ledger accounts
4. Prepare trial balance

7. Prepare financial statements:
• Income statement
• Balance sheet
5. Journalise and post
• Statement of cash flows adjusting entries, payments
and accruals
6. Prepare an adjusted trial balance
2.3 Tax accounting

LO If defined in a simple way, the term tax accounting refers to the filing of the tax returns, as well as chalking
6.3 out the future tax obligations. There are two methods of tax accounting: the cash and accrual methods.
Cash basis taxpayers include income when it is received, and claim deductions when expenses are paid.
Accrual basis taxpayers include items when they are earned and claim deductions when expenses are
incurred. This method is more complicated but there are a number of technology solutions in the market
to help companies to deliver their tax accounting and reporting. They typically have two functions:

(1) The control of the tax accounting process, providing process control and workflow to ensure that all
the work required concluding the tax accounting process happens on schedule and that delays are
anticipated and dealt with.
(2) Tax accounting software, allowing for collection of source data from systems, manipulation of this
data for GAAP requirements and then reporting the data provided for multiple GAAPs.
The advantages of using tax accounting are:
• Faster decision making.
• More efficient record keeping.
2.4 Cost accounting

LO Cost accounting is concerned with the costs of business activities – products, services, departments and
6.3 resources. It is part of managerial accounting. The role of a cost accounting system is to provide
information useful for managing the activities that consume resources.
The system records a large number of facts (data) about materials, times, expenses and other transactions.
These facts are then classified and summarised to produce accounts that are organised into reports, which
are designed to help management to plan and control the firm's activities. Note that as data is converted
into information, some of the detail is eliminated and replaced by summaries, which are easier to interpret.
Managers use the information to evaluate and reward employee performance. In addition, the cost
information is reported on external financial statements as, for example, inventories, cost of goods sold,
and period expenses.
In a manufacturing organisation, the flow of costs in the accounting system mirrors the physical flow of
production and may be represented as follows:
Materials
Direct
Indirect
Overhead Work in Finished Cost of

process goods goods sold
Indirect
Direct
Labour
Note
Direct materials + Direct labour = Prime cost
Direct labour + Factory overhead = Conversion cost
Direct materials + Direct labour + Factory overhead = Manufacturing cost
2.4.1 System objectives

The broad objectives of a cost accounting system should be:
• Score-keeping
• Attention-directing
As an extension of financial accounting, especially in manufacturing industries where cost allocations to
enable stock valuation are likely to be required, cost accounting provides the basis on which business
performance, in terms of profit or loss, can be assessed in line with specified practice (score-keeping).
More significantly, cost accounting provides the basis for management accounting via the provision of
regular and detailed information to management so that resources may be acquired and used as
economically, efficiently and effectively as possible. The objective should be to provide the right stimulus for
management decision-making and control action (attention-directing) by ascertaining product costs and
profitability, and by reporting the costs of operations in a useful manner.

2.5 Management or managerial accounting
Definition
Management accounting or managerial accounting is concerned with the provisions and use of
accounting information to managers within organisations, to provide them with the basis to make informed
business decisions that will allow them to be better equipped in their management and control functions.
Managerial accounting differs from financial accounting in a number of ways that are briefly discussed below.
Financial accounting Managerial accounting
Reports to those outside the organisation: owners, Reports to those inside the organisation for
LO lenders, tax authorities and regulators. planning, directing and motivating, controlling and
6.3 performance evaluation.
Emphasis is on summaries of financial consequences Emphasis is on decisions affecting the future.

of past activities.
Objectivity and verifiability of data are emphasised. Relevance of items relating to decision making is
emphasised.
Precision of information is required. Timeliness of information is required.
Only summarised data for the entire organisation is Detailed segment reports about departments,
prepared. products, customers, and employees are prepared.
Must follow Generally Accepted Accounting Need not follow Generally Accepted Accounting
Principles (GAAP). Principles (GAAP).
Mandatory for external reports. Not mandatory.
2.6 Payroll system

LO Payroll costs in most businesses represent a significant expense and the administrative procedures involved
6.3 can be quite complicated. As a result, a formalised system is vital if the business is to record its payroll costs
accurately, pay the correct amounts to its employees and reflect the debt owed to the Australian Tax office
in respect of deduction.
The payroll system includes the following:
• Maintenance of payroll
• Authorisation of hours worked
• Payroll preparation
• Distribution of pay
• Payroll approval
• Cheque signing (or approval of bank transfers)
• Identifying liabilities to third parties for payroll costs, and paying these when due.
The nature of the payroll records depends to a great extent on the size of the workforce and the degree to
which the record keeping is automated. In most payroll systems (manual or automated) the payroll register
and the employee's earnings record are the two basic records that are used.
Records of labour costs fall into three categories:
(1) Records of agreed basic wages and salaries
(2) Records of time spent working
(3) Records of work done

There are several ways in which this can be organised, but basically the information flow will be as follows:
Human Resources
Timekeeping Production
department department
Hours
Basic pay Work
worked
performed
Amount Amount
due to Payroll Costing chargeable
employee department department to
PAYG, NI product
etc
Information flows back to the Human Resources department so that employees can be considered for
promotion or disciplined if appropriate.
All the information may, in practice, be given first to payroll, who would then pass it on for costing analysis,
or vice versa. The main point is that both payroll and costing need the same information, but they analyse it
differently: payroll asks who, and costing asks what.
Question 1: Typical reports

List some typical reports produced from financial and management accounts.
3 The evolution of accounting information systems

Section overview
• The objective of the accounting information system is to collect and store data about business
processes that can be used to generate a meaningful output for decision makers. Technologies have
evolved over the years from manual resources i.e. paper and ink, through the flat file and database
models to the advanced information technologies available today.
3.1 History
The notion of accounting as an information system emerged as a logical result of the industrial revolution.
When the factory system began to displace the domestic system, production fell under the direction of
entrepreneurs who paid wages, bought materials and supervised the process of producing goods for profit.
They had a motive for record keeping, therefore, which the family or the solitary producer had not.
In the 1820s, the printing industry was characterised by the need for information relating to labour and
LO capital investment. Labour groups resisted the introduction of the steam presses fearing job displacement.
6.4 Many newspaper publishers refused to make the capital outlays to acquire steam presses arguing that the
life of the machine would not produce sufficient output to yield a profit. Despite this early resistance to
technological innovation, the printing industry flourished as a result of increased demand for books,
newspapers, magazines, stationery and other printed material during the industrial revolution. By the 1870s,
relatively sophisticated cost accounting systems emerged to support managerial decision-making and
control.

Railroads were among the first entities to produce detailed information concerning returns on invested
capital. By the early 1900s uniform systems of accounting had emerged in that industry. The accounting
records of Lyman Mills provide evidence that elaborate cost accounting records were maintained to
support management's estimation of product costs during the period.
Over time, accounting systems have changed and grown both in response to limitations and the availability
of new technologies. The evolution is often slow, and various generations coexist. We will consider five
information system models.
3.2 The manual processing model

As the name implies, this is the old manual approach (documents, journals and ledgers) to recording
accounting transactions. In a manual accounting system, each of the steps in the accounting cycle is
performed by hand. For example, each accounting transaction is entered manually in the journal and posted
manually to the ledger. To obtain ledger account balances and to prepare a trial balance and financial
statements, additional manual computations must be made. Because it is easier to visualise the flow of
accounting information in this type of system, it is very beneficial to study them. Although few exist in larger
companies, small businesses still abound. Most of them begin operations with manual (or even 'shoe box')
accounting systems and convert to computerised systems as the business grows. The advantages of using
manual records and books include:
(a) Correcting entries – this might be easier with manual systems as opposed to computerised ones
which can leave messy and complicated audit trials for deleted or changed entries. With the
traditional books, it is simply a case of erasing the erroneous entry and replacing it with the
corrected one.
(b) Data corruption – the risks of corrupted data are much less with manual systems. There have
been cases where months and years worth of data have been lost as a result of computerised file
corruption. Keeping manual books can avoid this problem, particularly if the records are stored
securely in a fire proof environment.
(c) Duplicate copies of data – problems with having duplicate copies of the same accounting records
are generally avoided with traditional bookkeeping. The ease of transportation and backing up of
computerised accounting systems may sometimes confuse the user. This can result in an out of date
data set being erroneously judged as being the most recent version and result in incomplete
accounting records.
3.3 The flat-file model – transaction processing systems (TPS)

Transaction processing systems were among the first computerised systems developed to process business
data – a function originally called data processing. They represent the lowest and most basic use of
information within an organisation, and are an integral part of the operation of the organisation. Generally,
the TPS computerised an existing manual system to allow for faster processing, reduced clerical costs and
improved customer service.
Definition
A transaction processing system (TPS) is an information system that captures and processes data
generated during an organisation's day-to-day transactions. A transaction is a business activity such as a
deposit, payment, order or reservation.
Clerical staff typically perform the activities associated with transaction processing, which include the
following:
• Recording a business activity such as a student's registration, a customer's order, an employee's
timecard or a client's payment.
• Confirming an action or triggering a response, such as printing a student's schedule, sending a thank-
you note to a customer, generating an employee's pay or issuing a receipt to a client.
• Maintaining data, which involves adding new data, changing existing data, or removing unwanted data.

Many of the decisions made are automatic and can be delegated to a computer. The stock re-ordering
process, for example, will be triggered when stock levels fall below a pre-set level.
These tasks are routine but are made more efficient and cost effective by the use of computers. Once data
has been put onto the computer, it can easily be manipulated and used to produce additional information.
For example, a sales ledger may have been computerised to ease the recording of sales transactions but, as
a by-product of that, aged debtors analyses and sales analyses can easily be produced.
The diagram below shows the relationship between transaction cycles:
Labour
Customers
Materials
Cash
Physical plant Finished goods

Cash
Expenditure cycle Conversion cycle Revenue cycle

Subsystems Subsystems Subsystems
Purchasing/Accounts payable Production planning and Sales order
Payroll control processing
Fixed assets Cost accounting Cash receipts
Finished goods
Cash
A financial transaction is an economic event that affects the assets and equity of the company, is reflected in
its accounts and is measured in monetary terms.
The most common financial transactions include the sale of goods or services, the purchase of inventory,
the discharge of financial obligations and the receipt of cash on account from customers.
3.3.1 Transaction cycles

Three transaction cycles process most of the company's economic activity: the expenditure cycle, the
conversion cycle and the revenue cycle.
(1) The expenditure cycle – business activities begin with the acquisition of materials, property and
labour in exchange for cash. The diagram above shows the flow of cash from the organisation to the
various providers of these resources. Most expenditure transactions are based on a credit
relationship between the trading parties. The actual payment of cash takes place at some point after
the receipt of the goods or services, meaning that this transaction has two parts – a physical
component (the acquisition of the goods) and a financial component (payment to the supplier).
(2) The conversion cycle – is composed of two major subsystems: the production system and the cost
accounting system. The production system involves the planning, scheduling and control of the
physical product through the manufacturing process. The cost accounting system monitors the flow
of cost information related to production. Information that this system produces is used for
inventory valuation, budgeting, cost control, performance reporting and management decisions.
(3) The revenue cycle – companies sell their finished goods to customers through the revenue cycle,
which involves processing cash sales, credit sales and the receipt of cash following a credit sale.
Revenue cycle transactions also have a physical and a financial component, which are processed
separately.
Question 2: TPS reports

Make a list of examples of reports produced by the transaction processing systems.

3.3.2 Files and databases
Many TPS were designed for a specific purpose. For example, a payroll system would be designed for
calculating the wages and salaries of employees, and instructing the bank to make the payments. Similarly, a
personnel system would be designed to hold and process the data required by the human resources
department.
Each system had its own 'master file' containing standing data, for example, a payroll master file held data
about employees and their pay. Each file consisted of records: in a payroll system there will be one record
for each employee on the payroll master file. Each record consisted of fields, such as employee name,
employee number, department in which the employee works, bank identity and bank account number, and
so on.
Within an organisation, a large number of different information systems might be developed, for payroll,
personnel, accounts, sales, purchasing, inventory control and other applications. In many cases, the master
files for each system would contain similar data. For example, a payroll file and a personnel file will both
contained similar data about employees, such as their name, number and department, and their home
address. Similarly, a purchasing system, inventory control system and accounts system would all hold some
data relating to inventory quantities.
When there are several systems, each with their own separate files and each holding similar items of
information, there are inefficiencies in data processing.
• Each file has to be updated separately. For example, if a new employee joins the organisation, the
payroll file and the personnel file must both be updated.
• It is quite possible that information on one file will disagree with the information held on a file in
another system. For example, the records for inventory levels might differ in the inventory control
system and the cost accounting system.
• The different systems cannot 'talk to each other', and data on the master file in one system cannot
be fed automatically into a different system for processing.
The need to integrate these often diverse systems led to the accountant's appreciation of shared databases
that provide a cohesive picture of the organisation's data, eliminating duplications and reducing data
conflicts.
3.4 The database model
Definition
A database is defined as a file of data, or files of inter-related data, that is structured and designed in such
a way that many different processing applications can use the same data and update it.
LO A database is a common file of data for many different users and for a range of different applications. For
6.4 example, a company can use the same database for its payroll system and its personnel records.
All communications between the different software applications and the database files are controlled by
special software called the database management system or DBMS. A DBMS can be defined as a set
of programs that manages the database. It deals with all aspects of access, maintenance and security of data.
A distinguishing feature of a database system is that, since there is a common set of shared files for all
applications, information to update the files is input just once (instead of several times, once for each
application system).

Order processing Stock control Production control
Invoicing Accounts
Database management system (DBMS)
DATABASE
The DBMS has the effect of decoupling the data from the applications that use it. It can offer the
ability to:
• Add, amend and delete records
• Retrieve data for reference or processing
• Present data in different forms and combinations
• Control access to data on the files by means of passwords and other security procedures
• Allow the database to evolve without requiring modifications to application programs
• Record transactions.
3.4.1 Advantages of a database

The advantages of a database are as follows:
(a) Less duplication – data is input once only to update the data on file. Data is held once, and is not
duplicated in different files in different application systems. If data is held two or more times, there is
data redundancy, because both sets of the same data should not be required. A database system
therefore minimises data redundancy, and possibly eliminates it.
(b) Less processing – by minimising data redundancy, storage space in the system files is reduced, and
storage space is used more efficiently.
(c) Updating is much easier, and data is equally up-to-date for all applications.
(d) There is data consistency (or data integrity). All users access the same data and therefore
inconsistencies between data in different application systems do not exist.
(e) Improving access to data. Database systems are designed to allow many different users access to
the shared files. They also allow access to a wide range of data for management reports, that would
not be obtainable if there were separate computer systems for each processing application, each
with its own data files.
(f) The data can be used by different users for different applications and in different ways. The
data on file is said to be independent of the application programs. This means that the physical layout
of the database can be altered without having to alter the application programs that use it. The
application programs access the DBMS and the DBMS looks after the physical layout of the database.
There is program independence, since the programs using the database do not have to be changed if
the database is changed; the database management system handles this.
Many of the weaknesses of a flat-file system are overcome by a database model. This model centralises an
organisation's data so that it can be shared by other users. Because all data should not be accessible by all
users, the database management system (DBMS) serves as a gatekeeper, limiting access to particular data
sets to users who are authorised.
The database model can solve many of the problems described above for the flat-file system through
elimination of data redundancy, single updates, and maintenance of current values. In theory, the database
model can do this; however, many early database systems came up short. These systems, which along with
flat files systems are referred to as traditional systems, still had limitations. The development of the
relational database model has led to significant improvements.

3.5 REA (resources, events and agents) system
The REA (resources, events and agents) model (McCarthy 1982) is an accounting framework for
modelling an organisation's critical resources, events and agents and the relationship between them. Unlike
some traditional accounting systems, REA permits both accounting and non-accounting data to be identified,
captured and stored in a centralised database. The REA data model provides structure in two ways:
(1) By identifying what entities should be included in the AIS database.
(2) By prescribing how to structure relationships among the entities in the AIS database.
An entity is any class of objects about which data is collected. The REA data model classifies entities into
three distinct categories:
(1) Resources acquired and used by an organisation.
(2) Events engaged in by the organisation.
(3) Agents participating in these events.
Economic resources are things of economic value to the organisation. They are used in economic
exchanges with trading partners and are either increased or decreased by the exchange; e.g. cash, inventory
and equipment.
Events may be either economic events or support events (not shown in the diagram). Economic events
effect changes in resources as represented by the stock flow relation. Examples include sales of products to
customers, receipt of cash from customers and purchases of raw materials from vendors. Support events
include control, planning and management activities that are related to economic events, but do not directly
effect a change in resources. Examples of support events include:
• Verifying supporting information prior to paying cash to a vendor.
• Checking customer credit before processing a sale.
• Determining inventory availability for a customer prior to a sale.
Economic agents are individuals and departments that participate in economic and support events. Each
economic event is associated with at least one internal agent and one external agent who participate in the
exchange. Internal agents and external agents are also involved in support events but the exchange involves
information rather than economic resources. For example, a customer (external agent) checking on
product prices receives information for the sales clerk (internal agent), who gives the information. Linking
internal agents to events in this way promotes control and permits organisations to assess the actions taken
by their employees.
At the heart of each REA model there is usually a pair of events, linked by an exchange relationship,
typically referred to as the 'duality' relation. One of these events usually represents a resource being given
away or lost, while the other represents a resource being received or gained. For example, in the sales
process, one event would be 'sales', where goods are given up and the other would be 'cash receipt', where
cash is received. These two events are linked – a cash receipt occurs in exchange for a sale, and vice versa.
3.5.1 Developing a REA diagram

The REA model provides guidance for database design by identifying what entities should be included and by
prescribing how to structure relationships among those entities. Developing a REA diagram for a specific
transaction cycle consists of four steps:
Step 1 Identify the pair of events that represent the basic give-to-get economic duality relationship in
that cycle.
Step 2 Identify the resources affected by each event and the agents who participate in those events.
For example, the basic economic exchange in the revenue cycle involves the sale of goods or
services and the subsequent receipt of cash in payment for those sales. The REA diagram will
show the drawing of sales and cash receipts events entities as rectangles and the relationship
between them as a diamond. The sales event involves the disposal of inventory and the cash
receipts event involves the acquisition of cash.
Step 3 Analyse each economic exchange event to determine whether it should be decomposed into
a combination of one or more commitment events and an economic exchange event. If
necessary, replace the original economic exchange event with the resulting set of
commitment and economic exchange events. For example, the sales event may be
decomposed into the 'take order' commitment event and the 'deliver order' economic
exchange event.

Step 4 Determine the cardinalities of each relationship. These indicate how many instances of one
entity can be linked to one specific instance of another entity. The first number is the
minimum (can be either 0 or 1) and the second number is the maximum (can be either 1 or
N). A many-to-many relationship is shown as (M:N).
In the diagram below, the minimum cardinality of 1 in the (1, 1) cardinality pair to the right of
the sales entity in the customer-sales relationship indicates that a new sales transaction can
only be added if it is linked to a customer. A minimum cardinality of 1 means that each row
in that table can be linked to at most only 1 row in the other table. The maximum cardinality
of N in the (0, N) cardinality pair to the left of the customer entity in the customer-sales
relationship indicates that a given customer may be linked to many sales events.
Sales (1,1) (0,N) Customer

Made to
Exam comments
Make sure you have grasped the 'duality' aspect of this system. It is an interesting subject and lends itself to
MCQs.
By identifying the Events (underlying transactions, past, present and future), the Agents (economic actors)
who participate in those Events, and the Resources that flow into and out of those Events, we can develop a
pattern or model for the underlying business enterprise.
3.5.2 REA versus traditional double entry accounting

LO Double entry bookkeeping disappears in a REA system. It also gets rid of many accounting objects that
6.4 are not necessary in the computer age. Most visible of these are debits and credits. To show how the REA
approach differs from the traditional double entry accounting we will consider what happens in a company
when a purchase order is issued. It doesn't take long to realise that under traditional double entry
accounting nothing happens – no entry is made. The debits and credits do not begin flowing until title is
passed and this is generally when the goods are received. Because one of the high risk areas for fraud today
is the purchasing function, there is a strong need to monitor the process. Potential purchasing fraud
includes using unapproved, and perhaps related, vendors, purchasing goods for personal use and vendors
giving kickbacks to buyers. If an information system only captures the debits and credits, there may be no
way to trace what happens. This makes financial management, as well as preventing and detecting fraud,
extremely difficult.
The REA model differs in that it ensures the system captures all data related to business events. This
includes issuing a purchase order. The additional data are non-financial and include phone logs of customer
enquiries, records of employee training, information about customer satisfaction and how well vendors
meet delivery deadlines. Capturing relevant data, combined with a method of extracting and analysing that
data, such as a structured query language (SQL), provides managers with the information to manage
operations and achieve organisational objectives.
Many general ledger accounts also disappear, at least as persistent objects, e.g. accounts receivable or
accounts payable. The computer can generate these accounts in real time using source document records.
So for example, while accounts receivable is an asset in financial reporting, it is not represented as a
resource in an REA model. It represents the difference between total sales to a customer and total cash
collections from the customer. The information to calculate an accounts receivable balance is already there
because the sales and cash receipt information is captured.
(0,1) (1,1) Cash

Sales collections

The diagram above shows that each sales transaction is paid in full by a cash collection event and each
customer payment is for one sale, so total accounts receivable is the sum of all sales for which there is no
remittance number.
(0,N) (1,N) Cash

Sales collections
Now the diagram shows that each sales transaction may be paid for in instalments and each customer
payment may be for more than one sale so total accounts receivable is the sum of all sales minus the sum of
all cash collections.
The cycle models of AIS as represented in a REA model would be shown as:
Give inventory Take money Income cycle
Give money Take inventory Expenditure cycle
Give money Employ workers Payroll cycle
Give money Take money Financial cycle
Give raw materials

Take finished
Production cycle
Use employer's time goods or services
Use machinery and devices
Although the REA data model was developed specifically for use in designing accounting information
systems, unfortunately many firms have not adopted it because it represents a major change from the
traditional double-entry approach.
Question 3: REA model

The REA model:
A was designed specifically to assist the design of AIS.
B prescribes structural relationships among entities in the database.
C identifies what entities should be in the AIS database.
D applies to all of the above.
Question 4: REA calculation

Which of the following financial statement accounting figures has been extracted from the calculation – Sum
of Quantity sold in the Inventory Ship link table multiplied by the Unit Cost attribute in the Inventory table?
A total sales
B cost of goods sold
C accounts receivable
D inventory

3.6 Enterprise resource planning systems (ERP systems)
LO Most organisations across the world have realised that in a rapidly changing environment, it is impossible to
6.4 create and maintain a custom designed software package which will cater to all their requirements and also
be completely up-to-date. Realising the requirement of user organisations some of the leading software
companies have designed Enterprise Resource Planning software which will offer an integrated
software solution to all the functions of an organisation.
ERP systems are large-scale information systems that impact an organisation's accounting information
systems . These systems permeate all aspects of the organisation. A key element necessary for the ERP to
provide business analysis is the data warehouse. This is a database designed for quick search, retrieval,
query, and so on.
Definition
Enterprise resource planning systems are modular software packages designed to integrate the key
processes in an organisation so that a single system can serve the information needs of all functional areas.
ERP systems primarily support business operations – those activities in an organisation that support the
selling process, including order processing, manufacturing, distribution, planning, customer service, human
resources, finance and purchasing. ERP systems are function-rich, and typically cover all of these activities –
the principal benefit being that the same data can easily be shared between different departments.
Operations
Controls inventory throughout the supply chain,
from procurement to distribution
Finance ERP software Accounting

Reports customer's Manages information flow Records sales and
credit rating and among all database applications payments and tracks
current selling business performance
Marketing Human resources

Co-ordinates sales activities and Recruits, trains, evaluates and
handles customer relationship compensates employees
This integration is accomplished with a database shared by all the application programs. For example,
when a customer service representative takes a sales order it is entered in the common database and it
automatically updates the manufacturing backlog, the price, the credit system and the shipping schedule.
ERP systems work in real-time, meaning that the exact status of everything is always available. Further,
many of these systems are global. Since they can be deployed at sites around the world, they can work in
multiple languages and currencies. When they are, you can immediately see, for example, exactly how much
of a particular part is on-hand at the warehouse in Japan and what its value is in yen or dollars.
Example: ERP
Say you are running a bicycle shop. Once you make a sale, you enter the order on the ERP system. The
system then updates the stock of bicycles in the shop, incorporates the sale into the financial ledgers, prints
out an invoice, and can prompt you to purchase more bikes to replace the ones that you have sold. The
ERP system can also handle repair orders and manage the spare parts stocks. It can also provide automated
tools to help you forecast future sales and to plan activities over the next few weeks. There may also be
data query tools present to enable sophisticated management reports and graphs to be generated. In
addition, the system may handle the return of defective items from unhappy customers, the sending out of
regular account statements to customers, and the management of payments to suppliers.

ERP systems can assist with the scheduling and deployment of all sorts of resources, physical, monetary and
human. A water company might use their ERP system to schedule a customer repair job, deploy staff to the
job, verify that it got done, and subsequently bill the customer. An oil company might use it to ensure that
their tankers are loaded, that a shipping itinerary is prepared and completed on schedule, and that all the
equipment and people required for loading and unloading the cargo in each port are present at the right
times. A bus company might use their system to manage customer bookings, record receipts and plan
maintenance activities for their fleet.
3.6.1 Benefits of ERP

The benefits that may be realised from a successfully-implemented ERP project include:
(a) Allowing access to the system to any individual with a terminal linked to the system's central server.
(b) Decision support features, to assist management with decision-making.
(c) In many cases, extranet links to the major suppliers and customers, with electronic data interchange
facilities for the automated transmission of documentation such as purchase orders and invoices.
(d) A lot of inefficiencies in the way things are done can be removed. The company can adopt so-called
'best practices' – a cookbook of how similar activities are performed in world-class companies.
(e) A company can restructure its processes, so that different functions (such as accounting, shipping
and manufacturing) work more closely together to get products produced.
(f) An organisation can align itself to a single plan, so that all activities, all across the world, are smoothly
co-ordinated.
(g) Information and work practices can be standardised, so that the terminology used is similar, no
matter where you work in the company.
(h) A company could do a lot more work for a lot more customers without needing to employ so many
people.
3.7 AIS and their importance to accountants
LO In this modern IT era, computers are forcing accountants to change the nature of their work. This is
6.4 because:
(a) Computerised accounting packages reduce the amount of tedious manual work associated with data
management and recordkeeping.
(b) Computers enable accountants and auditors to be more mobile and to use their clients' computer
systems to extract information from databases and the Internet.
Therefore, we can expect an increasing trend of accountants and auditors who have extensive computer
skills and who are:
• Specialising in correcting problems with software or in developing software to meet unique data
management and analytical needs.
• Performing more technical duties, such as implementing, controlling, and auditing systems and
networks, developing technology plans, and analysing and devising budgets.
Technology is rapidly changing the nature of the work of most accountants and auditors. With the aid of
special software packages, accountants summarise transactions and organise data in special formats
employed in financial analysis. These accounting packages greatly reduce the tedious work associated with
data management and record keeping but accountants need to be involved in the various stages of
accounting information system adoption and use. For example, the accountant's involvement should be as:
• A user – to test and operate. Accountants as users must decide what information must be collected,
how it must be processed, and how it must be reported.
• An analyst – on the analysis team. Accountants as systems designers must work with computer
professionals in designing the conceptual system while the computer professionals handle the
physical system. Keeping in mind that the AIS is the custodian of the accountant's data and the
processor of his or her information, the AIS cannot be ignored.
• A purchaser – on the selection team.
• An implementer – dealing with conversion and configuration.
• A consultant – working as an outside expert.
• An internal auditor – monitoring the process and evaluating the controls.
• An external auditor – involved in the audit.

Accountants as auditors must form opinions of the fairness of a company's financial statements. In recent
years the profession has broadened this attest function. Assurance services include traditional auditing but
are also concerned with the quality of information used by decision makers. Formation of that opinion is
dependent on the auditor's ability to evaluate the accounting system and have confidence that its output is
reliable. IT auditing is performed as part of the financial audit to determine the integrity of the organisation's
information system. Internal auditors are employees of the organisation.
Accounting information systems change the way internal controls are implemented and the type of
audit trails that exist within a modern organisation. The lack of traditional forensic evidence, such as paper,
necessitates the involvement of accounting professionals in the design of such systems. Periodic involvement
of public auditing firms can be used to make sure the accounting information system is in compliance with
current internal control and financial reporting standards. After implementation, the focus of attestation is
the review and verification of system operation.
4 Data processing techniques

Section overview
• Three activities in an information system produce the information that organisations need for
making decisions, controlling operations, analysing problems and creating new products or services.
These activities are input, processing and output. Data processing converts the raw input into a
more meaningful form.
4.1 Types of data processing

The manner in which data are input into the computer affects how the data can be processed. AIS collect
and process information in one of two ways: through batch or through on-line processing.
The approach chosen depends firstly on management requirements. These may be:
• Routine recording of accounts data e.g. purchase ledger, sales ledger, payroll.
• Preparation of regular 'packages' of management information e.g. monthly reports.
• Fact retrieval for decision-making e.g. can customer Y exceed its credit limit? This will also include
facts for strategy evolution.
The processing system must also take into account:
• Input volumes.
• Management priorities.
• The purpose of the information processed.
• Response-time (i.e. the time between the collection of the source data and the processing results).
4.2 Batch processing model

LO In batch processing mode, a group of similar (routine) transactions are processed in the same processing-
6.6 run. Input data could be entered into the system over a period of time, or at the same time. But the actual
processing of the data commences only when the transactions data collection is complete and is held in a
transactions file. A time lag exists between the event and the processing.
Definition
A batch is a group of similar transactions that are accumulated over time and then processed together.
This mode was formerly the major form of processing. It is still the most logical method of dealing with
large transaction volumes at a specific time.
Batch processing involves transactions being grouped and stored before being processed at regular
intervals, such as daily, weekly or monthly. Because data is not input as soon as it is received the system will
not always be up-to-date.

Transactions will be collected up over a period of time, and will then be dealt with together in a batch.
Some delay in processing the transactions must therefore be acceptable.
The lack of up-to-date information means batch processing is usually not suitable for systems involving
customer contact. Batch processing is suitable for internal, regular tasks such as payroll.
The diagram below illustrates where transactions are kept in a transaction file, which contains all the
transactions for a particular time period. Periodically, this file is used to update a master file, which contains
permanent information on entities (e.g. a payroll master file with employee earnings and deductions
information. It is updated with weekly time card transactions). Adding the transaction data to the existing
master file creates a new master file.
Batch processing
Keyboard
input
Transactions
grouped
in batches Sorted Old
transaction master
file file
Validate
and update
New
master
Error
file
reports
Reports
4.2.1 Advantages and disadvantages of batch processing

Advantages Disadvantages
Error detection is simpler (facilitated by the nature of the The system is 'time-driven' and so is not geared to rapid
single processing run). action.
No special hardware/software is needed (all computer The system provides bulk information and so is not
systems should be able to adopt this). selective.
It contributes to large-scale economies due to bulk Preparing batches results in duplication of effort.
processing.
System design is simple.
If necessary, part may be processed now and the
remainder later.

Question 5: Mystery box
Which box from the diagram above can all of the following procedures belong to?
Calculating Classifying Comparing
Merging Sorting Summarising
A internal sources of data
B data processing
C information generation
D data collection
4.3 On-line processing

LO Two types of data are of value to an organisation – current and historical. Current data relates to on-going
6.5 business events that are changing (are not yet history). Historical data can be voluminous. On-line
Transaction Processing (OLTP) events relate to current activities of the business. On-line Analytical
Processing (OLAP) involves on-line transactions that include large amounts of data used for extensive
analysis. OLTP applications support mission-critical tasks. OLAP applications support management-critical
tasks through analysis of data in the data warehouses.
4.3.1 On-line processing

A system is referred to as 'on-line', or sometimes known as on-line transaction processing (OLTP), when
the data is input directly to the computer from the point of origination, and where the output is
transmitted to the user's location. This involves data communications.
An on-line system may be batch-based. This permits input to be held in backing storage so that processing
may be subsequently carried out during an off-peak period. An on-line system that processes the input
immediately is said to be operating in real time.
On-line processing involves transactions being input and processed immediately, in 'real time'. On-line
refers to a machine which is under the direct control of the main processor for that system. (The term
'on-line' is also used to describe an active Internet connection.)
On-line, real time processing is appropriate when immediate processing is required, and the delay implicit in
batch processing would not be acceptable.

On-line processing
Process/
Enter update Master
directly master file
file
Immediate Immediate Immediate

input processing file update
On-line systems are practically the norm in modern business. Examples include the following:
(a) As a sale is made in a department store or a supermarket, the item barcode is scanned on the point
of sale terminal and the stock records are updated immediately.
(b) In banking and credit card systems whereby customer details are often maintained in a real-time
environment. There can be immediate access to customer balances, credit position etc and
authorisation for withdrawals (or use of a credit card).
(c) Travel agents, airlines and theatre ticket agencies all use real-time systems. Once a hotel room,
plane seat or theatre seat is booked up everybody on the system must know about it immediately so
that they do not sell the same holiday or seat to two (or more) different customers.
4.3.2 Advantages and disadvantages of the real-time system
Advantages Disadvantages
The user enters transactions into a device that is The system is relatively high-cost (in terms of
directly connected to the computer system. The hardware and software required, installation, and
transactions are usually processed immediately. essential storage).
A higher level of customer satisfaction is achieved A high level of security is required (e.g. bank cash
(e.g. the real-time banking system). dispenser).
Information needed is obtained by adopting very To avoid loss should the system fail, duplicate
simple procedures. processors and files are needed.
Prompt and early information assists in improving System failure could cause great organisational
and maintaining the quality of management decisions. problems.
4.3.3 Batch versus real time processing
The characteristic differences between batch and real-time processing are outlined in the table below:
Distinguishing Batch processing Real time processing

characteristic
Information time Lag exists between time when the economic Processing takes place when the
frame event occurs and when it is recorded. economic event occurs.
Resources Generally, fewer resources (e.g. hardware, More resources are required
programming and training). than for batch processing.
Have longer systems
development time.
Operational Certain records are processed after the event to All records applying to the
efficiency avoid operational delays. event are processed
immediately.
Organisations can increase efficiency by grouping
large numbers of transactions into batches rather
than processing each event separately.
Control Batch processing provides control over the
transaction process via control figures.

4.3.4 OLTP versus OLAP
We can divide IT systems into transactional (OLTP) and analytical (OLAP) processing. In general we can
assume that OLTP systems provide source data to data warehouses, whereas OLAP systems help to
analyse it.
The system that runs the banks, or allows the telecommunications company to generate bills that charge
you for phone usage are examples of OLTP systems. The basis of OLTP systems is to process transactions.
As such, you can imagine how the data would be stored. The database schema of an OLTP system is geared
towards operational efficiencies. Queries should be short and to the point (INSERT, UPDATE, DELETE).
Spot data is important and must be highly accurate. Results should be generated in seconds if not
milliseconds. When a user interacts with an OLTP system, the results can be generated while the user is
waiting.
In contrast, OLAP systems focus on analysis. Applications supported by a data warehouse, with tools that
allow you to drill into details of data, slice-and-dice data from multiple dimensions, are examples of OLAP
systems. Data accuracy is important but this loses in significance to trend information. Users of OLAP
systems are typically knowledge workers who are keen to understand the trends that exist in the
underlying data rather than their spot values. For OLAP systems a response time is an effectiveness
measure. OLAP applications are widely used by data mining techniques.
OLAP (online analytical processing) is computer processing that enables a user to easily and selectively
extract and view data from different points of view. For example, a user can request that data be analysed
to display a spreadsheet showing all of a company's swimsuit products sold in Sydney in the month of
January, compare revenue figures with those for the same products in July, and then see a comparison of
other product sales in Sydney in the same time period. To facilitate this kind of analysis, OLAP data is
stored in a multidimensional database. Whereas a relational database can be thought of as two-dimensional,
a multidimensional database considers each data attribute (such as product, geographic sales region, and
time period) as a separate 'dimension'. OLAP software can locate the intersection of dimensions (all
products sold in the Eastern region above a certain price during a certain time period) and display them.
Attributes such as time periods can be broken down into sub-attributes.
A typical customer order entry OLTP transaction might retrieve all of the data relating to a specific
customer and then insert a new order for the customer. Information is selected from the customer,
customer order, and detail line tables. Each row in each table contains a customer identification number
which is used to relate the rows from the different tables. The relationships between the records are
simple and only a few records are actually retrieved or updated by a single transaction – see the diagram
below.
CUSTOMER
Customer Customer Customer Customer
ID Address Type Address
ORDER
Customer Order Order Shipment
ID ID Date Method
ORDER
Order Line Product Quantity Price
ID #

The difference between OLAP and OLTP can be summarised as follows: OLTP servers handle mission-
critical production data accessed through simple queries; while OLAP servers handle management-critical
data accessed through an iterative analytical investigation. Both OLAP and OLTP have specialised
requirements and therefore require special optimised servers for the two types of processing.
The following table summarises the major differences between OLTP and OLAP system design.
OLTP – On-line Transaction Processing OLAP – On-line Analytical Processing

(Operational System) (Data Warehouse)
Source of data Operational data; OLTPs are the original Consolidation data; OLAP data comes from
source of the data. the various OLTP Databases.
Purpose of data To help with planning, problem solving, and
To control and run fundamental business tasks.
decision support.
What the data Reveals a snapshot of ongoing business Multi-dimensional views of various kinds of
shows processes. business activities.
Inserts and Short and fast inserts and updates initiated by Periodic long-running batch jobs refresh the
updates end users. data.
Queries Relatively standardised and simple queries
Often complex queries involving aggregations.
returning relatively few records.
Processing Typically very fast. Depends on the amount of data involved; batch
speed data refreshes and complex queries may take
many hours; query speed can be improved by
creating indexes.
Space Can be relatively small if historical data is Larger due to the existence of aggregation
requirements archived. structures and history data; requires more
indexes than OLTP.
Backup and Backup religiously; operational data is critical Instead of regular backups, some environments
Recovery to run the business, data loss is likely to entail may consider simply reloading the OLTP data
significant monetary loss and legal liability. as a recovery method.
4.3.5 OLAP data cubes

At the core of OLAP tools lies a multidimensional data model. The best and most typical way to visualise
this is in the form of a data cube. In general, each cube is defined by two entities, measurements and
metrics. A metric is basically the dimensions in which data in an organisation is kept. Time (in years,
quarters or months) or region (north, south, east, west), would be examples of metrics. Measurement, on
the other hand, represents values of the data that is being stored. Think of measurements as quantities in
which we want to analyse relationships between metrics. Measurements are typically numeric in nature.
While time (in years, quarters or months) is a good example of a metric in the example given above, yearly
sales or average quarter-to-quarter growth are good examples of measurements.
Where the relational database used in OLTP can be thought of as two-dimensional, a multidimensional
database considers each data attribute (such as product, geographic sales region, and time period) as a
separate 'dimension'. The diagram below illustrates how OLAP software can locate (and display) the
intersection of dimensions (the profit margin on regular fuel sold in February 2010). Attributes such as time
periods can be further broken down into sub-attributes.

Categories
Diesel
Premium 2010
January
Regular
February
March
April
May
Sales Sales
Amount Cost Sales
Profit
Qty
Measures Margin
Each dimension represents a different category such as product type, region, sales channel, and time. Each
cell within the multidimensional structure contains aggregated data relating elements along each of the
dimensions. For example, a single cell may contain the total sales for a given product in a region for a
specific sales channel in a single month. Multidimensional databases are a compact and easy to understand
vehicle for visualising and manipulating data elements that have many inter relationships.
OLAP database servers support common analytical operations including: consolidation, drill-down, and
'slicing and dicing'.
(a) Consolidation – involves the aggregation of data such as simple roll-ups or complex expressions
involving inter-related data. For example, sales offices can be rolled-up to districts and districts
rolled-up to regions.
(b) Drill-Down – OLAP data servers can also go in the reverse direction and automatically display
detail data which comprises consolidated data. This is called drill-downs. Consolidation and drill-
down are an inherent property of OLAP servers.
(c) 'Slicing and Dicing' – refers to the ability to look at the database from different viewpoints. One
slice of the sales database might show all sales of product type within regions. Another slice might
show all sales by sales channel within each product type. Slicing and dicing is often performed along a
time axis in order to analyse trends and find patterns.
4.3.6 Data warehousing and data mining
Definition
A data warehouse consists of a database, containing data from various operational systems, and
Example: Data warehouse

A data warehouse contains data from a range of sources: internal (sales order processing system, nominal
ledger) and external. One reason for including individual transaction data in a data warehouse is that if
necessary the user can drill-down to access transaction level detail. Data is increasingly obtained from
newer channels such as customer care systems, outside agencies or web sites. Maintenance is an iterative
process that continually refines its content. Data is copied to the data warehouse as often as required –
usually either daily, weekly or monthly. The process of making any required changes to the format of data
and copying it to the warehouse is usually automated.

It supports information processing by providing a solid platform of integrated, historical data from which to
do analysis. It is a database, data extraction tool, decision support system, or other analysis tool or
procedure, that extracts data from the organisation's production database, reformats it and loads it into a
database designed for querying with an on-line analytical processing system (OLAP). OLAP allows users to
dynamically extract pertinent summary information.
Definition
Data mining is an analytic process designed to explore data (usually large amounts of data – typically
business or market related) in search of consistent patterns and/or systematic relationships between
variables, and then to validate the findings by applying the detected patterns to new subsets of data.
The ultimate goal of data mining is prediction – and predictive data mining is the most common type of data
mining and one that has the most direct business applications.
Data mining means extracting data from multiple data sources by means of interactive and analytical
software tools that allow the miner to specify search parameters and are capable of identifying trends and
relationships within and between data sets. It involves the application by the software of a number of
different analytical approaches:
• Identifying clusters of useful and significant data in the midst of a useless or irrelevant mass.
• Summarising data to show overall patterns that may be hidden if data is viewed at the detailed level.
• Creating and learning classification rules that can make sense of patterns in data.
• Finding possible dependencies between apparently unrelated data sets, using correlation and
regression tools.
• Detecting anomalies in patterns of data that may signify events or occurrences that are important to
the decision-maker.
Data mining packages not only provide the analytical tools required for data analysis, but also 'learn' from
the process of mining and become more powerful the more they are used. Decision-makers find that data
mining packages turn them into 'experts', without having to learn how the analytical tools actually work.
4.4 Key differences between the various types of data processing

techniques
There are several types of systems that we can compare:
• Batch processing systems, where you submit a job and later receive output in the form of a file
LO
6.6
• Online transaction entry (OLTE) system where the use of data entry devices allows business event data
to be entered directly into the Information System at the time and place that the business event occurs.
• Real-time systems, where you submit requests to do a small amount of work that has to be done
before some very early deadline
• Data warehouse systems, where reporting programs and ad hoc queries access data that is integrated
from multiple data sources.
Most of the differences are easily shown between the batch and the real time systems. The table below
outlines some of them.
Real time Batch
Each transaction is unique Each transaction is part of a group

Transactions are stand alone Database not accessible all of the time
Requires master file to be available more Data is organised and stored before master
often for updating file is updated
Fewer errors - transaction data is validated More errors can occur during these steps
and entered immediately

Real time Batch
Infrequent errors may occur - but often Easier to maintain than real time.
tolerated
Not practical to shut down whole system
More computer operators are required in
real time processing - operations not
centralised.
Other differences can be divided into the following categories: the number of sub processes, the
information time frame, resources and operational efficiency.
4.4.1 Sub processes

Batch processing systems typically require four basic sub processes to be completed before event data is
converted into reports that can be used by decision makers
1 Business event occurs: at the point of occurrence for the business event, the information for the
event is recorded on a source document e.g., a sales slip.
2 Record business event data: a batch of source documents is transferred to a data entry clerk
who takes the information from the source documents and enters the data in a computerised
format.
3 Update master data: after all of the data have been entered into the system, the data are then
processed, with any calculations and summaries. This information is used to update the master data.
4 Generate outputs: after all of the calculations have been completed and the data have been
updated, the system periodically generates the applicable reports.
In an online transaction entry (OLTE) system, use of data entry devices allows business event data to be
entered directly into the Information System (IS) at the time and place that the business event occurs.
These systems merge the traditional sub processes of ‘business event occurs’ (which includes completion of
the source document) and ‘record business event’ data into a single operation. At the point of the business
LO event, a computer input device is used to enter the event data into the data entry system rather than onto
6.6
a source document. Generally, the system automatically generates prices as the computer retrieves data
from the system data stores. Such a system is considered online because the data entry device is connected
to the processing computer.
Online real-time (OLRT) systems complete all stages of business event data processing in immediate mode.
Immediate mode is the data processing mode in which there is little or no delay between any of the data
processing steps.
4.4.2 Information time frame

Batch systems assemble transactions into groups for processing. Under this approach, there is always a time
lag between the point at which the economic event occurs and the point when it is reflected in the
company’s accounts. The amount of lag depends on the frequency of batch processing. Time lags can range
from minutes to weeks. Payroll processing is an example of a typical batch system. The economic events -
the application of employee labour hours - occur throughout the pay period. At the end of the period, the
payslips for all employees are prepared together as a batch.
In an online transaction entry (OLTE) system the processing of the data is still completed on a batch of
event data at a later point in time. In the case of many systems in use by businesses today, sales event data
is aggregated by cash register terminals for the entire day; and then, after the store has closed, the data is
electronically transferred to the computer system where the business event data is processed.
Online real-time (OLRT) systems gather business event data at the time of occurrence, update the master
data almost instantaneously, and provide the results arising from the business event within a very short time
- i.e., in real-time. As records are not grouped into batches, there are no time lags between occurrence and
recording. An example of real time processing is an airline reservation system, which processes requests for
services from one traveller at a time while the customer waits.

4.4.3 Resources
Batch systems generally demand fewer organisational resources, such as programming costs, computer time
and training, than real time systems. For example, batch systems can use sequential files stored on magnetic
tape. Real time systems use direct access files that require more expensive storage devices, such as
magnetic disks. In practice however, the cost differentials are disappearing and organisations are using
magnetic disks for both batch and real time processing.
There is a more significant resource differential in the area of system development (programming) and
computer operations. As batch systems are simpler than their real time counterparts, they tend to have
shorter development periods and are easier for programmers to maintain. For real time systems, as much
as 50% of the total programming costs are incurred in designing the user interfaces. Pop up menus, online
tutorials and special help features require additional programming and add greatly to the cost of the system.
Real time menus must be friendly, forgiving and easy to work with. Because real time systems must deal
with transactions as they occur, they require dedicated processing capacity. Some types of system must be
available 24 hours a day whether they are being used or not. The computer capacity dedicated to these
systems can’t be used for any other purposes.
Batch systems use computer capacity only when the program is being run. When the batch job completes
processing, the freed capacity can be re-allocated to other applications. Whereas, implementing a real time
system may require either the purchase of a dedicated computer or investment in additional computer
LO capacity.
6.6
The use of OLTE eliminates the need to have one person enter business event data on a source document
and then have a second person perform the data entry to convert the business event data to a computer-
ready form. In an OLTE system, one person performs both operations. In many systems, this data entry will
be completed using bar code readers or scanners. The use of such technologies eliminates the human error
that can result from entering data manually.
4.4.4 Operational efficiency

Batch processing of non-critical accounts improves operational efficiency by eliminating unnecessary
activities at critical points in the process. Real time processing in systems that handle large volumes of
transactions each day can create operational inefficiencies. A single transaction may affect several different
accounts. Some of these accounts, however, may not need updating in real time. In fact the task of updating
them takes time that, when multiplied by hundreds or thousands of transactions, can cause significant
processing delays.
5 Ethics and accounting information systems

Section overview
• A review of the literature on ethical and social issues surrounding systems identifies five moral
dimensions of the information age: information rights and privacy, property rights, accountability
and control, system quality and quality of life.
5.1 Introduction
Definition
Ethics can be defined as the principles of right and wrong that can be referenced by individuals in making a
personal decision or judgment. Often these references are made from a combination of sources.
Information systems have the ability to instantaneously affect individuals, companies, cultures and countries.
This heightens the need to take ethical issues into account.

There are several professional bodies that publish codes of conduct or guidelines for their members with
reference to the use of information technology but a generic set of guidelines would contain the following:
• Avoid harm to others
• Be honest and trustworthy
• Contribute to society and human wellbeing
• Honour property rights including copyrights and patents
• Access computing resources only when authorised
• Respect the privacy of others.
The majority of professional bodies add to this generic list and propose specific guidelines relating to the
appropriate profession.
Question 6: Corporate values

Top management at a company wish to develop a clearly articulated statement of ethical values that is
understood at all levels of the organisation. Which of the following would management do in pursuit of this
objective? (Identify all of the following that are correct options.)
A update the Code of Conduct by occurrence of violation.
B develop appropriate documentation.
C make ethics guidelines readily available and understandable.
D periodically provide employees with updated information relevant to maintaining sound integrity and
ethical values.
5.2 Ethical and social issues

Ethics refers to the principles of right and wrong that can be used by individuals acting as free moral agents to
make choices to guide their behaviour. Information systems raise new ethical questions for both individuals and
societies because they create opportunities for intense social change, and thus threaten existing distributions of
power, money, rights, and obligations. The development of information technology will produce benefits for
many, and costs for others. In this situation, what is the ethical and socially responsible course of action?
The principles which guide a manager's decision making are important to all affected. Computer ethics
involve questions related to the use of technology and its social impact.
LO A review of the literature on ethical and social issues surrounding systems identifies five moral dimensions
6.6 of the information age:
(1) Information rights and obligations: what information rights do individuals and organisations possess
with respect to information about themselves? What can they protect? What obligations do
individuals and organisations have concerning this information?
(2) Property rights: intangible property created by individuals or corporations, which is subject to
protection and includes trade secrets, copyright, and patents. Information technologies pose a severe
challenge to existing intellectual property regimes. Digital media differs from other traditional forms
of media in terms of ease of replication, ease of transmission and ease of alteration. How will
traditional intellectual property rights be protected in a digital society in which tracing and
accounting for ownership is difficult, and ignoring such property rights is so easy?
(3) Accountability and control: the mechanisms for assessing responsibility for decisions made and
actions taken. Who can and will be held accountable and liable for harm done to the individual? If a
machine injures a person controlled, in part, by software, who should be held accountable? Should an
electronic service provider be held responsible for the broadcasts made by its clients of, for
example, offensive or pornographic materials? The central ethical issue here is whether individuals
and organisations that create, produce and sell systems are morally responsible for the consequences
of their use.
(4) System quality: what standards of data and system quality should we demand to protect individual
rights and the safety of society? Data quality is a major concern.

(5) Quality of life: what values should be preserved in an information and knowledge based society?
What institutions should we protect from violation? What cultural values and practices are
supported by the new information technology? There are some negative social costs of introducing
information technologies. The empowerment of workers through technology has proved to be trivial
but the shift of power has not changed. The 'do anything, anywhere' computing environment
weakens the boundaries that have traditionally separated work from family and leisure. The work
umbrella now extends far beyond the eight-hour working day. Additionally, during the last decade
there has been a dramatic increase in computer-related crime.
The five moral dimensions should constantly be reviewed by all organisations in an attempt to create
policies and codes of practice that will encourage all employees to recognise the need to act in an ethical
manner.
5.3 Moral dimensions

Information systems are bringing about many changes. Not all of these are good. The large amount of data
available about individuals can be an invasion of their privacy. The ease with which data can be copied and
transmitted calls for new definitions of ownership and new methods of copyright control. Existing legislation
must be extended to cater for many novel situations, and controls and methods created to enforce the
quality of software and systems, and ensure the new technology improves our quality of life.
5.3.1 Privacy
Privacy is the claim of individuals to be left alone, free from surveillance or interference from other
individuals or organisations including the state. Claims to privacy are also involved at the workplace. Millions
of employees are subject to electronic and other forms of high tech surveillance. Information technology
and systems threaten individual claims to privacy by making the invasion of privacy cheap, profitable and
effective.
People want to be in full control of what and how much information about themselves is available to others.
Should companies that are not related to you be allowed to buy and sell information about you without
your permission?
Some countries have a set of principles governing the collection and use of information about individuals.
The five fair information practices principles are:
(1) Individuals have rights of access, inspection, review and amendment to systems that contain
information about them.
(2) There must be no use of personal information for purposes other than those for which it was
gathered without prior consent.
(3) There should be no personal record systems whose existence is secret.
(4) Governments have the right to intervene in the information relationships among private parties.
(5) Managers of systems are responsible and can be held accountable and liable for the damage done by
systems.
There is a wide variation in what people regard as 'private' information concerning themselves. These
variations exist between one individual and another, between different sections of society and different
countries. Therefore, the important concern must be what the data is going to be used for.
Despite growing concerns about privacy, some would argue that it is often in a person's best interests to
reveal rather than withhold private information. For example, credit could not be provided if borrowers
were unwilling to release the relevant personal information to allow their credit worthiness to be assessed,
and fair decisions concerning personal taxation could not be made if lawful personal data was not provided
by the appropriate people. It should be remembered that there are aspects of privacy that have no
immediate connection with the handling of personal data through information systems, for example
intrusion into the home, powers of entry and search, and embarrassing publicity in the media and, on the
other hand, there are aspects of data protection, such as accuracy, that have no connection with privacy.
Whatever the privacy debate, privacy protection is very important, and is likely to become more so as
developments mean that new classes of data and actions must be considered to effectively ensure the
privacy of individuals. Hussain and Hussain (1992) describe two currently important privacy issues:
(a) Fair use: the concept of data privacy that would only allow data to be used in support of the
organisation's specific business mission. This would require an organisation to seek an individual's

permission before passing personal data on to others. Data use is complex; it seems legitimate to use
personal data for marketing purposes, perhaps to direct advertising efforts. However, once such
personal data is gathered it describes individuals in ways that can have less savoury use, such as for
political harassment, or to allow criminals to identify lucrative (or soft touch) targets.
(b) Gatekeeping: the restricted access to services, privileges, benefits or opportunities on the basis of
certain data values. Some gate keeping seems inevitable, and acceptable; entry to a university
permitted by a points system based on exam results is one such example and a point scoring system
for credit provision is another. However, the same principle can be used to keep out 'trouble
makers', and then the central issue becomes: whose definition of trouble maker?
5.3.2 Internet challenges to privacy

Every day, Internet users are giving out personally identifiable information unknowingly. With the
technology available today, users' every action online is being recorded without their explicit permission.
The chief issue of Internet surfing privacy is choice and awareness. In today's competitive world, collection
of consumer data helps companies survive and thrive. But the question is the manner in which such
information is collected. The Internet privacy violators include cookies, web bugs, spyware and smart tags.
Cookies – an Internet cookie is a packet of information sent by a server to a browser, which is then sent
by the browser each time it accesses the server. Cookies are typically used to authenticate a registered
user of a web site, personalising the site, maintaining an online shopping cart, etc. Originally developed by
Netscape, cookies offer convenience to the visitor if care is taken by the website. One of the controversies
surrounding cookies is their ability to build a personal profile of the user's browsing and purchasing habits.
Spyware – some companies place spyware through their software installations, usually without the user's
permission. It can pass on information about software, browsing habits and purchasing habits of the user to
the company's data collection facilities. It also has the capability to take names, credit card and other
personal information. The information gathered by such companies is usually sold and combined with other
databases to build a profile of individual web users. This profile is mainly used for direct marketing
purposes.
Web Bugs – are graphics on a web page or an email message that are designed to monitor who is reading
the web page or email message. A web bug is often invisible as its size is only 1 pixel by 1 pixel. It is
represented as HTML IMG tags. Any graphics used for monitoring is a web bug. Not all invisible gif images
are web bugs, as some are used for alignment purposes. Web bugs are also known as clear gifs or 1 by 1
gifs or invisible gifs.
Ad networks use web bugs to add information to a personal profile of what sites a person is visiting. This
information is stored in a database belonging to the ad network. This in turn determines what banner ad
the user is shown. Web bugs are also used to gather statistics about web browser usage and independent
accounting of the number of people who have visited a particular web site. Web bugs can be found by using
the HTML source of a web page. The web bug is usually loaded from a different server than the rest of the
page.
5.3.3 Property rights

Contemporary information systems have challenged existing law and social practices that protect private
intellectual property, which is subject to a variety of protections under three different legal traditions: trade
secrets, copyright and patent law. in the case of computer software, the question here becomes what an
individual, or organisation, can own – ideas, media, source code, object code? A related question is whether
owners and users should be constrained in their use or access. Copyright law has been invoked in an
attempt to protect those who develop software from having it copied. Unquestionably, the hours spent in
program development should be protected from piracy but many believe that copyright laws can cause
more harm than good. Part of the problem lies in the uniqueness of software, its ease of dissemination and
the possibility of exact replication. It does not quite fit with the current categories and conventions
regarding ownership.
5.3.4 Accountability and control

Along with privacy and property laws, new information technology is challenging existing liability law and
social practices for holding individuals and organisations accountable for the creation and sale of new IS/IT
products and services. For example:

• If a person is injured by a machine controlled by software, who is liable?
• Should electronic services like Facebook be held accountable for offensive material on their Web
site?
• If you outsource your information processing, can you hold your external vendor liable for damages
to your customers?
Liability and software
In general, it is very difficult to hold software producers liable for their products when:
• Some software may be part of a machine.
• Some software acts more like a book storing and displaying information.
• Software is a service (ATM).
Liability of electronic information services
• Are such services liable for the content of their transmissions?
• Telephone companies are not liable for their transmissions because they are regulated 'common
carriers'.
• Radio and television are liable.
• What should we do with respect to the Internet?
• What happens when one company provides telephone, cable, and Internet access services over one
wire?
Levels of accountability, liability, and control issues
• Ethical issues (individuals) – are individuals and organisations that create, produce, and sell
information systems morally responsible for the consequences of their use and if so under what
conditions?
• Social issues (society) – what should our expectations be? Should the developer of the service be
responsible for harm or should the organisation that purchased the service be held accountable?
• Political issues (laws) – should legislation impose liability or restrict liability on service providers?
5.3.5 System quality

What is an acceptable, technologically feasible level of system quality? The debate over liability and
accountability for unintentional consequences of system use raises a related but independent moral
dimension: individuals and organisations may be held responsible for avoidable and foreseeable
consequences, which they have a duty to perceive and correct. And the grey area is that some system
errors are foreseeable and correctable only at very great expense, an expense so great that pursuing this
level of perfection is not feasible economically. For example, although software companies try to debug
their products before releasing them to the marketplace, they knowingly ship faulty products because the
time and cost of fixing all minor errors would prevent these products from ever being released. Three
principal sources of poor system performance are software bugs and errors, hardware or facility failures
due to natural or other causes, and poor input data quality. Unfortunately, there is a technological barrier
to perfect software, and users must be aware of the potential for catastrophic failure. The software industry
has not yet arrived at testing standards for producing software of acceptable but not perfect performance.
Although software bugs and facility catastrophe are likely to be widely reported in the press, by far the
most common source of business system failure is data quality. Few companies routinely measure the
quality of their data but studies of individual organisations report data error rates ranging from 0.5 to 30
per cent. For example, a manufacturer attempted to reorganise its customer files by customer number only
to discover the sales staff had been entering a new customer number for each sale because of special incen-
tives for opening new accounts. One customer was entered 7 000 times. The company scrapped the
software project after spending $1 million.
The central quality-related ethical issue raised by information systems is at what point should anyone
release software or services for consumption by others? At what point can a person conclude that the
software or service achieves an economically and technologically adequate level of quality?
5.3.6 Quality of life

The negative social costs of introducing information technologies and systems are beginning to mount along
with the power of the technology. Many of these negative social consequences are not violations of

individual rights, nor are they property crimes. Nevertheless, they can be extremely harmful to individuals
and societies. The negative consequences of information systems include the following:
(a) Empowerment – much of the decentralisation of decision making has been ineffective; modern
communication systems allow remote parts of a business to be monitored and controlled from the
centre. There is an argument that remote parts can be constantly watched by the central core.
(b) Rapidity of change and the more efficient global market place meant that businesses now no
longer have the necessary time to adjust to change. News of change is broadcast instantaneously.
(c) Boundaries between family, work, and leisure – the 'work umbrella' extends far beyond the eight
hour day because of the 'do anything anywhere' computing environment.
(d) Dependence and vulnerability – businesses, schools, government as well as private institutions are
dependent on information systems. Should we be worried that there are no regulatory or standard-
setting forces in place like other public utility technologies?
(e) Employment – trickle-down technology: new technologies, originally expensive and used in
developed countries, become cheaper through improved design and mass production, and are then
used widely in less developed countries, often displacing workers in what were labour intensive
industries.
(f) Equity and access – increasing racial and social class cleavages. Do all members of society have
equal access to IS/IT?
(g) Health risks such as repetitive stress injury (RSI), computer vision syndrome (CVS), VDT radiation
and Technostress.
(h) Computer crime and abuse – technologies including computers create new valuable items to steal,
new ways to steal them and new ways to harm others. Abuse is the commission of acts involving a
computer that may not be illegal but are considered unethical (e.g. spam)
Examples of Internet crime and abuse:
• Hacking – access to proprietary data.
• Jamming also called Denial of Service (DoS) – tie up host computer.
• Malicious software – viruses disable computer.
• Sniffing – intercept data passing through system e.g. credit card data.
• Spoofing – fraudulent misrepresentation.
5.4 Technology and ethics

There are four major technology and system trends that have heightened concern about ethical issues.
(1) The doubling of computing power every eighteen months has helped the proliferation of information
systems. As a result, our dependence on systems and our vulnerability to system errors and poor
data quality has increased. Public concern has heightened over our growing dependence on some
critical systems but standards for ensuring the accuracy and reliability of information systems are not
universally accepted or enforced.
(2) Advances in data storage techniques and rapidly declining storage costs have been responsible for
the multiplying of databases on individuals - employees, customers, and potential customers
maintained by private and public organisations. These advances in data storage have made the
routine violation of individual privacy both cheap and effective. Already massive data storage systems
are cheap enough for regional and even local retailing firms to use in identifying customers.
(3) Advances in data mining techniques for large databases are a third technological trend that heightens
ethical concerns, because they enable companies to find out much detailed personal information
about individuals. With contemporary information systems technology, companies can assemble and
combine the myriad pieces of information stored on you by computers much more easily than in the
past. Think of all the ways you generate computer information about yourself: credit-card purchases,
telephone calls, magazine subscriptions, video rentals, mail-order purchases, banking records, and
local, state, and federal government records (including court and police records). Put together and
mined properly, this information could reveal not only your credit information but also your driving
habits, your tastes, your associations, and your political interests.
Companies with products to sell purchase relevant information from these sources to help them
more finely target their marketing campaigns. For example, if you buy expensive merchandise from
one catalogue, the catalogue company might sell your name to another retailer. In most countries
this is illegal unless permission is obtained from the user, but web sites often require the user to take

some action (such as ticking a box) to prevent permission being given, and it is not always obvious
that this should be done.
(4) Advances in networking, including the Internet, promise to reduce greatly the costs of moving and
accessing large quantities of data, and open the possibility of mining large pools of data remotely
using small desktop machines, permitting an invasion of privacy on a scale precision never before
imaginable.
Question 7: Moral dimensions
Quality of life
Information rights Property rights

and obligations and obligations
Five moral
dimensions
relating to AIS
??? ???
Identify and briefly explain the two moral dimensions that are missing from the diagram above.

Key chapter points
• Accounting information systems (AIS) combine the study and practice of accounting with the design,
implementation, and monitoring of information systems.
• The role of an AIS is to facilitate the processing of the company's transactions as well as improving
the management decision-making process, its internal control and the quality of the financial
reporting.
• An AIS fulfils three important business functions: it can collect and store data about organisational
activities, resources, and personnel, transform data into information that is useful for making
decisions and provide adequate controls to safeguard the organisation's assets, including its data, to
ensure the assets and data are available when needed and the data are accurate and reliable.
• The main types of accounting systems are financial, tax, cost and management systems.
• Cost accounting is concerned with the costs of business activities – products, services, departments
and resources. It is part of managerial accounting. The role of a cost accounting system is to provide
information useful for managing the activities that consume resources.
• The advantages of an AIS include: typically entering data only once, many human errors are
eliminated and more timely information. The disadvantages include: use of inappropriate and/or
incompatible software and hardware; need for reliable back-up procedures; lack of computer system
skills; computer viruses and hackers and fraud and embezzlement.
• Transaction processing systems were among the first computerised systems developed to process
business data – a function originally called data processing. They represent the lowest and most basic
use of information within an organisation, and are an integral part of the operation of the
organisation.
• Three transaction cycles process most of the company's economic activity: the revenue cycle, the
expenditure cycle and the conversion cycle.
• A distinguishing feature of a database system is that, since there is a common set of shared files for
all applications, information to update the files is input just once (instead of several times, once for
each application system).
• The REA (resources, events and agents) model (McCarthy 1982) is an accounting framework for
modelling an organisation's critical resources, events and agents and the relationship between them.
• The REA model provides guidance for database design by identifying what entities should be included
and by prescribing how to structure relationships among those entities.
• Enterprise resource planning systems are modular software packages designed to integrate the key
processes in an organisation so that a single system can serve the information needs of all functional
areas.
• Technology is rapidly changing the nature of the work of most accountants and auditors. Special
software packages greatly reduce the tedious work associated with data management and records
keeping but accountants need to be involved in the various stages of accounting information system
adoption and use.
• Three activities in an information system produce the information that organisations need for making
decisions, controlling operations, analysing problems and creating new products or services. These
activities are input, processing and output. Data processing converts the raw input into a more
meaningful form.
• OLAP database servers support common analytical operations including: consolidation, drill-down,
and 'slicing and dicing'.
• Data mining means extracting data from multiple data sources by means of interactive and analytical
software tools that allow the miner to specify search parameters.
• The differences between the various types of data processing techniques include the number of sub
processes, the information time frame, resources and operational efficiency.
• A review of the literature on ethical and social issues surrounding systems identifies five moral
dimensions of the information age: information rights and privacy, property rights, accountability and
control, system quality and quality of life.

1 An information system can be defined technically as a set of interrelated components that collect (or
retrieve), process, store and distribute information to support
A decision making and control in an organisation.
B communications and data flow.
C managers analysing the organisation's raw data.
D the creation of new products and services.
2 Which of the following accurately depicts the components of an accounting information system?
A people, forms, and reports
B people, procedures, and information technology
C people, procedures, and paper
D procedures, paper, and information technology
E people, paper, and information technology
3 Financial statements are prepared
A only for publicly owned business organisations.
B for corporations, but not for sole proprietorships or partnerships.
C in either monetary or non-monetary terms, depending upon the need of the decision maker.
D primarily for the benefit of persons outside of the business organisation.
4 The basic purpose of an accounting system is to
A develop financial statements in conformity with generally accepted accounting principles.
B provide as much useful information to decision makers as possible, regardless of cost.
C record changes in the financial position of an organisation by applying the concepts of double-
entry accounting.
D meet an organisation's need for accounting information as efficiently as possible.
5 Information is cost effective when
A the information aids management in controlling costs.
B the information is based upon historical costs, rather than upon estimated market values.
C the value of the information exceeds the cost of producing it.
D the information is generated by a computer-based accounting system.
6 For a bank the master records would consist of some identification data, historical transactions and
the current balance for all the accounts. What would the transactions file consist of?
7 Which of the following would be an activity associated with the human resources/payroll cycle?
A updating payroll records
B prepare employee and management reports
C discharge employees
D evaluate employee performance
E all of the above
8 On-line analytical processing involves several basic analytical operations. Drill-down in OLAP
involves
A aggregation of data.
B analysing data in the reverse direction to display detailed data that comprises consolidated
data.
C looking at the databases from different viewpoints.
D push reporting.

9 When possible violation of ethical values is identified, management provides an environment ensuring
supportive attitude from all staff members by which two of the following?
A making company personnel aware that appropriate investigation and corrective actions have
been taken.
B employee performance reviews.
C making the ethics guidelines available.
D intolerance of ethical violations at all levels.

1 A Decision making and control in an organisation.

2 B People, procedures, and information technology.
3 D Primarily for the benefit of persons outside of the business organisation.
4 D Meet an organisation's need for accounting information as efficiently as possible.
5 C The value of the information exceeds the cost of producing it.
6 The transactions file would consist of a day’s transactions and would include deposits,
withdrawals, cheques, direct debits, bank charges etc. The transactions file would then be
used to update the master file.
7 A The others all fall outside the remit of the payroll function.
8 B Analysing data in the reverse direction to display detailed data that comprises consolidated
data.
A is describing consolidation, C is a description of slicing and dicing.
9 Both A and D are correct.

1 Typical reports
Financial and management accounting
• Annual statutory accounts.
• Budgets and forecasts.
• Sales and contribution analyses.
• Cash-management and working capital evaluation.
• Capital project appraisal.
• Standard cost and variance analysis reports.
• Returns to government departments.
2 TPS reports
The most obvious reports produced are as follows:
Sales – Monthly totals and cumulative to date analysed by:
• Product.
• Salesperson.
• Geographical location.
Purchases – Unfilled orders.
Stocks – Stock levels and products out of stock.
Accounts: list (aged) of overdue debtors' accounts.
list of payments due to suppliers.
payroll summaries (e.g. by department).
Management will also require a lot of additional information that is not so directly related to the
accounting functions. For example, reports on:
• Overall profitability and profitability by business segment.
• Resource requirements (e.g. cash, manpower, capital investment).
• Productivity (e.g. output per hour).
• Variance from budget.
• Labour turnover statistics.
• Daily requirements of raw materials etc.
3 REA model
Correct answer is D they are all correct.
4 REA calculation
Correct answer is B cost of goods sold.
Total sales would be the Sum of the Invoice Amount attribute in the Ship Product table for all items
shipped on or before the year-end closing date.
Accounts receivable would be Total sales minus the sum of the Receive Cash table's Amount
attribute for all remittances received on or before the year-end closing date.
Inventory would be the Quantity on Hand attribute multiplied by the Unit Cost attribute in the
Inventory table.
5 Mystery box
The correct answer is B data processing. They are all forms of processing – actions that can be taken
on raw data to give them meaning.
6 Corporate values
Correct answer is B, C and D
7 Moral dimensions

(a) System quality: what standards of data and system quality should we demand to protect
individual rights and the safety of society? At what point should system developers say 'stop
testing, we have done all we can to perfect this software – ship it.' Data quality is a major
concern.
(b) Accountability and control: the mechanisms for assessing responsibility for decisions made
and actions taken. Who can and will be held accountable and liable for harm done to the
individual? If a machine injures a person controlled, in part, by software, who should be held
accountable? Should an electronic service provider be held responsible for the broadcasts
made by its clients of, for example, offensive or pornographic materials? The central ethical
issue here is whether individuals and organisations that create, produce and sell systems are
morally responsible for the consequences of their use.

Chapter 6
Controls, security and privacy

Information controls and processes LO7
Describe and explain data quality principles LO7.1
Explain the complementary roles of technical and procedural controls LO7.2
Explain why a business system needs to use a mixture of preventive and detective LO7.3
controls
Identify and explain common security and privacy issues relating to personal web LO7.4
pages maintained by employees
Analyse security and privacy issues relating to electronic communication methods LO7.5
used by employees
Analyse the difference in the controls needed when a transaction is performed LO7.9
face-to-face compared with electronic communication channel such as telephone,
internet or mobile
Topic list
1 Data and information

2 Procedural controls
3 Technical controls
4 The control mix
5 Privacy and security issues
6 Transaction security
183
Introduction
In this chapter we shall consider the importance of data quality to an organisation's information system and
the various controls that are required to maintain it. In particular we shall look at technical and procedural
controls and consider how they complement each other.
It is important for any investment an organisation makes in system controls to be cost-effective. We shall
see that an appropriate mix of preventive, detective and corrective controls should be selected.
The chapter continues by considering various security and privacy issues facing organisations which are
related to information systems – in particular, those connected with personal websites and electronic
communications.
We conclude by looking at some security risks involved in face-to-face and non face-to-face (electronic)
transactions, as well as the controls necessary to minimise them.

Before you begin
covered.
1 What does Juran mean by data quality? (Section 1.1)
2 What is a procedural control? (Section 2)
3 What is a technical control? (Section 3)
4 Which type of control is the most cost-effective? (Section 4.2)
5 Which Act protects the privacy of individuals in Australia? (Section 5.1)
6 What are the two main security risks to organisations when acting as the vendor
in Internet transactions? (Section 6.5)
6: Controls, security and privacy 185

LO
7.1
1 Data and information
Section overview
• Data is used to create information and it is important to control and maintain it in order to
obtain the best possible information from a system. To this end organisations should apply data
quality principles and introduce technical and procedural controls over their systems.
When considering the role and purpose of information systems two terms are often mentioned – data
and information. Before continuing any further it is important to understand the difference between them.
We defined data and information in Chapter 2, and repeat these definitions below.
Definitions
Data are the raw material for data processing. Data consists of numbers, letters and symbols and relates to
Information is data that has been processed in such a way as to be meaningful to the person who receives
it.
A simple way to appreciate the difference between data and information is to think of data as an
unintelligible code which has no meaning. Information on the other hand has meaning to the user and
therefore some value to them or their organisation. It is the role of an information system to turn data into
information by processing it into a form a user understands.
1.1 Data quality

Since the output of information systems is information, and as information is created out of data, it
follows that the quality of information created by a system is entirely dependant on the quality of the
data stored within it.
The term GIGO (Garbage In Garbage Out) is often used to describe the relationship between data and
information – in other words if the data which is input into a system is of poor quality then no matter how
good the system is the quality of information will be poor.
Juran describes data as having good quality if they are 'fit for their intended uses in operations, decision
making and planning'.
1.2 Data quality principles

Wang and Strong set out data quality principles which many organisations have adopted. Data quality
(DQ) is split into four categories and each category is broken down into dimensions which form the
principles of good quality.
DQ category DQ dimensions
Intrinsic Accuracy, Objectivity, Believability, Reputation
Accessibility Accessibility, Access security
Contextual Relevancy, Value-added, Timeliness, Completeness, Amount of data
Representational Interpretability, Ease of understanding, Concise representation, Consistent representation
These principles are adopted by many organisations and bodies that provide guidance and
information on data quality. Each body applies the principles that are most important to them and some add
principles of their own. A common additional principle many organisations use is coherence.
The Australian Board of Statistics (ABS) developed a data quality framework containing a number of key
data quality principles which should be used in quality assessments and reporting.

Data quality principle Explanation
Institutional environment The factors which may affect the credibility and effectiveness of the body producing the
data.
Relevance Whether the data meets the needs of users.
Timeliness The time between the data being collected and being available to users.
Accuracy Whether the data correctly describes what was measured or input.
Coherence Whether the data can be used in conjunction with other data or if it can be used over
periods of time.
Interpretability Whether external information is available to help interpret the data.
Accessibility Whether the data can be obtained by users easily.
1.3 Applying data quality principles

The ABS recommends that a quality statement is produced when assessing the quality of data. Such
statements apply the ABS's data quality framework, reporting both the data's strengths and weaknesses
under each principle.
Not every principle should be given equal weighting, but each should be evaluated appropriately for the
context it is being used, its relevance and how important it is to the needs of the data user.
1.4 Control of data

Control is an important aspect of maintaining quality at all stages in the lifecycle of data (i.e. its input,
processing and output). Information held within a system should also be protected since there is nearly
always a cost involved in its creation and so it is important to ensure it is not adversely affected or
destroyed, either accidentally or deliberately.
1.5 Types of control

Most information systems use a combination of procedural and technical controls. Procedural
controls are also known as human controls and are designed to manage human activity. Technical
controls are IT solutions to system security issues and are often software based.
LO
7.2 2 Procedural controls
Section overview
• Procedural controls include input, processing and output controls.
Definition
Procedural controls manage the human aspects of system activity and are usually placed on the day-to-
day running of the system.
Procedural controls are concerned with managing the human element of systems and are therefore
usually placed on the day-to-day running of the system. They can be divided into three sub-categories,
input controls, processing controls, and output controls.

2.1 Input controls
Input controls regulate the input of data to ensure it is accurate and free from error as possible.
Such controls are important where, for example, an employee is required to type or copy data into the
system from another source. Examples of input controls include:
(a) Numbering documents.

(b) Automatic validation checks (checking the number of digits in a phone number for example).
(c) Automatic checks on calculations (checking of currency exchange rates for example).
(d) Creating batches of documents and checking batch totals.
(e) Requiring certain documents to be reviewed and authorised by a supervisor.
Case study
In 2005 a pensioner in Manchester, UK was sent a speeding ticket for driving his Toyota Land Cruiser at
800 miles per hour in a 30 miles per hour zone – faster than the speed of sound.
On appeal, Greater Manchester Police cancelled the ticket and a spokeswoman said that information on the
ticket was input manually and the mistake was down to human error.
2.2 Processing controls

Data within a system is available for processing and converting into information. Processing controls are
designed to ensure as far as possible that the processing and conversion of data is performed
correctly. There are two main types of processing control:
(a) Validation tests – designed to check that the data is processed correctly.
(b) File checks – designed to ensure the integrity of the file structure is maintained.
The table below lists of examples of validation tests and file checks.
Validation tests File checks

File size checks to ensure records are not larger or Header tables to ensure correct identification of files
smaller than expected
Sequence checks to ensure records are in the correct Trailer labels to ensure the entire document is read
order
Check digits to ensure, for example, credit card numbers Arithmetic tests to ensure totals within a record are
are correct correct
Range tests to ensure values within records are within an Format checks to ensure the record is stored in the
acceptable range correct file format for the system
2.3 Output controls

These controls are designed to ensure that the output of data is authorised and as accurate and
complete as possible. Examples of output controls include:
(a) Preventing the unauthorised distribution of data, or data distribution to unauthorised
individuals.
(b) Limiting access to confidential or sensitive data to a secure location only.
(c) Only allowing data to be distributed once it has been screened for obvious errors.
(d) Comparing values contained in the output to the relevant inputs to ensure consistency.
(e) Identifying and registering all documents or files produced so they can be accounted for.
(f) Developing feedback systems that allow any errors identified in outputs to be reported and
corrected.

Question 1: Data quality
Which of the following types of controls usually has the greatest effect on the quality of data held within a
system?
A input
B processing
C feedback
D output
LO
7.2 3 Technical controls
Section overview
• Technical controls address security issues such as authorisation, documentation, backup
and recovery.
Definition
Technical controls are IT solutions to security concerns and often relate to the storage of, and access to
data, as well as to amending or deleting data files.
Once data has been collected, further controls are needed to ensure it is stored properly and that it
cannot be tampered with.
Technical controls are put in place so that an organisation's management is able to exert some control
over the activities of its employees and they are often required for corporate governance purposes.
Technical controls can be classified into four main types: authorisation, documentation, backup and
recovery. The following table provides an explanation and examples of each type of control.
Type of control Explanation Example

Authorisation To ensure only authorised individuals have Passwords and the allocation of system
access to, and are able to amend or delete privileges depending on seniority and business
files. need.
Documentation To ensure amendments to files, or The maintenance of an audit trail to record all
instances where files are deleted, are amendments and deletions. The requirement to
properly recorded and the changes can be keep system logs detailing why the changes were
traced to a named individual who is necessary, who authorised them and who made
accountable for them. them.
Backup To ensure proper arrangements are in File backup procedures to regularly save data
place to regularly backup files and to store files used by all system applications.
them securely. They should be easily
retrievable in an emergency.
Recovery To ensure data can be recovered in case of Contingency plans developed to provide staff
disaster. with information on how to deal with the loss of
a system and how to recover it.

4 The control mix
Section overview
• Controls can be classified as preventive, detective and corrective. Organisations should
employ a mix of them to be cost-effective.
LO Procedural and technical controls, if designed appropriately, should complement each other in
7.3 protecting the system and the data and information held within it by covering all possible causes of data loss
or damage. However this protection comes at a cost.
There is a trade-off between having limited controls and a relatively high number of security breaches
and having sophisticated and costly controls and few security breaches. Somewhere between the two
there will be an optimum level of risk and cost for any particular organisation.
4.1 Optimal control investment

The graph below shows how the cost of security breaches falls as the level of controls within a system
increases. It also shows that as the level of control increases, the cost of controls falls to an optimum
point where the costs involved then begin to increase.
Optimum control investment
The cost of security breaches falls with increasing levels of control because the chance of such breaches
is reduced and if they do occur then the cost impact caused by the breaches is reduced.
The cost of controls is initially high as many costs are paid for upfront, such as the purchase of security
software, but they will fall over time. This continues until the point where the cost of purchasing new
controls and managing existing ones becomes more expensive than the impacts they are intended to
prevent. At this point the organisation has reached its optimum level and investment in further controls
should cease.
4.2 The control mix

Controls can be classified into three types, preventive, detective and corrective, depending on what
they are designed to achieve.
Definitions
Preventive controls are designed to stop errors or damage before they occur.
Detective controls are designed to bring the error to the user's (or someone else's) attention after the
error has occurred.
Corrective controls are designed to rectify errors which have been detected. They require their own
preventive and detective controls to ensure the correction process is not defective.

The table below provides examples of preventive, detective and corrective controls.
Control type Example

Preventive Allocating system privileges depending on job role
Detective System reports that identify customers who have exceeded their credit limit
Corrective Anti-virus programs that repair system damage caused by malicious software
Each type of control has an associated cost and level of effectiveness. In general terms, preventive
controls are more cost-effective than those which detect or correct problems because they reduce or
eliminate the problems occurring in the first place. By definition, detective and corrective controls allow
errors or damage to occur.
This does not mean organisations should only invest in preventive controls. No control is 100 per cent
foolproof and even the best preventive control may still allow errors or damage to occur. Additionally, it
is not always cost-effective to put a preventive control in place for every possible problem, especially where
the risk of the problem occurring is small.
Therefore, to cover the organisation for a range of eventualities, it is important for all three types of
control to be put in place. Controls should be selected on the following basis:
(a) The risk of what they are designed to prevent actually occurring.
(b) Their cost-effectiveness.
As preventive controls can stop the majority of problems occurring, they should form the foundation
of the control mix. However, as we saw above, there will be gaps in this protection. To cover these gaps
the organisation should take a view on the chance of errors getting through the initial screening provided by
the preventive controls and make a decision on investing in detection and corrective controls accordingly.
LOs
7.4
7.5
5 Privacy and security issues
Section overview
• Privacy and security issues are of key importance to individuals and organisations. Threats to
them can be caused by the use of personal (social networking) websites and electronic
messaging services.
We have covered controls needed to protect specific data and information which are held within an
organisation's system, so we now turn to other wider privacy and security issues.
Exam comments
The syllabus and the exam focus on the security and privacy issues associated with the use of personal web
pages and electronic communication methods by employees.
What do we mean by privacy and security?
5.1 Privacy
Definition
Privacy is the right of the individual to control the use of information about him or her, including
information on financial status, health and lifestyle.

The right of an individual to have their privacy respected has become an increasingly important issue for
business organisations. This is because many store and collect data about, for example, their employees and
customers.
Many developed nations have enacted privacy laws and Australia is no exception. The Privacy
Amendment (Private Sector) Act 2000 amended the Privacy Act 1988 and has been effective since
December 2001.
The Act sets out various rules which organisations must follow concerning the collection, use, and
disclosure of information about an individual. It also provides guidance on data quality, security,
access and the correction of such data.
Businesses must only collect necessary information, and what they do collect must be collected fairly
and openly. The purpose that the information will be used for must be disclosed and the individual's
consent must be obtained if it is used for a different purpose.
Data must be of sufficient quality, this means it should be accurate, complete and up to date. It
must be kept secure through the use of passwords or physical controls such as locked cabinets. Once it is
no longer needed it must be destroyed securely.
Individuals generally have a right to inspect the data held about them and organisations must take steps
to correct incorrect information or to inform the individual why the information cannot be amended.
5.2 Security
Definition
Security can be defined as 'The protection of data from accidental or deliberate threats which might cause
unauthorised modification, disclosure or destruction of data, and the protection of the information system
from the degradation or non availability of services'. (Lane: Security of computer based information systems)
Information systems with links to other systems such as the Internet are exposed to security risks.
Some of the main risks are explained below.
Security risks associated with information systems
Risk Explanation
Viruses A virus is a small piece of software which performs unauthorised actions and which replicates
itself. Viruses may cause damage to files or attempt to destroy files and damage hard disks. When
transmitted over a network, such as the Internet, into a 'clean' system, the virus reproduces,
therefore infecting that system.
Types of virus include:
• E-mail viruses spread using e-mail messages and replicate by mailing themselves to addresses
held in the user's contacts book.
• Worms copy themselves from machine to machine on a network.
• Trojans or Trojan horses are hidden inside a 'valid' program but perform an unexpected act.
Trojans therefore act like a virus, but they aren't classified as a virus as they don't replicate
themselves.
• Trap doors are undocumented access points to a system allowing controls to be bypassed.
• Logic bombs are triggered by the occurrence of a certain event.
• Time bombs are triggered by a certain date.

Security risks associated with information systems
Risk Explanation
Hackers and Hackers attempt to gain unauthorised access to information systems. They may attempt to
eavesdroppers damage a system or steal information. Hackers use tools like electronic number generators and
software which enables rapid password attempts.
Data that is transmitted across telecommunications links is exposed to the risk of being
intercepted or examined during transmission (eavesdropping).
Hoaxes An associated problem is that of hoax virus warnings. There are a vast number of common
hoaxes, most of which circulate via e-mail. Many are a variation of one of the most 'popular' early
hoaxes – the Good Times hoax. This hoax takes the form of a warning about viruses contained in
an e-mail. People pass along the warning because they are trying to be helpful, but they are in fact
wasting the time of all concerned.
Denial of A fairly new threat, relating to Internet websites is the 'denial of service attack'. This involves an
service attack organised campaign to bombard an Internet site with excessive volumes of traffic at a given time,
with the aim of overloading the site.
5.3 Security controls

The risks identified above can be minimised through a variety of controls that provide network and
communications security.
(a) Anti-virus software
The main protection against viruses is anti-virus software. Anti-virus software, such as McAfee or
Norton searches systems for viruses and removes them. Such programs also include an auto-
update feature that downloads profiles of new viruses, enabling the software to check for all known
or existing viruses. Very new viruses may go undetected by anti-virus software – until the anti-virus
software vendor updates their package and the organisation installs the update.
(b) A firewall
External e-mail links can be protected by way of a firewall that may be configured to virus check all
messages, and may also prevent files of a certain type being sent via e-mail (e.g. .exe files, as these are
the most common means of transporting a virus). Firewalls can be implemented in both hardware
and software, or a combination of both. A firewall disables part of the telecoms technology to
prevent unauthorised intrusions. However, a determined hacker may well be able to bypass this.
(c) Encryption
Data that is transmitted across telecommunications links is exposed to the risk of being intercepted
or read during transmission (known as 'eavesdropping'). Encryption is used to reduce this risk.
Encryption involves scrambling the data at one end of the line, transmitting the scrambled data,
and unscrambling it at the receiver's end of the line. A person intercepting the scrambled data is
unable to make sense of it.
(d) Electronic signatures
Encryption often makes use of electronic signatures in the data scrambling process by using
public key (or asymmetric) cryptography signatures. Public key cryptography uses two keys –
public and private. The private key is only known to its owner, and is used to scramble the data
contained in a file. The 'scrambled' data is the electronic signature, and can be checked against the
original file using the public key of the person who signed it. This confirms that it could only have
been signed by someone with access to the private key. If a third party altered the message, the fact
that they had done so would be easily detectable.
An alternative is the use of encryption products which support key recovery, also known as key
encapsulation. Such commercial encryption products can incorporate the public key of an agent
known as a Key Recovery Agent (KRA). This allows the user to recover their (stored or
communicated) data by approaching the KRA with an encrypted portion of the message. In both
cases the KRA neither holds the user's private keys, nor has access to the plain text of their data.

(e) Authentication
Authentication is a technique of making sure that a message has come from an authorised
sender. Authentication involves adding extra data in a form previously agreed between sender and
recipient.
(f) Dial back security
Dial-back security operates by requiring the person wanting system access to dial into the
network and identify themselves first. The system then dials the person back on their
authorised number before allowing access.
We shall now look at privacy and security issues in two specific areas – personal websites and
electronic communications.
5.4 Common security and privacy issues relating to personal web

pages by employees
Using the Internet for activities that are non-work related is considered personal browsing. While many
employers feel that some discretionary personal use of the Internet at work is acceptable, it can become a
real problem when employees spend so much time on the Internet that it impacts their work productivity.
Browsing for personal use can include online shopping, banking and bill payment, travel planning, sports,
news, personal e-mail, gambling and social networking.
Direct productivity loss is a major concern, however, even more worrisome are the security issues and
numerous computer problems caused when employees download software from Web sites that contain
viruses, spyware, malware and Trojans that slow down computers, destroy data, release sensitive
information and give hackers free reign over the corporate network. The costs of information breach and
system remediation can be many times more than the direct productivity loss. Despite anti-virus
applications, there are many situations where computers need to be completely wiped clean due to
employees downloading harmful software from the Internet.
Employees can unwittingly clog up their company’s network bandwidth by watching or downloading videos
and music - and at the same time create a legal liability. One company was forced to pay $1 million to The
Recording Industry Association of America over an employee who downloaded copyrighted music files
onto a corporate server, which were then shared out over the Internet.
5.4.1 Productivity and network security issues

Most managers and executives admit to some personal internet use while at work, whether it is shopping
for shoes or looking at reviews of a cruise ship. This may lead to a somewhat lax view by companies when
it comes to monitoring and disciplining for inappropriate internet use. Companies, however, probably
underestimate the amount of company time and money employees waste on the internet. In a recent
survey it was discovered that on average, employees spent over 20% of their online time on the internet
managing personal affairs.
Apart from this, the study found that over 70% of personal use consisted of ‘employee productivity
draining’ web sites. These types of sites include shopping, entertainment, personal e-mails, sports, chat
rooms, job searches, and game playing and account for 94% of the bandwidth cost required for personal
internet use.
Perhaps the most shocking result of the study was the data showing that over 80% of personal use of the
World Wide Web involves visiting web sites that could expose an employer to liability, such as
pornography and gambling websites. If this were not bad enough, 19% of personal internet use involves
activities that result in threats to a company’s network security, such as file sharing, the use of malicious
code and spyware.
5.4.2 Security issues – cookies and web beacons

A cookie is an element of data sent from a website to your browser, which then stores it on your system
(or your employer’s system) for future use. Many websites use cookies to keep track of your shopping cart
and to honour your preferences, such as not using frames.

Web beacons are very small or transparent image files that may be placed on a website to monitor the
behaviour of visiting users of the website. Web beacons are used in conjunction with cookies and assist in
passing along the same type of general information, such as the IP address, time, and duration that a web
page was viewed, the type of browser that retrieved the image, and previously set cookie values.
The information collected may be used for delivering targeted content, tracking or enhancing the user’s
experience on a website. In some cases, information gathered in these ways might be considered legitimate
marketing data (e.g. which pages are being read and which are avoided or just dismissed), It is more difficult
to decide at what point learning a user’s preferences goes from being a convenience for the user to being
an invasion of privacy.
Many malicious web sites will introduce malware into a user’s system via an email attachment. Email
addresses should never be entered in sites unless the user is clear why they are required. Email attachments
should never be opened (by e.g. double clicking on them) unless the email is expected and from a trusted
source. Emails that look like ‘spam’ should be deleted immediately, whether at work or at home.
You can set your browser to notify you when you receive a cookie, giving you the option to accept or
reject it. You may not be able to conduct some transactions or use some services on certain Websites if
you disable cookies on your browser.
5.4.3 Security issues – social networking

The success of social networking sites such as Twitter, Facebook and Myspace has resulted in many
individuals having their own web pages where they can share information about themselves with friends,
family and others.
Although all different, social networks share a number of common features which include:
(a) User profiles which hold personal information about the user such as their date of birth, interests
and family relations.
(b) Media such as photos and video which are uploaded by the user and held within their user profile
for viewing by other users.
(c) Messaging services that allow users within the network to communicate with each other.
(d) Apps and widgets (small software programs) such as games or quizzes that users can share, some
of which can be used to collect information about the user.
The true power of these sites is the ability of users to create large networks, or groups, consisting of
themselves and others. Users can search the site for their real life friends using personal information
such as their date of birth and town where they live and 'add them' as virtual friends on the network. The
site itself may suggest other individuals which a user may wish to add as friends based on virtual
friends that they have in common. Once connected, the two friends can view each other's personal
information and media stored on the system.
Can an employer stop web surfing at work? Many employers already do this as a practical matter of security
and productivity. Many social networking websites like Facebook and Myspace are notorious for having very
weak security protocols. This makes acquiring a virus that could potentially affect the network mainframe
much more likely.
Many programs exist that can restrict access to certain websites, while allowing business to flow. In
addition, it is very simple for a company to track access to specific websites and monitor activity from
computer terminals because of the way networks are set up. Unproductive surfing can be a boredom cure
for some jobs, but for other businesses it can be a problem for productivity.
5.4.4 Legal risks related to blogs – disclosure and trade secrets issues
A blog, or weblog, is a website in which statements can be posted by one or several administrators and are
displayed in reverse chronological order. There are several types of blogs, including news blogs,
photography blogs, video blogs, and music blogs. Most often, however, blogs take the form of an online
diary, where a person might post anything from what she had for lunch that day to how her son is enjoying
college. Employee blogs have become a popular way for employees to share their everyday experiences at
work with co-workers, friends, and strangers. Since blogging is a relatively recent phenomenon, companies

are still grappling with how to respond. Blogs can be useful for trainees learning a new job or for instructors
to assess how training is proceeding.
Network security is becoming increasingly important for companies looking to protect their intellectual
property. Employees have access to all sorts of information the disclosure of which would damage the
company. Blogs offer employees a means to publish this information quite literally at the push of a button. If
a company is publicly traded, employees might disclose insider information that could alter the price of the
company’s stock. Employees may disclose trade secrets or not-yet-patented technology that could put the
company at a competitive disadvantage. Frequently companies are not aware of such conduct until after the
damage is done.
Companies that permit employees to post confidential or proprietary information on the internet may lose
trade secret protection for the information. If employees inadvertently post or make proprietary
information accessible on the internet, its protection may be lost forever.
A 2006 California case held that employees who disclose trade secrets for publication on a third party blog
are afforded First Amendment protection, insofar as the recipient blog need not disclose the identity of its
source.
5.5 Privacy issues – personal websites

Privacy issues concerning personal websites relate to who can access information about an individual.
Clearly a person with a Facebook account who has completed their user profile and has uploaded photos of
themselves clearly expects somebody to see them – a privacy issue occurs when someone whom the
individual does not want to see the information gains access to it.
Such unauthorised bodies could include ex-partners, advertisers or bullies from school, but increasingly
organisations are searching social networks as part of the recruitment process when hiring an employee,
or while an employee is absent on sick leave. There have been instances where embarrassing party
photos have resulted in an offer of employment being withdrawn, and employees have been sacked for
being spotted online avoiding work.
Organisations therefore face ethical decisions over whether to spy on their employees' private lives and
whether what an employee does in their private life should affect their career prospects. However, like
their employees, organisations also have a right to protect their own privacy which may be affected by
comments posted online by their employees.
In response to privacy concerns and public outcries, many social networks have taken steps to improve
the privacy of their users. There has been a mixed response, and users are able to protect their privacy to
some degree, but they need to spend time configuring the range of privacy settings available to them –
something not all users will do.
Case studies
In the UK in 2009, a 16-year-old female was sacked as an administrator for making disrespectful comments
about her job on Facebook and inviting other members of staff to read them. Her employer stated that the
same result would have occurred if the employee had posted the comments on a staff noticeboard and that
her comments undermined their relationship and made her job untenable.
In July 2009, cricketer Philip Hughes stated on Twitter that he had been dropped from the latest Ashes
squad before the team was announced. This breached the Australian cricket team's right to privacy and may
have handed their opponents, England, an advantage in the forthcoming match.
5.6 Invasion of privacy in the electronic workplace

Several factors determine whether employees can reasonably expect that their computer or e-mails will not
be subject to monitoring by their companies. Often, knowledge that a company monitors employee e-mails
is enough to destroy an employee’s expectation of privacy. In Bourke v. Nissan Motor Corporation, an
employee sued for invasion of privacy where a company regularly intercepted and read his private
communications, including several which contained embarrassing private material. The company prevailed

because the employees had signed acknowledgments that they would only use e-mail transmissions for
company business. Further, in the light of the employees’ knowledge that the company had monitored
communications in the past the court found that there was no reasonable expectation of privacy.
Courts have held employees have no reasonable expectation of privacy when using company-owned
equipment, even within the employee’s private residence. In another case the company provided two
computers for an employee’s use, one at work and the other for his home, allowing the employee to work
at either location. The employee had signed his company’s ‘electronic and telephone equipment policy
statement’, and had agreed in writing that his computers could be monitored by the company.
The employee was dismissed when the company discovered that he had violated its electronic policy by
repeatedly accessing pornographic sites on the internet while at work. He claimed that the pornographic
websites were not accessed intentionally but simply ‘popped up’ on his computer. During discovery, the
company moved to compel production of his home computer to learn whether there was inappropriate
information on the hard drive. The trial court had denied the company’s motion to compel production of
the home computer. The appeals court reversed, ruling that the company was entitled to inspect the
employee’s home computer. The court held that since the employee signed the policy allowing monitoring
of all computers, he voluntarily relinquished his privacy rights in the information stored on his home
computer, and therefore had no reasonable expectation of privacy when he used his home computer for
personal matters.
5.7 Security issues – personal websites

For organisations and employees, security issues can be potentially more harmful than breaches of
privacy. Some potential security issues include:
(a) Loss of confidential information. Employees may be privy to confidential or sensitive information
which if made public could cause their employer to lose competitive advantage, for example trade
secrets about a new product or plans to acquire a competitor. Such information would spread very
quickly across a social network if released accidentally or deliberately.
(b) System damage. Social network applications could be a cover for viruses or other malicious
software which may be downloaded into the employee's or organisation's system through use of the
social network.
(c) Identity theft. Much of the information posted on social networks, such as dates of birth, location,
addresses and phone numbers, is of use to identity thieves who pose as their victims in order to
obtain money or goods. Individuals should ideally not post such information online, or if they do,
ensure only those they trust can see it.
(d) Damage to reputation. Organisations and users must protect their social network accounts from
hackers or unauthorised individuals who may attempt to gain access to their profile in order to ruin
their reputation, for example, by making obscene comments about others.
Case studies
In March 2010, a military operation by the Israeli Defence Force had to be cancelled after one of the
soldiers due to take part posted the day and location that the attack was due to occur on Facebook.
Vodafone UK was forced to issue a public apology when an employee posted a homophobic tweet on the
company's twitter account which was sent to its 8 500 followers. The employee gained access to the
account through an unattended keyboard.
5.8 Electronic communications

Since the dawn of the Internet, email has grown to be the most popular method of electronic
communication. It allows near instantaneous communication between users around the world with the
added benefit that documents which relate to the message can be attached to it.
Email revolutionised how organisations do business by speeding up the flow of information, allowing
the paperless storage of information and for people to communicate without needing to be in
the same room or at the end of a phone line.

After the world got the taste for instantaneous communication, electronic messaging services such as
those provided by MSN and Yahoo! began to be developed. These run on similar principles to email but
are designed to be more informal. Once logged onto the system, users can send and receive messages
instantaneously from others who are also on-line. The systems are so quick that users can chat in real
time.
Recent developments in electronic messaging include the ability to send a video feed from a webcam while
chatting and to share files over the system.
5.9 Privacy issues – electronic communications

Privacy issues concerning electronic communications differ to those relating to personal websites.
Information held in user accounts of social networks can be amended or deleted at any time so the user
has control over what others see. However electronic messages, once sent, are a permanent record
which the recipient can control, including the facility to send them on to others without the original
sender's permission. Therefore, it is important for users to be careful about what information they include
in emails and electronic messages.
Emails and messages sent through an organisation's system can be stored and analysed at any time
by employers so it is very important that employees do not send anything which is inappropriate.
5.10 Security issues – electronic communications

Emails and electronic messages in themselves are a low security risk, however they can be used as
a vehicle to breach a system's security. Examples of security risks include:
(a) Viruses and malicious software. These can be hidden in email attachments or Internet links sent
through an electronic messaging service. Once opened they may infect the user's computer or
network unless anti-virus software is in place.
(b) Phishing attacks. These are where innocent or official looking emails or messages are sent which
entice the user to provide sensitive or confidential information. They are commonly in the form of
emails which appear to be from a user's bank which require the entry of account information that
enables the phisher to access and empty their victim's account.
(c) Leaking. Confidential emails between employees or between employees and third parties are at risk
of being leaked to the public by those with high-level access to an organisation's email system or by
the recipient themselves.
(d) Unintended distribution. A common fault with email systems is that messages can be sent to a
person with the same or similar name as the intended recipient by accident. Another problem is
where a user 'replies to all' rather than just replying to the sender of an email.
(e) Impersonation. Instant messaging services offer users no guarantee that the person they are
chatting with are actually who they say they are. It is especially important to be wary about providing
any personal information over such systems.
Case study
In 2010 thousands of fake emails were sent by scammers purporting to be from the UK's tax authority.
Recipients were told that they were due a tax refund and to provide the sender with their bank or credit
card details to facilitate the transfer. The tax authority issued a warning about these phishing attacks and
stated that it only informed customers about tax refunds by post.

6 Transaction security
Section overview
• Business transactions often occur face-to-face, such as in a shop, but increasingly business is
being conducted electronically via the Internet or telephone. There are different security
implications for each type of transaction and therefore different security precautions that
should be taken.
LO
An important part of modern business is e-commerce, transactions made between buyers and sellers using
7.9 the Internet or other electronic methods. We saw in the previous section that security is a major concern
when using such methods so we shall now consider the controls which are necessary to minimise security
risks.
6.1 Face-to-face transactions

Before looking at e-commerce transactions it is important to understand what happens in a traditional
face-to-face transaction such as when a person buys something from a shop.
A face-to-face transaction usually proceeds as follows:
Step 1 Customer enters the shop and selects an item that they wish to purchase.
Step 2 Customer takes the item to the sales counter, the price to pay is totalled and payment is
requested.
Step 3 Customer pays for the item.
Cash payments: the cashier checks the customer's notes or coins to ensure they are legal
tender and are of the correct value.
Debit or credit card payments: the customer's card is taken and swiped to access the account
and they are requested to enter a PIN number or provide a signature to prove the card is
theirs. The vendor receives payment from the customer's bank or credit card issuer at a later
date.
Step 4 Transaction complete, the customer takes their purchase home.
6.2 Security risks – face-to-face transactions

Face-to-face transactions offer a good level of security for both customers and vendors. The main concerns
customers have when making any purchase are whether or not they will receive their goods and
whether any information they provide during the purchase can be stolen, used without their
consent or used to defraud them.
For vendors the main concern is whether or not they will be paid for the goods supplied.
For the customer, there is no risk of them not receiving their goods as they have collected them from
the shop and the purchasing process respects their anonymity as they are not generally required to
provide their bank, credit card or address details. The main risks are having their debit or credit card details
cloned during the process or that they are charged an incorrect amount for the goods purchased.
For the vendor, as payment is collected before the goods leave the shop the risk of non-payment is
low. The only risks being that the cash received is fake or stolen by employees, and the bank or
credit card issuer does not forward on payment for any reason.

6.3 Controls – face-to-face transactions
The following table contains controls for customers and vendors to safeguard their security in face-to-face
transactions.
Customer controls Vendor controls

Check till points for unexpected devices that Install equipment to detect fake bank notes.
may be used to clone bank and credit cards.
Hide the keypad when entering a PIN code. Reconcile cash in tills to sales reports to ensure nothing is missing. This
should be performed by someone other than the cashier concerned.
Keep an eye on bank and credit cards at all Install an approved bank payment system to take card payments.
times when passing them over to shop staff.
Double check the amount being charged for Reduce the risk of accepting fake cards by following good card
the transaction and ensure it matches the processing practice:
receipt. • Check cards are not reported lost or stolen against notices sent by
card issuers.
• Double check the PIN is verified or that a signature matches the
one on the card.
• Check the card has not been tampered with.
• Be wary of nervous customers or those making apparently random,
high-value purchases.
6.4 Non face-to-face transactions

Non face-to-face transactions, such as over the Internet or telephone, usually proceed as follows:
Step 1 Customer searches a catalogue for the item they wish to purchase.
Step 2 For Internet transactions, the customer visits the Internet shop, selects the item they wish to
buy and then visits the checkout.
In telephone transactions, the customer calls a sales number and speaks to a member of staff
in order to buy the item.
Step 3 The customer supplies their card details and delivery address so payment can be taken and
the goods delivered.
Step 4 The customer's bank or credit card issuer approves the transaction and the vendor receives
payment at a later date.
Step 5 The goods are despatched to the customer's address.
Step 6 Transaction complete.
6.5 Security risks – non face-to-face transactions

The security risks are similar to face-to-face transactions and include:
(a) For the customer
(i) The risk that their bank or credit card details will be stored in the vendor's system or by the
telephone sales advisor and used without their permission.
(ii) The risk that their bank, credit card and address details can be stolen or otherwise used for
identity theft.
(iii) The risk that the goods ordered will not be delivered.
(b) For the vendor
(i) The risk that the customer is using fake bank or credit card details and so they will not be
paid.
(ii) The risk that the goods are not received by the customer resulting in replacements having to
be dispatched at extra cost.

6.6 Controls – non face-to-face transactions
The following table contains controls for customers and vendors to safeguard their security in non face-to-
face transactions:
Customer controls Vendor controls

When ordering online ensure the website is secure. This Install an approved payment system from a bank to reduce
is identifiable from a small padlock being visible on the the risk of acceptance fake cards.
browser and the website address beginning with 'HTTPS:'.
Install internet security software which includes a firewall Join a card scheme under which customers have to
and identity protection to reduce the risk of hackers authenticate themselves when ordering online. Examples
obtaining account details and to help identify potentially include 'MasterCard SecureCode' and 'Verified by Visa'.
fraudulent websites.
Order using a credit card rather than a debit card. Credit When accepting payments over the phone:
card users can recover any losses for fraud or where
• Ask for the card's security code (usually the last three
goods are not delivered directly back from the card issuer
digits on the reverse of the card).
rather than having to chase the vendor.
• Use an online database to check the address given by
the customer to the one held by their bank.
Only order through websites which are trusted such as Use a courier or recorded/registered post to ensure the
major retailers or those which have been recommended goods are delivered and the customer has signed for
by friends and family. delivery. Consider carriage insurance for high-value goods.
The risks of non face-to-face transactions are actually a greater problem for the vendor than the
customer. This is because unless they are 100 per cent happy that the transaction is safe and that they can
trust the vendor, it is unlikely that a customer will order from them.
Therefore, it is up to the vendor to gain the customer's trust, to do this vendor websites should:
(a) Be secure. The site should provide customers with an HTTPS: connection which provides security
against eavesdroppers or hackers gaining access to their personal information when it is sent over
the Internet.
(b) Protect payments. The availability of additional card protection features such as those offered by
MasterCard and Visa, while mainly protecting the vendor, show the customer that their security is
important too.
(c) Provide information. Trusted websites supply customers with full information about what to
expect during the purchasing process.
(d) Provide reassurance. Customers should be reassured that even though the website exists
intangibly on the Internet, the organisation behind it is solid and contactable. The availability of a
customer service telephone number to deal with queries is ideal as customers may not trust that
emails will be dealt with swiftly.
Purchasing using a mobile device
Many of the controls used when purchasing from a mobile phone or similar device benefit customers as
well as vendors. By ensuring customers are who they claim to be, they are protected from identity theft
and being charged for transactions they know nothing about.
Passwords are widely used, particularly if the customer has an account with the vendor. This is the normal
method if the product is a game, an application, or music which is downloaded to the device.
Authentication may also be based on the phone's unique SIM (Subscriber Identity Module) card, though this
does not apply to, say, a PDA (Personal Digital Assistant) communicating via WiFi.
If the device has a reasonable display, the purchaser may be presented with a few letters in strange format
which are easy for a person to recognise, but almost impossible for a computer. This is to block large scale
automatic attempts at impersonation and theft. This technique may also be used for non-mobile on-line
purchasing.
Vendors may also use sophisticated behavioural profile models to detect, say, unusually heavy purchasing
which may follow the theft of a mobile device.

Key chapter points
• Data is used to create information and it is important to control and maintain it in order to obtain
the best possible information from a system. To this end organisations should apply data quality
principles and introduce technical and procedural controls over their systems.
• Procedural controls include input, processing and output controls.
• Technical controls address security issues such as authorisation, documentation, backup and
recovery.
• Controls can be classified as preventive, detective and corrective. Organisations should employ a mix
of them to be cost-effective.
• Privacy and security issues are of key importance to individuals and organisations. Threats to them
can be caused by the use of blogs, cookies, web beacons and personal (social networking) websites
and electronic messaging services. They are also at the heart of productivity and network security
issues.
• Business transactions often occur face-to-face, such as in a shop, but increasingly business is being
conducted electronically via the Internet or telephone. There are different security implications for
each type of transaction and therefore different security precautions that should be taken.

1 Which principle of data quality relates to whether the data can be used in conjunction with other
data or if it can be used over periods of time?
A relevance
B coherence
C accuracy
D interpretability
2 Which of the following is an example of a validation test?
A header tables to ensure correct identification of files
B range tests to ensure values within records are within an acceptable range
C trailer labels to ensure the entire document is read
D arithmetic tests to ensure totals within a record are correct
3 Which of the following are categories of technical controls?
I recovery
II documentation
III authorisation
A I and II only
B I and III only
C II and III only
D I, II and III
4 Which of the following describes the optimum point of investment in control systems?
A where the cost of investing in new systems is minimised
B where the benefit from control systems is maximised
C where the cost of controls is the same as the benefits new systems create
D where the risk of security breaches is eliminated
5 Which type of system security risk does not replicate itself?
A Trojan Horse
B worm
C Internet virus
D email virus
6 How can a vendor provide reassurance to customers that transactions on their website are secure?
I provide a customer service telephone number
II provide an 'HTTPS:' address
III join a card scheme such as 'MasterCard SecureCode' or 'Verified by Visa'
A I and II only
B I and III only
C II and III only
D I, II and III

1 B Coherence relates to whether the data can be used in conjunction with other data or if it
can be used over periods of time.
2 B Validation tests are designed to check that the data is processed correctly. The other
options are file checks which are designed to ensure the integrity of the file structure is
maintained.
3 D The other type of technical control is backup.
4 C Controls can only reduce the risk of security breaches, they can never eliminate them. The
optimum level of investment is the most cost-effective – investments should be made until the
cost of systems are the same as the benefits new systems bring. Investments should not go
ahead if the costs outweigh the benefits.
5 A Trojan horses are hidden in legitimate looking software. They do not replicate themselves
and so are not classed as viruses.
6 D They are all practical steps a vendor can take to give customers confidence in the
security of transactions on its website.

1 A Input controls regulate the accuracy and completeness of data as it enters the system and
therefore has the greatest effect on data quality. Processing and output controls are
concerned with the conversion of data into information and are not usually related to the
quality of data itself.

Chapter 7
Business processes
Information controls and processes LO7
Construct an overview diagram of business processes LO7.6
Produce an effective summary of business processes and systems LO7.7
Explain the interrelationships between business processes and accounting LO7.8
information systems
Identify and explain the steps involved in changing business processes LO7.10
Topic list
1 Summarising business processes

2 Mapping business processes
3 Changing business processes
4 Business processes and accounting information systems
207
Introduction
In this, our penultimate chapter, we focus on business processes.

We start by explaining how to produce a textual summary of a business process that is suitable to be used
as the source for a diagrammatic representation of the process. We then cover business process mapping,
which involves producing a summary diagram of the process.
Following a logical, planned approach to the changing of business processes helps achieve support for the
change and reduces the chance of something significant being overlooked. In today's business environment,
often the most successful organisations are those best able to deal with change. We cover the changing of
business processes in Section 2.
We finish off the chapter by considering the relationship between business processes and information
systems (and IT).

Before you begin
covered.
1 Who should you speak to when gathering information about a business process? (Section 1)
2 What are the main symbols used in a process map flowchart? (Section 2)
3 What does the term 'business process re-engineering' mean? (Section 3)
4 Give one example of how an accounting information system may impact business (Section 4)
processes.
7: Business processes 209

LOs
7.6 1 Summarising business processes
7.7
Section overview
• Business processes are easier to understand, and therefore easier to change, if they are accurately
documented.
• Processes are usually documented using a combination of a written summary that describes the
process and a diagram or process map that illustrates it.
Definition
A business process is a collection of co-ordinated activities or tasks performed to accomplish a specific
goal or output.
1.1 Why focus on processes?

Many businesses recognise that value is delivered through processes, but still define themselves in terms
of their functional roles. To properly harness the resources within a business a clear agreement of the
management and implementation of processes is needed.
Without this focus on processes:
(a) It is unclear how value is achieved or can continue to be achieved.
(b) The effects of change on the operation of the business are hard to predict.
(c) There is no basis to achieve consistent business improvement.
(d) Knowledge is lost as people move around or out of the business.
(e) Cross-functional interaction is not encouraged.
(f) It is difficult to align the strategy of an organisation with the people, systems resources through
which that strategy will be accomplished.
1.2 Producing a written summary

A textual summary of a business process is simply a concise written description of the process. The
process starts by gathering information relating to the process.
Gathering information
You should interview the people who do the work associated with the process. Identify the person or
people who really know the process, this usually means experienced employees. These people should walk
and talk you through their part of the process and answer any questions.
One approach to this would be to interview all of the people you have identified at a group meeting or
workshop. A risk associated with this approach is that when people are away from their place of work
they tend to focus on the value-added steps they perform but overlook other steps they perform. These
steps may best be documented by observing behaviour in the workplace. So, in some situations the
best approach is to physically follow the process yourself, interviewing and recording your findings as you
go.
What information should you record?
Identify and record the data and information used in business processes and what is done with it.
This is the substance of a process. Record how data is held, for example in documents, forms, reports,
email messages, digital files and so on and how these are moved and changed. Move through the process
from one workstation to the next, collecting copies of source documents and screen prints – anything that
will help subsequent production of a process map.
Make sure that employees understand what you are doing and why they are involved. Use observation
whenever possible – a realistic demonstration provides the best example.

Ask questions, for example What, Who, Where and When. Be methodical – identify the start point and
end point for the process. Start with the activity that triggers the work (for example the process starts with
receipt of an order from the website) then watch the employee process the work.
Ask the employee to show you what they do, for example review the order, pick the products and so on.
Also get an estimate of the amount of time associated with each task.
When should I investigate why things are done this way?
Don't ask 'Why' at this stage, this is a question for later. Your aim at this stage is to gather information that
will enable the production of a process map that accurately reflects the current process.
LOs
7.6
7.7
2 Mapping business processes
Section overview
• Business processes are usually easier to understand if they are illustrated or mapped.
• There are a range of process mapping techniques including flowcharts and data flow diagrams.
Definition
A process map identifies and represents the steps and decisions involved in a process, in diagrammatic
form.
2.1 Process mapping

One way of analysing and representing information flows is with the use of process maps.
Process maps:
• Describe the flow of materials, information and documents
• Display the tasks contained within the process
• Show that the tasks transform inputs into outputs
• Indicate the decisions that need to be made
• Demonstrate the relationships and dependencies between the process steps
There are many types of process maps (sometimes referred to as process charts) and many charting
conventions.
Process maps should be simple enough for the process under review to be understood by almost anyone,
even someone unfamiliar with the process.
2.1.1 Why process map?

Process maps are important for several reasons.
(a) Changing systems and working methods without understanding the underlying processes can lead to
costly mistakes. It can also create conditions that make it difficult for staff to work effectively.
(b) If organisations don't understand a process they will not be able to manage it effectively – and if they
cannot manage a process they cannot improve it.
(c) Process mapping enables businesses to clearly define current processes, identifying problem areas
such as bottlenecks, delays or waste. This knowledge provides a solid basis from which to develop
solutions and plan new improved processes.
(d) Process mapping enables an organisation to:
• Establish what is currently happening.
• Measure how efficiently the process is working.
• Gather information to understand where waste and inefficiencies exist and their impact on
employees, customers and/or partners.
• Develop new improved processes to reduce or eliminate inefficiency.

2.1.2 Process map types and symbols
Two common types of process map are a basic flowchart and a deployment flowchart.
(a) Basic process map flowcharts set out the sequence of activities and decision points. They
illustrate the main steps and decisions in the process. Labels showing the type and level of staff doing
each step can be added if required.
(b) Deployment process map flowcharts are similar to basic process maps, but also show who
does what, including interactions between the parties involved. This type of process map is
sometimes referred to as a 'swim lane chart' – as the page is divided into vertical lanes for each
person or party involved.
2.1.3 Process map flowcharting symbols

Below are examples of commonly used flowcharting symbols. You should remember though that
different people and organisations may use different symbols, or may use only some of the symbols below.
Factors such as the complexity of the process being modelled and simple personal preference play a part.
Flowcharting symbols
Start/End
This symbol marks the starting or ending point of the system.
Action or
process
A box can represent a single step (‘add two cups of flour’), or an entire sub-process
(‘make bread’) within a larger process.
Document
A prin ted document or report.This symbol is not always used – it depends upon the
level of detail required in the model.
Decision
A decision or branching point. Lines representing different decisions emerge from

different points of the diamond.
Input/
Output
Represents material or information entering or leaving the system, such as customer

order (input) or a product (output).Again, the use of this symbol is not consistent –
some people may identify a customer placing an order at a retail counter as an action –
others may identify it as Input.
Flow
This arrow indicates the sequence of steps and the direction of flow.

2.1.4 Constructing a process flowchart
Process maps are most-easily produced using relatively specialised software, for example Microsoft
Visio. General purpose software packages such as Word, Excel and PowerPoint can also be used.
Step 1 Organise the sequence out by working down rather than across.
Step 2 Having thought through the main 'steps' of the process, flowchart them in the sequence
they are performed.
Step 3 Use rectangles for 'tasks' and diamonds for 'decisions'. Use connecting arrows between
boxes to represent the direction of the sequence.
Step 4 Concisely describe each task or decision in its own box. Boxes may be numbered and a
key provided where the activity is described in more detail.
Step 5 If the process includes decision points, this will normally imply some 'return-routing'
causing some boxes to have more than one input. 'Return routing' or 'loops' often
indicate an inefficiency or waste.
Step 6 Decisions usually (but not always) pose questions answerable by 'Yes' or 'No'. Structure
questions so that the preferred answer is 'Yes'.
Step 7 Conventions include drawing the 'Yes' route out of the bottom of the diamond (i.e.
normal flow downward through the chart) and the 'No' route as a line to the side of
the box.
2.1.5 A simple process flowchart

2.1.6 Constructing a deployment flowchart
Deployment flowcharts include a 'department' or 'unit' dimension along the top of the chart. They may
include individuals, groups, departments, agencies, organisations, functions etc - whatever 'units' involved in
the process.
The following should be considered when constructing deployment flowcharts:
• Draw vertical lines to separate the functional boundaries.
• When the flow moves from one function to another, this is ideally denoted by a horizontal line.
• Apart from the horizontal moves between functions, aim when possible to sequence activities from
top to bottom.
• Always connect symbols with arrows indicating the direction of flow.
2.1.7 A simple deployment flowchart
Production department Purchasing department Supplier
START
Request materials Check order
Inform No
production OK?
manager
Yes
Check order
Send order
Fulfil order
to supplier
No
OK? Send goods

to production
Yes manager
END
It may be useful to also use the D symbol to indicate any delays in the process, particularly at the
boundaries between agencies or sections.
2.1.8 Data flow diagrams

Data flow diagrams show the ways in which data is processed, and may be used to help map a process. We
covered data flow diagrams, in the context of systems analysis, in Chapter 4.
Exam comments
Exam questions could present you with a process map or process map extract and test your understanding
of it.

LO
7.10
3 Changing business processes
Section overview
• Change, in a business context, should ideally be planned - although this isn't always possible as the
business environment is volatile.
• To change or re-engineer a business process requires an understanding of the current process and
the desired process.
• A number of steps can be identified in the changing of business processes.
3.1 Types of change

Four types of change experience and likely employee reaction have been identified (Torrington and
Weightman (1994)).
Type Comment Likely employee reaction

Imposition Initiated and driven by someone else Resistance
Adaptation A change in attitude or behaviour as a result of changes by Uncertainty
others
Growth A response to opportunities Delight
Creativity The individual instigates and controls the change process Excitement
3.1.1 Reactions to proposed change

Other possible reactions to a proposed change include:
(a) Acceptance – whether enthusiastic espousal, co-operation, grudging co-operation or resignation.
(b) Indifference – usually where the change does not directly affect the individual: apathy, lack of
interest, inaction.
(c) Passive resistance – refusal to learn, working to rule.
(d) Active resistance – deliberate 'spoiling', go-slows, deliberate errors, sabotage, absenteeism or
strikes.
3.2 Dealing with resistance to change

Kotter and Schlesinger (1979) identified six methods of dealing with resistance to change. They are:
(a) Education and communication. This method is effective where the cause of the resistance is lack
of information about the change.
(b) Participation and involvement. Where those affected by the change have the power to resist it,
this method reduces the resistance by taking their views into account.
(c) Facilitation and support. Where the cause of the resistance is anxiety and insecurity, support such
as training is effective.
(d) Negotiation and agreement. Compensating those who lose out (for example redundancy
packages) may be appropriate in some instances.
(e) Manipulation and co-optation. This method involves the presentation of partial or misleading
information to those resisting change or 'buying-off' the main individuals who are at the heart of the
resistance.
(f) Explicit and implicit coercion. Ultimately the use or threat of force to push through the change
and the crush resistance may be the only option.
The six approaches are not intended to be used separately in isolation – a combination of them is likely to
be required.

3.3 Pace, manner and scope
There are three important factors for managers to consider when introducing change – pace, manner
and scope.
3.3.1 Pace
The more gradual the change, the more time is available for questions to be asked, reassurances to be
given and retraining (where necessary) embarked upon. People can get used to the idea of new methods
and become acclimatised at each stage.
3.3.2 Manner
The manner in which a change is communicated is important. The need for change must made clear,
fears soothed, and if possible the individuals concerned positively motivated to embrace the change.
3.3.3 Scope
The scope or extent of the change is important. Total transformation will create greater insecurity, but
also provides the opportunity for greater excitement, than moderate innovation.
There may be hidden changes to take into account. For example, a change in technology may necessitate
changes in work methods and processes which may in turn result in the breaking up of work groups.
3.4 Business process re-engineering

The changing of business processes is sometimes referred to as business process re-engineering.
Definition
Business process re-engineering is the fundamental rethinking and radical redesign of business
processes to achieve dramatic improvements in critical contemporary measures of performance, such as
cost, quality, service and speed. Hammer and Champy (2004)
As the definition states, business process re-engineering involves fundamental changes in the way an
organisation operates. For example, processes which were developed in a paper-intensive processing
environment may not be suitable for an environment which is underpinned by IT.
Other key words from the definition are 'radical', 'dramatic' and 'process'.
(a) Fundamental and radical indicate that BPR assumes nothing: it starts by asking basic questions
such as 'why do we do what we do', without making any assumptions or looking back to what has
always been done in the past.
(b) Dramatic means that BPR should achieve 'quantum leaps in performance', not just marginal,
incremental improvements.
(c) A process is a collection of activities that takes one or more kinds of input and creates an output.
For example, order fulfilment is a process that takes an order as its input and results in the delivery
of the ordered goods.
3.4.1 Principles of BPR

BPR came to prominence in 1990, when the Harvard Business Review published an article by Michael Hammer
that identified seven principles of BPR.
(a) Processes should be designed to achieve a desired outcome rather than focusing on existing
tasks.
(b) Personnel who use the output from a process should perform the process. For example, a
company could set up a database of approved suppliers that allows personnel who require supplies
to order them themselves, perhaps using online technology.

(c) Information processing should be included in the work which produces the information.
This eliminates the differentiation between information gathering and information processing.
(d) Geographically-dispersed resources should be treated as if they are centralised. This
allows the benefits of centralisation to be obtained, for example, economies of scale through central
negotiation of supply contracts, without losing the benefits of decentralisation, such as flexibility and
responsiveness.
(e) Parallel activities should be linked rather than integrated. This would involve, for example,
co-ordination between teams working on different aspects of a single process.
(f) 'Doers' should be allowed to be self-managing. The traditional distinction between workers
and managers can be abolished: decision aids such as expert systems can be provided where they are
required.
(g) Information should be captured once at source. Electronic distribution of information makes
this possible.
3.5 Steps in the changing or reengineering of business processes

Different management writers propose different ways of changing business processes. We will look at the
approaches recommended by Davenport and Short (1990) and Michael Tucker (1996).
3.5.1 Davenport and Short - five step approach to changing business processes
Davenport and Short (1990) prescribe a five-step approach to the redesign or changing of business
processes.
Step 1 Develop the business vision and process objectives. Process redesign is driven by a
business vision which implies specific business objectives such as cost reduction, time
reduction and output quality improvement.
Step 2 Identify the processes to be redesigned. Some firms use the 'high impact' approach,
which focuses on the most important processes or those that conflict most with the business
vision. Lesser number of firms use the 'Exhaustive' approach that attempts to identify all the
processes within an organisation and then prioritise them in order of redesign urgency.
Step 3 Understand and measure the existing processes. This step is necessary to ensure
previous mistakes are not repeated and to provide a baseline for future improvements.
Step 4 Identify Information Technology levers. An awareness of IT capabilities could prove
useful when designing processes.
Step 5 Design and build a prototype of the new process. The amended design should not be
viewed as the end of the redesign process – it should be viewed as a prototype with
successive alterations. The use of a prototype enables the people involved in the process to
test it and improve it.

3.5.2 Tucker - four step approach to changing business processes
In his book Successful Process Management in a Week, Michael Tucker (1996) explains his critical
examination approach to process improvement. His approach is summarised in the diagram below.
Improvement
Present method Challenge Best option
options
What is Why is it What else What else

achieved? necessary? could be done? should be done?
How is it Why that How else could How else should

done? way? it be done? it be done?
When is it When else could When else should

Why then?
done? it be done? it be done?
Where is it Where else Where else

Why there?
done? could it be done? should it be done?
Who else Who else

Who does it? Why them?
could do it? should do it?
As shown in the diagram, Tucker's approach involves four steps.
Step 1 Answer the questions in the first column. These summarise the
Present method present process method, asking: what; how; when; where; and
who.
Step 2 Challenge each of your answers by asking "why?"
Challenge the current method
Step 3 Use column three to help you generate a range of improvement
Identify possible improvements options.
Step 4 Decide on the best option.
Best option
Case study
Example of BPR
A company employs 25 staff to perform the standard accounting task of matching goods received notes
with orders and then with invoices. A process review established that 50 per cent of employee time was
spent trying to match the 20 per cent of document sets that do not agree.
One way of improving the situation would be to computerise the existing process to facilitate matching.
This would help, but BPR would go further.
A BPR approach may question why any incorrect orders are accepted? To enable incorrect orders to be
identified before being accepted, all orders could first be entered in a computerised database. When goods
arrive, they either agree to goods that have been ordered (as recorded in the database) or they don't.
Goods that agree to an order are accepted and paid for. Goods that are not agreed are sent back to the
supplier. Time is not wasted trying to sort out unmatched documents.
Gains would include staff time saved, quicker payment for suppliers, lower stocks, and lower investment in
working capital.

3.5.3 Possible problems with BPR
Some BPR projects have failed to bring the benefits expected. To succeed, a BPR initiative requires
sustained management commitment and leadership; realistic scope and expectations; and a willingness
to change.
BPR has become associated with narrow targets such as reductions in staff numbers and other cost-
cutting measures. Some companies, attracted by the latest high-tech gadgetry, believed they could enhance
their performance solely by re-deploying office automation systems (and laying off workers) rather than
through the much harder task of significant organisational process redesign, which may involve neither IT
investment nor redundancies, just the better use of people.
Hammer (1990) suggests that managers are not used to thinking in systems terms, so, instead of looking at
the whole picture (which might affect their own jobs), they tend to seize on individual aspects of the
organisation.
Process change or re-engineering is only a part of the wider picture. Four sets of changes are regarded as
being important in transforming from a company which satisfies customers to a company that delights them
– and from a company which is competent to a company which is the best in its industry.
(a) Breaking down barriers between different disciplinary specialists and business units
(b) Developing an explicit set of values and behaviour guidelines which are subscribed to by
everyone in the organisation
(c) Redefining the role of management in order to foster empowerment, responsibility and
decisiveness at every level
(d) Openness and trust among managers and employees
Question 1: Business process re-engineering

An organisation produces books and magazines. It employs 560 staff in seven different locations. The
organisation has been using IT in various departments as follows:
• Production – inventory control including real-time inventory and finished goods levels
• Sales – historical record of books and magazines sold for the last 15 years
• Finance and administration – maintenance of all ledgers, cash book and wages details
• Human resources – factual information on employees, such as rate of pay, department, address, date
of birth and so on
Most of the basic transaction systems within the organisation have been computerised. Additional investment
in IT has been limited, partly as a result of the success of the organisation's core businesses, and partly from a
lack of desire for change on the part of existing managers. Recent changes in the senior management of the
organisation now mean that additional appropriate IT investment is seen as being a key success criterion.
Required
Explain the reasons why business process re-engineering can be helpful to an organisation, making reference to
the situation in the organisation described above.

LO
7.8 4 Business processes and accounting information
systems
Section overview
• Information technology and information systems, including accounting information systems, often
enable or facilitate the changing of business processes.
• One of the most direct ways in which an accounting information system impacts upon business
processes is the workflow management capability of Enterprise Resource Management (ERM)
systems.
4.1 The relationship between information technology and business

processes
Hammer (1990) considered information technology (IT) as the key enabler of BPR. He prescribed the use
of IT to challenge the assumptions inherent in work processes that developed before the advent of modern
computer and communications technology.
As an enabler, IT may be utilised by an organisation to automate an existing process, to add value by re-
designing business processes, or IT may allow an organisation to do something new.
Examples of how IT has changed the way work is conducted include:
(a) Shared databases allow information to be accessed simultaneously from many locations.
(b) Expert systems may allow non-specialists to do work that previously required an expert.
(c) Telecommunications networks mean that businesses can simultaneously reap the rewards of
centralisation and decentralisation.
(d) Decision support tools allow decisions to be made by a larger number of staff.
(e) Wireless communication technology allows staff 'in the field' to send and receive information
wherever they are.
(f) Interactive websites allow personalised contact with many customers (or at least the appearance
of personalised contact).
(g) Automatic identification and tracking technology allows the whereabouts of objects or people to
be monitored.
(h) High performance computing allows instant revision of plans rather than periodic updates.
(i) Workflow management systems enable the system to drive business processes.
4.1.1 Accounting information systems and BPR
Definition
An Accounting Information System (AIS) is a collection of data and processing procedures that
Based on our definition of an Accounting Information System, many parts of an organisation's information
infrastructure could be considered as part of their AIS. For example, the transaction processing elements
of a website with e-commerce capability 'records and creates accounting related information'.

Therefore, the examples of the impact of IT on working methods listed in the previous section also
demonstrate the relationship between the AIS and business processes.
An Enterprise Resource Planning (ERP) system is a type of AIS. As we explained in Chapter 3, ERP systems
enable software to control workflow management, directly impacting upon business processes.
Case study
Workflow systems / process re-engineering
Work design, whether it is related to work in the factory or at the desk, is a process of arriving at the most
efficient way of completing tasks and activities that minimises effort and reduces the possibility of mistakes.
It is involved in increasing productivity and efficiency whilst maintaining or improving quality standards.
A workflow system is a system that organises work and allocates it to particular workstations for the
attention of the person operating the workstation. Workflow systems operate in three main ways; the
casework basis, the flowline basis and the ad hoc basis.
The casework basis functions by knowing the individual caseload of staff and directs existing cases to the
appropriate caseworker and new cases or customers are allocated on the basis of equalising caseload.
The flowline approach allocates a small number of tasks to each operator and the case flows along the line
from screen to screen.
The ad hoc system works on the basis of equalising workload, regardless of who may have dealt with the
case previously. The choice depends on the particular circumstances of the business and the approach taken
to customer service.
The advantages and benefits of workflow systems come mainly from improvements in productivity and
efficiency and better or speedier services to customers.
A list of possible benefits would be:
• More efficient office procedures
• Providing workflow management
• Equalising of workloads
• Monitoring of operator performance
• Ensuring work gets done when it should get done
Possible disadvantages include employee specialisation in a small number of tasks before passing the work
on to the next person's screen, almost like a production line. This de-skilling can increase boredom and
lead to high staff turnover. It also reduces social contact.
Adapted from: 'Computer talk' – Workflow systems Trevor Bentley – Chartered Institute of Management
Accountants Articles database.

Key chapter points
• Business processes are easier to understand, and therefore easier to change, if they are accurately
documented.
• Processes are usually documented using a combination of a written summary that describes the
process and a diagram or process map that illustrates it.
• Business processes are usually easier to understand if they are illustrated or mapped.
• There are a range of process mapping techniques including flowcharts and data flow diagrams.
• Change, in a business context, should ideally be planned - although this isn't always possible as the
business environment is volatile.
• To change or re-engineer a business process requires an understanding of the current process and
the desired process.
• A number of steps can be identified in the changing of business processes.

• Information technology and information systems, including accounting information systems, often
enable or facilitate the changing of business processes.
• One of the most direct ways in which an accounting information system impacts upon business
processes is the workflow management capability of Enterprise Resource Management (ERM)
systems.

1 The first step when documenting business processes is to ask 'Why are things done this way?'.
A true
B false
2 Which Microsoft package is best suited to the production of process maps?
3 List the three important factors we identified as important for managers to consider when
introducing change.
4 Hammer (1990) considered information technology as the key ……………. of BPR.


1 The statement is False. The fist step is to gather information that will enable the production of a
process map that accurately reflects the current process. ‘Why?’ is a question for later.
2 Microsoft Visio is Microsoft’s process mapping software package.
3 Three important factors for managers to consider when introducing change are pace, manner and
scope.
4 Hammer (1990) considered information technology as the key enabler of BPR.

1 Some of the main reasons why business process re-engineering (BPR) can be important within the
organisation described are explained below.
Potential for cost savings
Often, the changed process will result in cost savings, such as those often experienced when
transaction processing is automated. It is likely that this organisation has experienced such savings
from the automation of transaction processing and administrative functions.
Keep up with competitors
If competitors improve their processes they are likely to be in a stronger position, which may
threaten the very existence of a competing organisation. For example, a competitor could innovate
leading to reduced costs, and may then be in a position to undercut prices. Improving processes in
line with competitors may be necessary simply to survive.
Competitive advantage
Competitors may not be in a position to copy the innovated processes (e.g. they may not have the
funds required to invest in IT). For example, the organisation may invest funds developing a website
that allows it to sell books direct to consumers. If the organisation's competitors lack the will or
funds to provide a similar service, this will provide a competitive advantage.
Driven by technology
Some BPR might become necessary when technological change means existing processes have
become archaic. For example, it is likely that 30 years ago the organisation operated a manual paper-
based transaction processing system.
Better decision making
Better quality internal systems and processes should result in the capture and availability of better
quality information. This should lead to better quality decision making. For example, a database of
historical sales information may allow better sales forecasting, allowing more effective production
planning.

Chapter 8
Distribution and reporting of

accounting information
Distribution and reporting of accounting information LO8
Explain the importance of ensuring accounting information is reported and LO8.1
distributed appropriately
Compose a list of internal and external stakeholders LO8.2
Explain the concepts of reliability and transparency LO8.3
Distinguish between hard and soft accounting data LO8.4
Describe and explain the use of XBRL (eXtensible Business Reporting Language) LO8.5
Analyse the reasons for the problems encountered in trials of XBRL concerning the LO8.6
quality of externally reported accounting information
Describe the role of corporate regulators in relation to the distribution and LO8.7
reporting of accounting information
Describe the key reasons for the growth of corporate watchdogs and regulators LO8.8
Topic list
1 Reporting accounting information

2 Internal and external stakeholders
3 Reliability and transparency
4 Hard and soft accounting data
5 XBRL
6 XBRL trials
7 The role of corporate regulators
8 The growth of watchdogs and regulators
227
Introduction
Accounting scandals in several countries have prompted governments to enforce accounting standards, and
to try to ensure that companies disclose enough information so that their true financial position cannot be
concealed. The Sarbanes-Oxley Act (2002) in the United States and the Corporations Act 2001 in
Australia provide the framework to do this.
While some countries, notably the United States, rely on their own accounting standards, many are
adopting the International Financial Reporting Standards (IFRS) set by the International
Accounting Standards Board (IASB), though with some local variation.
In addition new methods of reporting financial data, suitable for distribution on the Internet, are making it
possible for investors and scrutineers to examine the workings of companies in great detail. At the
forefront of these methods is XBRL, a language for reporting financial data in such a way that the values
can be picked up by other programs. International standardisation of much of XBRL allows such programs
to access the data in the same way for all companies, and compare the data for different companies. XBRL
can also be extended to meet the local needs of countries and companies. Many governments have, or are
about to, insist that companies supply their financial returns in XBRL format.

Before you begin
covered.
1 List six of the stakeholders that would normally have an interest in the well (Section 2)
being of an organisation.
2 Describe two ways in which companies can reduce the risk of fraud. (Section 3.1)
3 When can accounting data be said to be reliable? (Section 3.1)
4 What is the meaning of Substance over Form? (Section 3.1)
5 What are the benefits of transparency to a company? (Section 3.2)
6 The XBRL data file containing the actual accounting data is called: (Section 5.1)
A an instance
B a validation file
C a taxonomy
D a mapping file
7 What are the two organisations that set and enforce Australian accounting (Section 7.1)
standards?
8 What are the two Acts that ended most restrictive practices in Australia, (Sections 7.2 and 8.2.1)
and enforced the use of accounting standards?
8: Distribution and reporting of accounting information 229

1 Reporting accounting information
Section overview
• The accounting system must produce regular periodic reports, and also respond to enquiries,
usually in real-time. Reports may be for internal company use, or for a growing number of external
groups and organisations.
1.1 Internal reports

LO The results of the trial balances are fundamental to the accounting process. Only when the anomalies
8.1 have been dealt with can the accounting data be considered reliable enough to be used in the managerial
and external reports.
Management reports following the trial balance include the balance sheet, summaries of cash flows, and
stockholders' equity. Management also require performance reports matched against budgets, with fixed
and variable components for the analysis of anomalies, such as increased production costs being due to
more sales than expected.
Measures of performance at a higher level may include techniques such as the Balanced Scorecard,
where goals and measures of performance have been set in a number of dimensions such as Financial,
Customer, Internal, and Innovation.
Also at a higher or strategic level, management will require access to historical as well as current data, and
employ data mining software using statistics and advanced analysis to produce reports exposing
relationships and trends.
Possible relationships can also be tested using Online Analytical Processing (OLAP), and management
need to be able to drill down to deeper levels (ie nearer the source data) for reports that show detail not
available at the higher levels.
1.1.1 Internal distribution

Within the company, distribution will almost certainly be on-line and on demand. Security and access
control will be major issues, with password control of areas such as past and projected budgets, and
summary data not yet in the public domain.
Speed of distribution is of little use if it takes the user a long time to appreciate the significance of the data.
Data presented in tabular form is difficult to assimilate rapidly. When a large amount of data has to be
assessed quickly, then the preferred methods of display are pie charts and bar charts. If neither of these are
appropriate, an x-y plot can be used, but notable high and low spots should be labelled and the high and low
values written on the graph.
For pie charts and for bar charts, colours or shades of grey are easier to see than patterns of dots or lines.
is better than:

1.1.2 Pie charts
The angles at the centre are in proportion to the values. Labels and values should be written on the pie
section, or next to it. If there are a number of narrow slices, they should be combined and labelled as
'other'.
Beer drinkers
65%
Others
2%
Wine drinkers
33%
1.1.3 Bar charts

If possible, draw the chart so that the x-axis is at zero on the y-axis. Starting the y-values at a higher value
will exaggerate the differences between bars on the chart. This is a common technique used by advertisers,
and it can be quite misleading.
Avoid unnecessary detail on the chart. Use flat two-dimensional bars and not three-dimensional. As well as
adding clutter, 3-D bars give an enhanced impression of size to the longer bars.
Write the values above the bars. This aids mental calculation.
Label the chart and/or the y-axis, and include the units.
Sahara sand sales
million 360
tonnes
of sand
290
300
250
200
100
0
20X1 20X2 20X3 Year
1.2 Reporting outside the company

The two main groups outside the company with an interest in the accounting data are the government and
the shareholders.
Essential among the external reports are those required by law, for purposes of taxation and compliance,
and data that must be made available to shareholders and other investors.
The reports submitted to the government form the basis for taxation. Accuracy is therefore paramount, to
avoid overpayment, or penalties for underpayment.

Financial reporting must bridge the gap separating the owners and the managers of the company. The
reports must be useful to those making investment and credit decisions. It must help them to confirm or
correct their prior expectations, and allow them to assess future cash flows. The data supplied is historic,
but its importance lies in how well it can be used to predict the future. It must be capable of making a
difference to a decision, and it must be delivered in time to influence the decision.
For the report to be useful, it must be able to be compared with reports from other companies, and so
must adhere to national and international standards. It will also be compared to previous periods for the
same company, so the reporting methods and format must be consistent, with the same accounting
principles applied to each period. If principles, methods, or formats are changed, the recipient must be
warned.
It is important that users feel they can rely on the report to be free from bias, to be accurate and to
represent the true, underlying situation, for few will have the time or the ability to verify it.
1.2.1 Distribution outside the company

For many companies, the annual accounts are the main point of contact with the bulk of the shareholders.
But people are becoming sceptical of a glossy printout and accompanying text giving a positive view of the
state of the company. There is also pressure to reduce carbon footprints by using less paper.
Printed annual accounts are still sent to shareholders by post from a large proportion of companies, but
there is increasing use of web sites to display the accounts, with companies just sending shareholders emails
containing the web address.
New technologies such as XBRL (discussed later in this chapter) and legislation requiring openness will
make companies' accounting data continuously and easily available on the web, to be accessed on demand
from the users, who will be the ones who control the distribution and the way the data is presented.
2 Internal and external stakeholders

Section overview
• Stakeholders are persons or groups that have a legitimate interest in a business's conduct
and whose concerns should be addressed as a matter of principle. Many stakeholder groups have
influence over the way in which organisations are managed and operated.
Definition
Stakeholders are individuals or groups of people whose interests are affected by the activities of the
business.
LO The distinction between 'internal' and 'external' stakeholders is not distinct. Shareholders as owners of
8.2 the company could certainly be internal, but as members of the public who may have invested in several
companies they are external. Banks are external if the company has borrowed from them, but internal if
they happen to be shareholders. Unions are internal since they are groups of employees, but external in
that they may be nationwide organisations with members in many companies. The deciding factor used in
the list below is that internal stakeholders are or have a close link with the employees or owners.

Unions and
Pensionable Staff Families
Previous Associations Consumer
Employees groups
Directors
Employees
Managers Customers
Shop floor
Suppliers Direct customers
End users
Manufacturers Retailers
Distributers ORGANISATION
Contractors Debt
holders
Pressure Government Banks

Shareholders
groups departments Investment institutions
Institutions Individuals
Environmental Taxation
Individuals
Moral Employment
Compliance Prospective
Trade Investors
2.1 Internal stakeholders

Employees: all employees (from directors down) and their families, their unions and associations and
professional organisations, and previous employees who rely on the company pension fund.
When considering the motives and actions of stakeholders, management are normally treated separately
from the rest of the workers:
• Managers are motivated by pay and status, job security and individual performance measures.
• Other employees are generally concerned with job security, pay and conditions and job
satisfaction. For example, if an organisation wishes to follow a strategy that results in workers being
given more responsibility for monitoring quality, the employees may be unhappy unless this increased
role is supported by an increase in wages.
Unions within an organisation have the same concerns as the employees, and will wish to take an active
part in the decision-making process. For example, if an organisation wishes to follow a strategy that results
in a manufacturing plant being closed, the union will be unhappy if it has not been consulted and if there is
no scheme for helping the employees to find alternative employment.
Shareholders: Individuals, investment trusts, unit trusts, insurance companies, pension funds, banks,
prospective shareholders.
Shareholders want a steady flow of income (e.g. dividends), possible capital growth and continuation of the
business. For example, if an organisation wishes to follow a strategy that will involve a large capital injection,
the shareholders will be unhappy if the injection has an adverse effect on their income stream.

2.2 External stakeholders
Suppliers: manufacturers (and back to the raw material producers), the distribution chain, and contractors
supplying services.
Suppliers want to be paid promptly for goods and services delivered. For example, if an organisation wishes
to follow a strategy that improves working capital management by paying suppliers late, existing suppliers
may decide to stop supplying the organisation, leading to the increased cost of finding new suppliers.
Customers: direct purchasers and end users, wholesalers and retailers, more distribution chains,
consumer groups, fan clubs.
Customers are generally concerned with receiving goods and services of a reasonable quality and paying a
reasonable price for them. For example, if an organisation wishes to follow a strategy that increases the
quality of a product at the same time as increasing the price, there may be problems with both existing and
potential new customers. Existing customers may not be willing to pay more for the product, while new
customers are not attracted to a product that they still view as being of low quality.
Debt holders: banks, investment institutions, individuals.
Debt holders want to receive regular repayments of the capital provided, and to know that the company
will survive and be profitable until they are repaid. If profits fall they may consider their money is at greater
risk and increase the interest rate, or attempt to recover the remaining debt.
National Government: revenue, employment and trade departments, standards and enforcement.
Local government is keen to collect revenue, but is also concerned with land use and the assumed needs
of the local population.
Pressure groups: there are many issues – global warming, destruction of rain forests, pollution, water
preservation, human rights, decay of town centres – and many groups with genuine concerns about them.
Government and the general public want to see that the organisation is meeting relevant legal requirements
and that it does not harm the outside environment. For example, if an organisation wishes to follow a
strategy that relies on increased use of shops based in out-of-town retail centres, this will be affected by
government attitudes towards increased road building and society's attitude towards this method of
shopping.
2.3 Stakeholder mapping

It can be useful to classify the stakeholders according to how much power they have over the organisation
and other stakeholders, and whether they are likely to use that power. One such mapping is:
Low High Low High

predictability predictability interest interest
Greatest Powerful High Key Keep

danger or but power players satisfied
opportunity predictable
Unpredictable Low
Few Minimal Keep
but power
problems effort informed
manageable
This indicates where the effort should be put for the most effect.
• Employees are powerful in most cases. Exceptions would be if the workforce was unskilled, not
unionised, and easily replaced; or if there was a large proportion of contract workers. Just employee
morale can have the power to determine success or failure. Interest is high.
When attempting to influence any of the stakeholder groups, the most powerful individuals or sub-
groups must be identified. For individual employees, the position in the management hierarchy is
usually sufficient, though skilled workers who are difficult to replace will have more power than their

position suggests, Department power is normally in proportion to their budgets, and by the amount
of representation in the boardroom.
Extreme actions: Industrial action; refuse to relocate; resign.
• Shareholders as the owners of the company have high power. Interest is often low and
predictability high provided the share price and dividend payment are satisfactory. But if there are
individual shareholders with a large percentage of the shares, or if a group of smaller shareholders
form an alliance, they will often show a much greater interest and be much less predictable.
Extreme actions: Sell shares; vote to remove the management.
• Customers are powerful. If there are no customers, there is no company. But they are predictable,
and surveys or pilot schemes can usually determine what they will do. Interest is inherently low and
companies expend tremendous effort and money just trying to increase that interest.
Extreme actions: Not buy; sue.
• Suppliers are not powerful if there are a number of readily available alternative suppliers, as is
usually the case. Their reactions to new proposals can depend on many factors, so predictability is
low. Their interest in their customers should be high.
Extreme actions: Refuse credit; court action (to recover debts); refuse to supply.
• Debt holders have power if there are few alternative sources of funds. This depends on the
economic climate and the economic health of the company.
Extreme actions: Raise interest rate; deny more credit; demand repayment; force receivership.
• The national government is powerful. It is generally predictable, and usually gives advanced
warning of what it is going to do. It will have low interest unless the company is attempting
something of dubious legality, or is large enough to affect the employment figures or threaten to
create a monopoly.
Extreme actions: Fines, prosecutions.
• Local government has great power over anything that falls within its area of responsibility, but can
be swayed by individuals or small groups and so is much less predictable than the central
government. It can become very interested if the company is planning any local expansion (or
contraction).
Extreme actions: Refuse planning permission, fines, prosecutions.
• Pressure groups normally have low power and interest. But some are very unpredictable.
If they start to take an interest, they can suddenly exert great pressure through publicity or
influencing people in authority.
Extreme actions: Adverse publicity; direct action; pressure on government.
A dominant stakeholder group can impose its demands at the expense of others. If an organisation over-
expands and its gearing ratio dictates that capital restructuring is necessary, the bankers will dictate the
terms with scant regard for the interests of shareholders and employees.
2.4 Strategies and mapping

The ways stakeholders might react to a new proposal can also be put in a matrix:
Oppose Support
High
Antagonists Allies
power
Low Problematic Low priority

power

Those responsible for strategy should encourage coalitions of the most important and supportive
stakeholder groups, and encourage 'low priority' groups to be more involved. For antagonistic groups, the
priority is to defend the strategy, possibly by redefining it, and to communicate the purpose of the strategy.
Question 1: Stakeholders
Three companies intend to bring down costs by reducing wages and making employees work more flexible
shifts:
(1) A local public library
(2) A contract cleaning company
(3) An accountancy training company
How much power will the employees have in each case, and what effect might this have on the strategy
adopted by the companies?
3 Reliability and transparency

Section overview
• The data input into an accounting information system must reliable and transparent.
LO Reliable data is at the heart of an accounting information system. If the data is not reliable, nothing else is of
8.3 any consequence. Reliable data is truthful, accurate, complete, and capable of being verified.
Transparency is the ethical basis. It is not sufficient that data is reliable, it must be seen to be reliable.
Transparency works at two levels:
• Data about the company, its capitalisation, its profitability, its liabilities must be accessible to
interested parties and in a form suitable for assessment and comparison.
• The reliability of that data must be demonstrated by available supporting data and by proof of
independent auditing.
3.1 Reliability
Reliable accounting data is produced by systems and companies that adhere to the guidelines known as
Accounting Standards or Generally Accepted Accounting Principles (GAAP). The United States
relies on its own GAAP, but elsewhere the normally accepted standards are based on the International
Financial Reporting Standards (IFRS) set by the International Accounting Standards Board
(IASB). In Australia the Australian Accounting Standards Board (AASB) has issued 'Australian
equivalents to IFRS', which are the IFRS standards along with some 'domestic' standards and interpretations,
but these generally just slightly strengthen the IASB rules with regard to disclosures.
The IFRS and US GAAP rules are broadly similar. IFRS rules require financial statements to show:
(a) Understandability: users are assumed to have a reasonable knowledge of business and accounting,
and information about complex matters should not be excluded on the grounds it is too difficult for
them to understand.
(b) Prudence: uncertainties that affect the reliability of information should be disclosed, and a degree of
caution exercised when making judgments.
(c) Reliability: information should be accurate and free from bias; prudence and disclosure should be
exercised when assigning a usable value to any 'soft' accounting data.

(d) Comparability: users must be able to compare the financial statements with those of other
companies, and with previous periods for the same company.
(e) Relevance: information should be presented so that its predictive value is maximised.
(f) Materiality: information is material if its omission or misstatement could influence users' economic
decisions. This often means that material items should be presented separately and should not be
aggregated with other items.
(g) Substance over form: financial statements must show the financial reality (the substance) rather
than the legal form of the transactions and events that underlie them.
(h) Completeness: no misleading omissions.
Inaccurate or unreliable data can be due to incompetence or to deliberate dishonesty. Dishonesty may
result from a desire to impress, or to cover up previous incompetence, or be part of a criminal fraud or act
of sabotage. This is tackled in three main ways:
(a) Regular auditing by an outside firm: part of the audit is to check that the accounting principles are
applied and conform to the standards.
(b) The adoption of adequate internal controls. While auditing may be too expensive for some small
businesses, internal controls are always necessary. The first step is the secure recording of
transactions at the time they occur, with safeguards against the files being tampered with afterwards.
Typical safeguards are password protection and automatic recording of all edits to the file. Measures
to counter theft include rotation of duties and segregation of operations (so, for instance, employees
who handle cash do not have access to the accounting records).
(c) Budgeting to predict the probable cash flows, and investigating divergences from the plan.
3.2 Transparency
Openness and acceptance of responsibility for bad decisions or performance as well as good, is the basis of
business integrity.
Definition
Transparency is the open and clear disclosure of relevant information to shareholders and other
stakeholders, and not concealing information that may affect decisions.
Transparency in the financial statements goes beyond the figures and notes to include voluntary disclosures,
above the minimum required by law, of liabilities, problems, and forecasts. At the basic level it is the duty of
managers, who (presumably) know what is going on, to transmit that knowledge to the owners. In the
wider context, a company with a reputation for openness will gain more trust among shareholders and
potential investors.
There are situations in which transparency is not appropriate:
• Decisions on future strategy, knowledge of which could benefit competitors.
• Discussions leading to decisions which are to be made public.
• 'Trade secrets' which do not affect decisions made by stakeholders.
• Confidential data concerning individuals.
Transparency also requires that the data be accessible to whoever has an interest in it. This is now normally
achieved by publication on the Internet. A new set of standards and formats (mainly XBRL, described later)
will make it possible for all companies to be inspected, and in the same way.
3.2.1 Advantages to the company of transparency

• By building trust and reputation, increased transparency will make the company more visible.
• Lenders will be more forthcoming if they feel the company will not conceal any problems.
• Many investors may select only companies that give the fullest disclosure.

• If the company's performance is good, making evidence of that more widely available will attract
more investors.
4 Hard and soft accounting data

Section overview
• Accounting data can be hard (capable of being verified objectively) or soft (merely estimated).
4.1 Hard accounting data

LO Hard accounting data can be verified objectively, it satisfies audit criteria, and is considered reliable. It is
8.4 produced by systems which adhere to the Accounting Standards guidelines described above. The concept of
'prudence' rarely applies, because there is one definite value. The rules for generating the data are inflexible
with little scope for guesswork or human feeling for a situation.
Hard data is characterised by clear objectives, and a clearly defined problem which can be solved by
standard techniques, and it is obvious when a solution, a particular value, has been achieved.
4.2 Soft accounting data

Soft accounting data consists of estimates or relies on value judgements. It is the product of systems and
methods which do not give a rigid answer, but may produce a range of results or assign probabilities, or just
be based on what people think the answer should be.
It may not be clear what the objective is, for the item to be measured may be difficult to define, and
standard methods of solution will not apply.
Examples of soft data are employee morale and customer satisfaction. It is often necessary to put a figure
on a soft data item, for instance 'goodwill', and the application of 'prudence' is required in these cases. The
problem of assigning or attempting to change such a value requires a different approach which takes
account of human emotion.
4.2.1 Checkland's Soft Systems Methodology (SSM)

The soft systems approach is represented by Checkland's Soft Systems Methodology (SSM). SSM is a way
of analysing situations. It provides an organised approach which can be used to tackle unstructured and
poorly defined problems.
In the case of soft accounting data, the problem is how to assign a reasonable value, rather than to resolve
an undesirable situation. 'Action' is the use of a new method of evaluation.
SSM is a process of enquiry which leads to action, but this action is not necessarily an end point. Taking
action changes the problem.
SSM involves seven stages:
(1) The problem is identified.
(2) The problem is analysed. To prompt thinking about what is trying to be achieved, the six elements
of the mnemonic CATWOE should be considered:
Customers: who is gaining, who is losing?
Actors: who else is involved?
Transformation process: what is the basic transformation required?
World View: what is the wider picture?
Owner: who owns or controls the process or situation? Who are the stakeholders?
Environment: what are the constraints and limitations?
(3) A set of 'root definitions' is developed for anything thought to be relevant to the problem. Root
definitions can vary. For example, a root definition for a prison could be any of the following:

A system to punish criminals.
A system to deter possible future criminals.
A system to rehabilitate offenders.
A system to provide justice for victims.
(4) Conceptual models of the root definitions are built. This involves a lot of circles, arrows, and
think balloons.
(5) The models are compared with the real world. This often leads to a reiteration of the preceding
stages.
(6) Possible changes are defined.
(7) A change is made, and the resultant problems are considered.
Question 2: Hard and Soft

List three characteristics of problems or situations that would make a hard approach to problem solving
suitable, and three that would make a soft approach suitable.
5 XBRL
Section overview
• The eXtensible Business Reporting Language (XBRL) is a method of recording business data
in a file where each of the data items is stored with a tag which can be used to retrieve that data.
5.1 The XBRL language

LO It is extensible because more tags can be created to attach to new types of data.
8.5
It is a reporting language because it is usually the final form for the data before it is displayed or passed on
to another program. It is not an efficient way to store large quantities of data, and it does not compete with
databases for finding data rapidly.
It is a language because it has grammar, it can be written down, and it describes things and the
relationships between them.
Definition
eXtensible Business Reporting Language (XBRL) is an open standard for the electronic
communication of business and financial data that supports information modelling and the expression of
semantic meaning. The language has been built and promoted by XBRL International, a worldwide
consortium of approximately 550 companies and agencies.
XBRL is based on another language called XML (eXtensible Markup Language) which also has tags, and
is widely used. In both languages the data and its tag are written as:
<price>1200</price>
This construction is called an element in XML, and either an element or a concept in XBRL.

Definition
A tag is a mechanism used in markup languages, such as XML, to describe and locate data. XBRL tags are
generally a word or words enclosed in angle brackets to denote an opening tag, and the same but with a
forward slash for an ending tag.
Tags can include attributes which describe more about the data:
<price currency="AUSD">1200</price>
Attributes can also be used to link to other elements and to define relationships and actions, and even to
indicate how the data should be displayed.
If for some reason there is no data, the element may be contracted to
<nodatawiththis />
but it can still contain attributes.
Definitions
An attribute is an XML element property used to describe name-value pairs.
A taxonomy is an electronic dictionary of business reporting elements used to report business data.
XML is the basis for several other languages, including the Hypertext Markup Language (HTML) used
for web pages. This system of angle brackets and tags and attributes is so widely used that there is a great
deal of software already written and readily available which will extract the data for a given tag, or create a
table from a series of tags, or deal with attributes, or do a great many other things.
The rules about what tags and attributes can be or must be used are called the taxonomy.
Each set of XBRL data, say a company's tax returns for a particular year, is called an instance or an
instance document (the word document in this case means file).
Definitions
An instance is an XBRL business report containing tagged business facts together with the context in
which they appear and any further attributes needed to describe them.
An element in XBRL is a business reporting concept defined in a taxonomy and quantified in an XBRL
instance document.
Validation is the process of checking that an instance document meets the syntactical and semantic rules
provided in its associated taxonomy. Validation also confirms that XBRL reports and taxonomies conform
to the XBRL specification.
An extension taxonomy is one that is created on top of a public taxonomy to further define necessary
reporting concepts that have not been previously defined.
Software based on the taxonomy will write the actual elements, and get the data from existing accounting
files if possible, though initially at least some of the data may have to be entered manually. Validation
software will check that the rules have been followed. The taxonomies themselves are written in the XML
language.
Because XBRL is extensible, countries and the larger companies each have additional extension
taxonomies to allow for their particular requirements. But many national and international groups have
been working for several years to make the public XBRL taxonomy encompass as much as possible, and
ensure that the basic elements of turnover, expenditure, capitalisation and so on are present and the same
for all companies.

5.1.1 Inside the XBRL taxonomy
The XBRL taxonomy produced by XBRL International consists of:
• A Schema, which is where all the tags and attributes are listed
• A number of Linkbases, which are just more XML files, that define relationships or further define
the concepts:
– Label Linkbase which contains concept descriptions in different languages.
– Reference Linkbase which points to concept descriptions and detail about standards.
– Presentation Linkbase showing the order of concepts and how they are nested, e.g.
current assets include cash, inventory, and accounts receivable.
– Calculation Linkbase with calculations used to verify the data, e.g. sum of nested values
must equal the outer value.
– Definition Linkbase defines more complex relationships between concepts.
– Footnote Linkbase adds more description to some concepts.
5.2 The benefits of XBRL

The benefit of tagging data in this way, and having standard tags and attributes, is that software can be
written which will extract data of interest about any company. If the instances are available on the Internet,
different companies and periods can be compared, and there is much greater transparency about the
workings of each individual company.
For the companies, as well as providing a window on their own operations, XBRL provides a single flexible
method of supplying the data required by investors and by the various government and regulatory bodies. In
addition information can be obtained about suppliers, customers and competitors.
5.3 The disadvantages of XBRL

Initial cost: though XBRL will eventually lead to cost savings in the reporting of accounting data, there will
be an initial period when specialised staff or outside support is needed.
Initial accuracy: not all accountants are familiar with XBRL, and deciding which data to use from existing
systems will often be done by people unfamiliar with accounting. This will lead to errors.
Security: because company data is on display all the time, and continually being used to make decisions
about investment, it must be accurate, updated at exactly the right time, and immune to tampering from
inside or outside the organisation. This is an additional maintenance cost.
Transparency: openness is good, but measures must be in place to ensure data that is not required or
wanted in the public domain does not get there by mistake.
5.4 Stages in creating XBRL documents

There are two main stages: first create the taxonomy, then create instances from that taxonomy.
5.4.1 Creating the taxonomy

Select one or more public taxonomies. The choices are:
(a) Global Ledger Taxonomy (XBRL-GL) which allows the representation of anything that is found
in a chart of accounts, journal entries or historical transactions, financial and non-financial. This
defines the underlying data elements in an AIS, and is available from the XBRL International web site
www.xbrl.org/GLFiles/.
(b) Financial reporting taxonomies which have been developed for different industries and
countries. There is a list at www.xbrl.org/FRTaxonomies/.
The Australian extension taxonomy is defined by XBRL Australia, and can be obtained at
http://www.xbrl.org/au/ATTX2006/Files/.
Note that there are some minor deviations from the XBRL International definition.

Determine where the data is to come from for the required tags in the public taxonomies. This is known as
mapping.
Existing company XBRL GL taxonomy

accounting system Mapping plus national extension
match this item in
the existing system ...
Cost of goods sold <element id=
amount = 123456 with this tag in the
taxonomy "CostGoodsSoldOverhead"
. . . />
To an existing report ...
If the mapping for an item cannot be done because there is no suitable tag in the taxonomy, then a
new tag must be created in the company's extension taxonomy.
Mapping is often difficult, and some items in a company's accounting system may be associated with
different tags depending on the circumstances. When creating the XBRL instance, manual
intervention may be needed to select the correct tag, until such time as software is written to do the
selection automatically.
On the other hand, for some accounting systems there are already programs to do the mapping and
the whole production of the XBRL instances is easy.
Create an extension taxonomy covering any remaining data that should be available for the final
reports. This includes specifying how the data may be displayed.
5.4.2 Generating an instance

accounting system plus national extension
Cost of goods sold ...

amount = 123456 <element id=
"CostGoodsSoldOverhead"
. . . />
Tagging to create
the instance file
consists of getting
this data and this tag
and transferring them
to the file
Tag and amount
transferred to the
XBRL instance file
...
<CostGoodsSoldOverhead>123456
</CostGoodsSoldOverhead>
Tagging is the production of the final XBRL instance file. Apart from this, the term tagging is not well
defined. It may refer just to the manual entry of those items which fail to be done automatically. Sometimes
it is used to include the mapping, particularly if software exists to use the mapping directly to generate the
XBRL instance.

(a) Software must be obtained or written to collect data as determined by the mapping and extension.
Where this is not possible or until such time as the software is written, some data will have to be
keyed in manually:
Existing company
accounting system
Cost of goods sold

amount = 123456
Report writing program
Print (or display)
STATEMENT OF COSTS
... First, create a report using the existing system
Cost of goods sold …123 456
Then key in the amount from the report,

XBRL GL taxonomy
and get the tag name – usually from a
plus national extension
list produced by the mapping:
...
<element id=
"CostGoodsSoldOverhead"
STATEMENT OF COSTS . . . />
...
Tagging
key in this amount, and select this name (from a list)
Tag and amount

transferred to the
XBRL instance file
...

The full sequence is therefore:

Mapping
accounting system plus national extension
match this item
Cost of goods in the existing ...
sold amount = system with this <element id=
123 456 tag in the "CostGoodsSoldOverhead"
taxonomy . . . />
Report writing program ...
- if there is no
match, the item will
Print go into the There are standard
company's programs to assist in
extension this, using the list of
STATEMENT OF COSTS matching items from
... taxonomy
the mapping
If there is no software Tagging

to do this tagging
automatically, key in this amount, and select this name (from a list)
Tag and amount

transferred to the
When the software exists or has been XBRL instance file
written, this part of the XBRL instance
is generated automatically ...
(b) The XBRL files are generated by running the appropriate software and keying in data where
necessary. For manual data entry, the data has to be matched with the correct tag. The attributes
may have to be adjusted, or the data entered in a format dictated by preset attributes.
Tagging is assisted by standard programs which use the list of matching items from the mapping, and
the taxonomies (including the company's extension taxonomy).
As software is written to transfer the data directly from the company's accounting system to the
XBRL instance, the manual tagging operations become redundant.
(c) The XBRL instance files are checked using validation programs.
Question 3: Taxonomies
Who defines the various parts of a typical XBRL taxonomy?

6 XBRL trials
Section overview
• A series of trials of XBRL have been carried out in a number of countries with mixed results.
6.1 The Voluntary Filing Program (VFP)

LO XBRL trials were carried out in China (2003), the United States (2005), Canada (2007), Japan (2007), and
8.6 several other countries such as the Netherlands, Australia, and the United Kingdom. In these trials
companies voluntarily submitted XBRL returns in addition to the data legally required by the government.
• In Japan the transition to XBRL was rapid. Over 1 200 companies joined the voluntary program.
The data was not made public, so the companies were not risking their reputations. Problems
encountered in the trials were the cost of XBRL tools and services, the complexity of 'the manual',
and the difficulty in determining 'account titles' (since there were many possibilities). Even so, the
number of errors in the returns was low. The taxonomies were improved to reduce the choices,
and software and service providers were urged and helped to reduce the complexity of their
products.
• In the United States the trial was conducted by the Securities and Exchange Commission (SEC).
Initially nine companies responded, and within two years over 70 companies from 22 different
industries had taken part. These were large organisations, generally with several thousand
employees. All had extensions to the standard XBRL taxonomy (the X in XBRL does stand for
eXtensible), which accounted for about 55% of all the tags.
In 2009 the SEC finalised its XBRL rules and made it mandatory for more companies to make
additional XBRL returns. The XBRL data had to be made available on the company web sites, and it
could also be accessed via the SEC web system. Exposure to the public and to investors increased
the pressure for accuracy.
The analysis of errors that follows is based on the results of the US trial. The XBRL files and their
taxonomies were checked using validation software, and in addition the XBRL data for a sample of
22 companies was checked manually against the official returns made in the original file formats
(HTML and PDF).

6.2 The common errors
Wrong tag used
Mapping
Required tag not mapped
Creating the Invalid taxonomy

taxonomy
Extension
Missing tag
Existing tag ignored
New tags with same meaning
Wrong label
Display
Wrong position
Item not displayed
Missing data
Wrong + or – or wrong units

Tagging
Repeated data element
Generating
an instance Incorrect values
Validation Error not detected or not fixed
The more frequent errors are shown with the greater number of stars.
6.2.1 Taxonomy errors

Display: The most errors were in the data display sections. However, these errors do not affect the data
supplied to any analysis software that uses the XBRL data, and many users will in any case view the data via
programs that do their own display. Therefore companies will tend to put less effort into the parts of the
taxonomy that deal with display. Also checking the displays is a time consuming manual job, that will be
given low priority.
Extensions: The company extensions to the definition of the taxonomy fared well. About 90% passed the
taxonomy validation checks. But companies tended to have a variety of extensions to suit individual cases,
and create multiple new tags with much the same meaning where the use of a single global definition would
have led to less error. Also several new tags were created when tags from the public taxonomy could have
been used. More keyword associations with existing tag names in the online dictionary would reduce this
problem.
Notes: A small number of companies included 'notes' sections in their taxonomy extensions, but these
were in widely varying formats, ranging from a single tag per note, up to every detail of each note being
tagged separately. This was due to a lack of standards, but these are difficult to define because 'notes' may
contain anything.

Initially companies are allowed to tag the notes sections as blocks of text, but will later have to tag each
'financial concept' in the notes separately. This will greatly increase the number of tags and the complexity
of company extensions.
Mapping: The wrong tag was used in some cases, but more frequent were omissions, where required
elements were missing. Omissions in the mapping or in the extension taxonomy will result in gaps in the
instance data.
Also there was confusion over whether some of the fields, such as subtotals, were optional or not. XBRL
does permit some fields to have the attribute use='optional', but overuse of this can complicate any
analytical programs that process the data.
Another error was using the same tag name for different time periods, for example, quarterly periods
through the year. Also, some of the time periods did not line up exactly with the companies' accounting
periods. Synchronisation of the data is essential for any processing or display of the data.
6.2.2 Instance errors

Tagging: The wrong tag was used in some cases, but more frequent were omissions. These can arise from
omissions in the mapping or in taxonomy extensions or in any software that collects the data, or when data
is manually keyed in. These and other errors such as wrong signs on values that can be positive or negative,
are likely to continue until there is much more automatic validation of the final XBRL data, to the extent of
doing summations and cross checking balances.
Validation: a large proportion of the errors in the final XBRL data should have been detected by the
validation software. As more of this becomes available, there should be a marked decrease in the error rate.
Many of the deviations from the standards were probably due to the fact that the standards themselves
were under development and prone to change.
Over the period of the trial, the frequency of errors did not reduce as expected, but instead increased
slightly each year. This may be due to the companies that joined the later stages of the trial not being as
committed or well prepared as those that started, and not allocating sufficient resources to it. In all
probability, the later companies would have transferred a lot more data to the XBRL files manually, with
greater scope for errors.
But for the 22 companies in the sample, apart from incorrect displays, there was a large decrease in the
number of errors. This is probably because the companies in the sample had all been participating in the
trial since 2006 or earlier.
Question 4: Notes
Why are notes a difficulty for XBRL?
7 The role of corporate regulators

Section overview
• Watchdogs are organisations that police other organisations to ensure they do not act illegally.
Their role is the prevention of such acts, as well as detection.
The role of a corporate regulator is to enforce and regulate laws governing company and financial services,
in order to protect consumers, investors and creditors.
What a particular regulator is able to do varies greatly from country to country, depending on the powers
that have been granted, usually by an Act of Parliament.
Corporate regulators may also be expected to give advance warnings of economic problems for companies
or countries, which often arise because good accounting and reporting practices are not being followed.

Watchdogs and regulators do not themselves do any distribution or reporting of accounting information.
Their role is to ensure that it is done correctly by others, by setting and enforcing standards.
For distribution, it normally seems sufficient that the data for public companies is on-line and accessible by
anyone, though there may be a charge. The standards should ensure that the data is complete, accurate and
intelligible.
7.1 Australian regulatory bodies

7.1.1 The Australian Securities & Investments Commission (ASIC)
ASIC is Australia's corporate regulator. It is an independent government body that enforces and regulates
LO
8.7 company and financial services laws in the interests of Australian consumers, investors and creditors.
The ASIC is often referred to as Australia's corporate watchdog. Its role is to monitor the stock
market for unusual trading activity and investigate company collapses as well as checking that accounting
standards are maintained.
7.1.2 The Australian Prudential Regulation Authority (APRA)

The financial sector is regulated by APRA, set up as a result of the Financial System Inquiry (better known
as the Wallis Inquiry) in 1996, which examined the results of the deregulation of the Australian financial
system, and which also resulted in ASIC becoming the consumer regulator in the financial system.
7.1.3 The Australian Competition and Consumer Commission (ACCC)

ACCC promotes competition and fair trade in the market place. It was formed in 1994 with the
amalgamation of the Australian Trade Practices Commission and the Prices Surveillance Authority to
administer mainly the Trade Practices Act 1974 (see section 8.2.1).
Among other things, this Act legislates against companies gaining market dominance (usually through
mergers) and so lessening competition. The ACCC acts as a corporate watchdog to monitor and enforce
this.
7.1.4 The Australian Accounting Standards Board (AASB)

AASB produces and promotes accounting standards. It does not enforce standards or check that individual
companies are adhering to the standards – that is the duty of the ASIC. It was set up under the Australian
Securities and Investments Commission Act 2001.
7.1.5 The Australian Taxation Office (ATO)

The ATO manages Australia's revenue and collects income tax, Goods & Services Tax (GST),
superannuation and excise. It also administers some benefits.
All businesses must submit a Business Activity Statement to the ATO to report their taxation
obligations.
7.2 The Corporations Act 2001

The Corporations Act is the principal legislation regulating companies in Australia. At several thousand
pages, it is the largest corporations statute in the world.
The Act was successfully challenged in the High Court by New South Wales, but a subsequent co-operative
scheme led to the Act being adopted by all states.
Among a great many other things, the Act covers the appointment and duties of auditors, the financial
reports and their adherence to accounting standards and regulations (as defined by the AASB), and the
powers that ASIC has in demanding reports, examining a company’s books and summoning company
officials. Anyone may refer examples of bad accounting practice or suspected scams to the ASIC.
Complaints may be made on-line, and can be anonymous.

7.3 The role of regulators in Asia
Many Asian countries are already compliant with the International Financial Reporting Standards (IFRS), or
at least allow companies the option of using them. Most have set up the necessary regulatory bodies, and
will be fully compliant within the next few years.
7.3.1 China
Chinese accounting standards originated in a socialist period in which the state was the sole owner of
industry. Therefore they are less a tool of profit and loss, but an inventory of assets available to a company.
However, in recent years, the Finance Department of the Chinese Government has issued new accounting
standards which are some 90% compliant with the IFRS.
The China Securities Regulatory Commission (CSRC):
• sets regulations governing the markets;
• regulates listed companies, auditors, securities and investment funds;
• oversees stock and bond issues;
• issues penalties.
7.3.2 India
Accounting practice in India largely follows that in the United Kingdom. No regulatory body is specifically
responsible for the establishment of accounting principles, though in several accounting areas, mandatory
requirements for accounting practices are included in the Companies Act.
All listed companies should be IFRS compliant by 2014.
Pressure for visibility and standardisation increased greatly when, in 2009, the chairman and founder of
Satyam Computer Services Limited, a company with over 40,000 employees, admitted that the company’s
accounts had been greatly falsified to keep the share price high. This has been compared to the Enron
scandal in the US (see below).
7.3.3 Japan
The Accounting Standards Board of Japan has agreed to resolve all inconsistencies between the
current JP-GAAP standards and IFRS by 2011. All companies should be IFRS compliant by 2016.
7.3.4 Malaysia
Accounting standards are issued by the Malaysian Accounting Standards Board (MASB), which is
overseen by the Financial Reporting Foundation. MASB expects Malaysia to be in full convergence with
IFRS by 2012.
The Securities Commission of Malaysia is a combined regulator with the role of protecting the
investor, and encouraging and promoting the development of the securities and futures markets.
The Audit Oversight Board (AOB) assists the SC in overseeing the auditors of public interest entities.
It also protects the interests of investors by promoting confidence in the quality and reliability of audited
financial statements.
7.3.5 Singapore
Singapore’s accounting standards are closely aligned with the IFRS.
The Monetary Authority of Singapore (MAS) is the central bank and the financial regulatory authority
for Singapore.

8 The growth of watchdogs and regulators
Section overview
• The Trade Practices Act 1974 put an end to many restrictive practices in Australia.
• The Corporations Act 2001 enforced accounting standards in Australia.
Watchdog is an informal name given to a consumer or investor protection organisation or campaigner.

The term ‘Watchdog’ is frequently applied to regulators.
8.1 The need for regulation

LO A great many financial catastrophes have resulted from fraudulent or inadequate financial reporting.
8.8
In the UK in the 16th and 17th centuries, some associations were given legal status separate from the
individuals forming them, either by royal charter or act of parliament. Usually this process of
incorporation was accompanied by the granting of a monopoly in some items or in a geographical
location. Examples are the East India and Hudson Bay companies. There was little regulation. The East India
Company, for instance, conducted wars and plundered the state of Bengal. The cost of its military ventures
eventually brought it to the edge of collapse. State intervention was required, and parliament took greater
control over the company.
8.1.1 Bubbles
The rapid expansion of trade during the 17th and 18th centuries meant that companies, incorporated or not,
often had or required large amounts of capital, and they grew larger and had many passive investors. Usually
shares in unincorporated companies were freely transferable, and the market in these shares was often
volatile. There was much fraudulent trading based on vague promises and inflated estimates. Prices might
rise dramatically (‘bubbles’) and fall even faster.
8.1.2 The South Sea Bubble

The most famous bubble concerned the South Sea Company, formed in 1711 to operate the slave trade in
South America. It was only moderately successful, but after some bribery the government became involved.
This prompted many more people to invest, and there followed inflated claims and a frenzy of buying which
took the share price to many times its true value. Realising this, the company management sold their shares
in 1720. The bubble burst, and thousands of people were ruined. The government had to step in to stabilise
the banks, and in the Bubble Act of 1720 it outlawed the issuing of stock certificates by unincorporated
companies.
There were several attempts to combat fraud by improving financial reporting, leading up to the
Companies Act 1862, though in this Act the reporting requirements were not as stringent as some
previous ones. This Act was the model for the first company statutes in Australia.
Subsequent Companies Acts (1985, 1989, 2006) have greatly strengthened the financial reporting
requirements in the UK.
8.1.3 Modern pressures

A number of further factors brought pressure to improve financial reporting:
• There is much wider share ownership, often promoted by the governments themselves through
various privatisations;
• Many self-employed people were managing their own pension funds, and scandals involving
company pension funds prompted employees to make additional investments;
• General industrial and financial restructuring reduced job security, and employees took a greater
interest in company finances;

• The growth of the Internet made access to company data much easier, and added a global
dimension to investment.
So that different companies could be compared, standardisation of the reported information became vital.
The IFRS provided the standards, but implementation and enforcement required further action.
All listed European Union (EU) companies have been required to use IFRS since 2005.
In the EU, standards must be endorsed by the Accounting Regulatory Committee (ARC), which is advised
by a group of accounting experts known as the European Financial Reporting Advisory Group.
8.1.4 Watchdogs in the UK

In 1990 the UK announced the establishment of the Financial Reporting Council (FRC), charged with
promoting good financial reporting.
In 2004, following some major corporate collapses in the US, the UK government strengthened the
regulatory system, and the FRC became the main independent watchdog of the accounting and auditing
profession, as well as being responsible for issuing accounting standards and dealing with their enforcement.
The FRC has been generally critical of companies cluttering their reports with waffle about their social
responsibilities, while failing to disclose the risks facing their businesses.
The number of high profile scandals involving falsified accounts has brought auditing firms under scrutiny.
The Accountancy & Actuarial Discipline Board, part of the FRC, is the independent investigative and
disciplinary body for accountants in the UK. It can impose sanctions ranging from a reprimand to unlimited
fines.
Also part of the FRC is the Professional Oversight Board, with the goal of ensuring investor and public
confidence in the financial governance of business organisations. It also checks that professional accounting
bodies are setting and enforcing standards properly.
8.2 Regulation in Australia

Up to 1850, Australia mainly followed UK law, and reliance on UK legislation continued well into the 20th
century. But there was a lack of a bureaucracy to administer the legislation effectively.
An economic crash in the 1890s caused many companies, including banks, to fail. In doing so, they revealed
evidence of fraud and malpractice – the usual falsified balance sheets, taking dividends from non-existent
profits, and misleading forecasts.
This led to Australia having its own Companies Act in 1896, though there was still inadequate enforcement
and considerable variation across the states.
In the early 1960s there were several spectacular corporate collapses, and between 1968 and 1972 there
was a nickel mining bubble boom and bust. This highlighted the pressing need for uniform regulation with
effective controls.
8.2.1 The Trade Practices Act 1974

The first attempt to regulate and promote fair competition was the Australian Industries Preservation
Act in 1906. It attempted to prohibit combinations and monopolies, but key sections were declared
unconstitutional by the high court, and it was finally repealed in 1965, having been largely ineffective.
From 1911 to 1973 there were several attempts to introduce nation-wide regulation of industry and
commerce, but all failed, though some quite narrowly. As a result there arose a host of anti-competitive
trade practices: cartels and monopolies, price fixing, and restrictions to market entry.
The Trade Practices Act (1974) was a landmark piece of legislation because it changed the Australian
trade landscape from one of restrictive practice to one of competition. On 1 January 2011 it was renamed
the Competition and Consumer Act 2010. The Act aims to enhance the welfare of Australians by
promoting competition and fair trading and providing for consumer protection.
The Act deals with the relationships between suppliers, wholesalers, retailers, competitors, and customers,
and covers:

• Unfair market practices
• Industry codes of conduct
• Mergers and acquisitions
• Product safety and labelling, and price monitoring.
However, the power struggle between central government and the states continued until agreement was
eventually reached in 1978, and various Acts followed in the early 1980s.
8.2.2 Regulatory bodies

The National Companies and Securities Commission (NCSC) was established to regulate
companies and securities, though each state set up its own system. A stock market crash in 1987 gave
impetus to uniformity, which was finally achieved in 1989 with the Corporation Act and the single ASIC
(Australian Securities & Investments Commission) regulatory body.
ASIC was originally the Australian Securities Commission (ASC). The ASC came into being as a result of the
ASC Act 1989 and replaced the NCSC and the Corporate Affairs offices of the states and territories, and
unified corporate regulation throughout Australia.
In 1998 the ASC was also made responsible for consumer protection in superannuation, insurance, deposit
taking and (from 2002) credit, and became the ASIC.
8.3 Regulation in the USA

8.3.1 The Securities Acts
The stock market crash of 1929 followed by the Great Depression gave rise to the Securities Act 1933
which regulated the securities industry, mainly by requiring full disclosure of all the material an investor
might require.
This was followed by the Securities Exchange Act 1934 which regulated secondary trading, but also set
up the Securities and Exchange Commission (SEC) which is responsible for regulating the securities
industry.
8.3.2 The Financial Crimes Enforcement Network

The Financial Crimes Enforcement Network (FinCEN) is a bureau of the US Treasury set up in
1990 to combat financial crimes such as money laundering and supporting terrorism.
Following the terrorist attacks on the US, the US Patriot Act 2001 greatly reduced the restrictions on US
agencies’ intelligence gathering including scanning telephone and email communications, and financial
transactions. It also established a web interface for transmitting information to FinCEN, and extended the
Treasury’s authority to regulate transactions, particularly those involving foreign individuals and companies.
8.3.3 The Sarbanes-Oxley Act

Between 2000 and 2002 there were a series of large highly-publicised corporate frauds. In particular those
at Enron, WorldCom and Tyco exposed significant problems with conflicts of interest and incentive
payments for higher management:
• Auditing firms, the primary watchdogs for investors, were self-regulated. They also performed
significant non-audit or consulting work for the companies they audited, frequently for greater
remuneration than the auditing activities.
• Board members either avoided their responsibilities or did not have the expertise to understand the
complexities of the businesses.
• Stock options for executives resulted in pressures to massage results to increase their value.
• The exaggeration in the figures amounted to hundreds of billions of dollars, and affected many
thousands of investors.

The Sarbanes-Oxley Act (SOX) 2002 provides for:
• procedures designed to ensure accurate financial disclosure;
• publication of the controls and checks used in producing the reports;
• senior executives taking individual responsibility for the accuracy and completeness of reports;
• severe criminal penalties for falsification of financial data;
• auditing firms being prevented from doing non-auditing work for the same company;
• a Public Company Accounting Oversight Board to provide independent checking of auditors
and a central oversight board which registers auditors, defines the procedures for audits, and
inspects and polices conduct and quality control;
• increased responsibilities and funding for the Securities and Exchange Commission (SEC).

Key chapter points
• Following the Trial Balance, management reports summarise, check budgets, and further analyse the
accounting data.
• Stakeholders are individuals or groups of people whose interests are affected by the activities of
the business.
• Stakeholders include employees, suppliers, customers, the government, shareholders, debt
holders, and various pressure groups.
• Reliable accounting data results from the application of accounting standards.
• The International Financial Reporting Standards (IFRS) are issued by the International
Accounting Standards Board (IASB).
• The Australian Accounting Standards Board (AASB) defines the accounting standards for
Australia. These are the IFRS with some extensions.
• Transparency is the open and clear disclosure of relevant information. It is a prime objective of the
accounting standards.
• Hard data has definite values. Soft data results from value judgments.
• Extensible Business Reporting Language (XBRL) is a method that can make accounting data
accessible to a wide range of interested parties.
• International standards for XBRL are set by XBRL International, a consortium of several hundred
companies and agencies.
• Each country and the larger companies extend XBRL to suit their own needs.
• XBRL is based on XML (eXtensible Markup Language).
• XBRL tags each data item so it can be retrieved by software.
• Each tag can have a number of attributes.
• Mapping is the process of matching items in the company's existing accounting system with the
corresponding items in the XBRL GL taxonomy plus the national extension. The list of matching
items is then used in the tagging operation, and to write software to produce the XBRL instance
automatically.
• Tagging is taking accounting data from the existing accounting system and matching each item with
the corresponding tag in the taxonomy before tag and item are put into the XBRL instance.
• XBRL trials were held in several countries. The trials consisted of companies making voluntary XBRL
returns in addition to the returns normally required by the government.
• The Australian Securities and Investments Commission (ASIC) enforces the accounting
standards set by the AASB.
• The Trade Practices Act 1974 put an end to many restrictive practices in Australia.
• The Corporations Act 2001 enforced accounting standards in Australia.
• The Sarbanes-Oxley Act 2002 enforced stricter reporting standards in the USA, following several
accounting scandals.

1 Employees are stakeholders in an organisation. What other stakeholders are associated with the
employees?
2 What is a taxonomy, and what is the XBRL taxonomy?
3 Who sets the accounting standards?
4 Who sets the XBRL standards?
5 In the XBRL trials, the most frequent error was the omission or misplacement of values on the final
display. What reduces the importance of this problem?
6 In order of preference, data being reported to management within a company should, if possible, be
displayed as
A bar or pie chart, table, graph
B graph, bar or pie chart, table
C bar or pie chart, graph, table
D table, bar or pie chart, graph
7 What is the difference between mapping and tagging?
8 What does the GL in XBRL-GL stand for?
A General Legends
B Global Ledger
C Generic Ledger
D General Ledger

1 The employees’ families depend on the salaries paid by the organisation, and are therefore
stakeholders.
Previous employees who are receiving or expect to receive a pension from the company’s pension
fund.
Trade unions, employee associations, professional bodies.
2 A taxonomy is an electronic dictionary of business reporting elements used to report business
data.
The XBRL taxonomy is the rules about what tags and attributes can be or must be used in an XBRL
instance.
3 Some countries, such as the United States, set their own standards based on their Generally
Accepted Accounting Principles (GAAP). Most countries follow the International Financial
Reporting Standards (IFRS) set by the International Accounting Standards Board (IASB),
and amend or extend the rules slightly. In Australia the Australian Accounting Standards Board
(AASB) defines the enforced standard, based on the IFRS.
4 XBRL International, a consortium of several hundred companies and agencies, defines and
promotes the common international XBRL tags and rules. Each country adds its own extensions, as
do the larger companies.
5 The definition of how data is displayed does not affect how the data itself is accessed by software
packages. The data may not display correctly, but still be correct and correctly tagged, and could be
picked up by whatever software is used. That software may not display the item at all, or may do its
own display without requiring the default display rules in the taxonomy.
Testing the default display parts of the taxonomy is time consuming and often given low priority.
6 C – bar or pie chart, graph, table
7 Mapping is the process of matching items in the company’s existing accounting system with the
corresponding items in the XBRL GL taxonomy plus the national extension.
Mapping is done once only.
Tagging is taking accounting data from the existing accounting system and allocating each item with
the corresponding tag in the taxonomy before tag and item are put into the XBRL instance.
Tagging is repeated each time an XBRL instance is created.
8 Global Ledger. The XBRL-GL taxonomy allows access to the detailed data. Summary data, as in
financial statements, is in the taxonomy XBRL-FR (FR for Financial Report).

1 Stakeholders – power of employees:

(1) Local public library service: the main employees affected will be the library staff. Although
these employees may be easy to replace, they are likely to be heavily unionised and so have
reasonably high power. The organisation may decide to consult with the union before any
final decisions are made. Owing to the lengthy procedures that often exist within the public
sector, it is likely that any change in working conditions will be subject to a number of
reviews, and implementation will not be rapid.
(2) Contract cleaning company: The main employees affected will be the cleaners themselves.
Since unskilled workers are relatively easy to replace, they have high interest in this decision
but low power. The organisation will therefore keep the cleaners informed of the decision
but will probably impose the decision on the workforce. This imposition is likely to be
enacted quickly, ie the strategy will take place almost immediately.
(3) Accountancy training company: the main employees affected will be the lecturers. They
have high interest in the decision. They are difficult to replace, and so have high power. The
organisation will need to bear in mind the feelings of the lecturers and may decide that this
project will not succeed.
2 Any three from each section below, though other answers are possible:
Hard
y Objectives are clear.
y The problem can be clearly defined.
y A solution can be recognised.
y Standard solution techniques are applicable.
Soft
y Values, judgment and opinions are involved.
y The problem is difficult to define.
y The problem is 'people' oriented.
y There are no standard solution techniques available.
3 Taxonomies:
The common internationally accepted tags and rules are defined by XBRL International.
Each country defines an extension taxonomy for those items in its own standards which are not
already covered. In Australia this is done by XBRL Australia.
The larger companies define further extensions to suit their own needs.
4 Notes are a problem because of the number of possible concepts they may contain. For the
companies there is the difficulty of defining the concepts, and then of matching parts of the notes,
where possible, to concepts already defined. The national and international standard makers must try
to produce some common solutions before the number of local variations becomes overwhelming.
Many countries, for the first year or two after requiring XBRL returns, allow the notes to be entered
as single blocks of text, without being split into individual concepts.

Revision questions
259
Chapter 1
1 Which one of the following is not part of an organisation's IT platform?

A software
B hardware
C data management
D networks and communications
2 The name given to the program or sets of programs that instruct and manage computers is:
A grid
B database
C software
D hardware
3 A legacy system is:
A an old system that has been replaced.
B an old system that continues to be used because it still represents best-practice.
C an old system that can no longer be used as it is incompatible with newer software.
D an old system that continues to be used due to the high cost or inconvenience involved
replacing it.
4 Which of the following network topologies could a client-server network utilise?
I ring
II peer-to-peer
III tree
IV star
A I and III only
B II and IV only
C I, III and IV only
D I, II, III and IV
5 Which of the following are risks associated with transmitting data over network communications
lines?
I data theft
II fraud
III radiation
IV tapping
A I and III only
B II and IV only
D I, II, III and IV

Chapter 2
1 Which of the following are reasons an organisation would collect and store data and information?
I to help decision-making
II for planning purposes
III to record transactions
IV to measure performance
A I and III only
B II and IV only
D I, II, III and IV
2 Which one of the following correctly represents the elements of the PEST framework?
A Policy, Economic, Social, Technological
B Political/legal, Economic, Social, Taxation
C Parliament, Economic, Social, Technological
D Political/legal, Economic, Social, Technological
3 Which one of the following could be used as a key field in an employee database of approximately
five thousand employees?
A surname
B department
C date of birth
D employee number
4 What name is given to the software that extracts or selects items from within a database?
A record pointer
B query language
C data administrator
D data activity monitor
5 Which one of the following is not a database storage model?
A SQL
B network
C relational
D hierarchical
6 In an Entity Life History diagram, what symbol is placed in the top right corner of a box to indicate
alternatives (selection)?
D cross
A circle
C triangle
B asterisk
7 Which of the following should be planned for when implementing a new database?
I training requirements
II hardware needs
III database security
IV DBMS selection
A I and III only
B II and IV only
D I, II, III, and IV

8 Which of the following statements are true?
I Accounting Information Systems (AIS) rarely utilise database technology.
II Accounting Information Systems (AIS) support the production of financial information only.
A I only
B II only
C I and II
D neither I nor II
9 The identification of individuals that share certain characteristics is an example of:
A profiling.
B a data mosaic.
C database linking.
D data redundancy.

Chapter 3
1 Which of the following do ERP systems aim to eliminate?

I separate data silos
II business intelligence tools
III the centralised database
IV data duplication
A I and IV only
B II and III only
D I, II, III and IV
2 Which one of the following represents a likely potential barrier to the successful implementation of
an internal knowledge management initiative?
A privacy issues
B competitor activity
C the need for confidentiality
D staff reluctance to provide knowledge
3 A data warehouse is primarily used for:

A data analysis.
B back-up purposes.
C transaction processing.
D customer service tracking.
4 Which one of the following is unlikely to be provided by a digital dashboard?

A trend analysis
B KPI information
C exception reporting
D detailed financial commentary
5 Which of the following are performed by data mining software?

I removing duplicate data
II predicting trends and behaviours
III identifying previously unknown relationships
IV distributing summarised data
A I and IV only
B II and III only
D I, II, III and IV

Chapter 4
1 In which stage of the systems development life cycle (SDLC) would new software be written?
A system design
B system analysis
C system investigation
D system implementation
2 A potential system's feasibility would be judged against which of the following criteria?
I technical feasibility
II economic feasibility
III social feasibility
A I and II only
B I and III only
C II and III only
D I, II and III
3 Which method of system investigation is best suited to a situation where a limited amount of specific
information is required from a large number of individuals?
A interviews
B observation
C questionnaires
D user workshops
4 Entity relationship models contain which of the following elements?
I entities
II attributes
III processes
A I and II only
B I and III only
C II and III only
D I, II and III
5 New systems should be designed to meet an agreed requirements specification. Which parties are
involved in determining such a specification?
I users
II developers
III management
A I and II only
B I and III only
C II and III only
D I, II and III
6 Which type of system testing tests one function or part of a program to ensure that it operates as
intended?
A unit testing
B logic testing
C program testing
D user acceptance testing

7 Which of the following is a suitable time following system implementation to begin a system review?
A two weeks
B one month
C eighteen months
D two years
8 Which type of system maintenance would be performed after a systems failure?
A adaptive
B perfective
C corrective
D operational

Chapter 5
1 AIS is most likely applicable to which area of accounting?

I public accounting
II management consulting
III tax accounting
IV all of the above
A I only
B I and III only
C II and III only
D I, II, III and IV
2 One of the three basic functions of an AIS is to collect and store data about the organisation's
business activities and transactions efficiently and effectively. In a manual system the process of
performing this function follows the order of
A journal, ledger, posting.
B source documents, ledger, journal.
C source documents, journal, posting.
D source documents, ledger, posting.
3 The third function of the AIS is to provide adequate internal controls to accomplish three basic
objectives. Identify the improper objective.
A Safeguard organisational assets, including its data.
B Ensure that the information that is produced by the system is reliable.
C Ensure that the information that is produced by the system is relevant.
D Ensure that business activities are performed efficiently and in accordance with management's
objectives while also conforming to any applicable regulatory policies.
4 Three transaction cycles process most of the company's economic activity: the revenue cycle, the
expenditure cycle and the conversion cycle. Identify the processes in the diagram.
Labour
Materials Customers
Cash
Physical plant Finished goods

Cash
A B C
Subsystems: Subsystems: Subsystems:
Purchasing/Accounts payable Production planning and Sales order
Payroll control processing
Fixed assets Cost accounting Cash receipts
Finished goods
Cash
A .....................
B .....................
C .....................

5 An accounting information system produces more than financial statements. In fact, it is relied upon
to produce detailed operational information about the organisation's performance. Where are the
data collected from to generate this operational information?
I customers
II vendors
III revenue cycle
IV expenditure cycle
V product cycle
A I and II only
B III and IV only
C III, IV and V only
D I, II, III, IV and V
6 Duality describes which of the following?
A A pair of events linked by an exchange relationship.
B A take order can be either an economic or support event.
C Internal and external agents are both involved in support events.
D The links the internal and external agents have with the customer.
7 A data warehouse is
A an operational database.
B a place to integrate the in-house legacy system.
C a large database, regularly updated and organised to permit a high level of query activity.
D an industry-specific module that can be added to the core system.
8 Online analytical processing involves several basic analytical operations. Which one of the following
statements is not one of the basic analytical operations associated with online analytical processing?
A drill-down
B consolidation
C slicing and dicing
D demand reports and responses
9 Management at Woods plc promotes reporting of misconduct in order to identify deviations from
sound integrity and ethical values in a timely manner by adopting which two of the following?
I periodically requesting misconduct report from all employees.
II providing feedback at employee performance reviews.
III code of conduct containing clear information on how to report a policy violation through an
independent third party.
IV following a prescribed investigation process and taking appropriate, timely corrective action
when possible violations are identified.
A I and II
B I and III
C II and IV
D III and IV

Chapter 6
1 Which of the following are principles of data quality as identified by Wang and Strong?
I timeliness
II believability
III availability
A I and II only
B I and III only
C II and III only
D I, II and III
2 Which of the following are procedural controls?
I numbering documents
II backup
III file size checks
A I and II only
B I and III only
C II and III only
D I, II and III
3 Which of the following are technical controls?
I limiting data access to secure locations
II allocating passwords and system privileges to certain employees
III requiring amendments to data to be documented
A I and II only
B I and III only
C II and III only
D I, II and III
4 Anti-virus software installed onto an infected computer is an example of which type of control?
A preventive
B procedural
C detective
D corrective
5 Which method of system security disables part of the system's telecoms technology to prevent
unauthorised intrusions?
A firewalls
B encryption
C authentication
D anti-virus software
6 Which of the following is the main risk for customers in face-to-face transactions?
A receiving defective goods
B failure to receive their goods
C cloning of their debit or credit card
D personal details such as name and address being stolen

Chapter 7
1 Which one of the following techniques is likely to produce the most reliable record of how a
business process is performed?
A a group meeting
B an individual interview
C workplace observation of staff
D a group workshop with role play
2 Which type of process map is sometimes referred to as a 'swim lane chart'?

A workflow map
B data flow diagram
C basic process map
D deployment process map
3 Which of the following are steps recommended by Tucker when changing business processes?
I summarise the present method.
II challenge the current method.
III identify possible improvements.
IV decide on the best option.
A I and IV only
B II and III only
D I, II, III and IV
4 Which one of the following is not one of the three main ways in which workflow systems operate?
A ad hoc
B flowline
C relational
D casework

Chapter 8
1 <cost currency="USD" decimals="2">1250</cost>

Which of the following is true?
A 'USD' and '2' are data, currency and decimals are tags.
B cost, currency, and decimals are all tags, 1250 is the data.
C currency and decimals are attributes, cost is a tag, 1250 is the data.
D currency and decimals are tags, cost is an attribute, 1250 is the data.
2 Checking the XBRL file against the taxonomy is known as:
A tagging
B mapping
C sampling
D validation
3 The letters of XBRL stand for
A XML Bookkeeping Reporting Language.
B Extended Business Reporting Language.
C Extended Basic Reporting Language.
D Extensible Business Reporting Language.
4 The Act that did the most to stop restrictive practices in Australia was:
A The Corporations Act.
B The Trade Practices Act.
C Australian Industries Preservation Act.
D The Australian Securities Commission Act.
5 Accounting standards in Australia are enforced by:
A AASB
B ACCC
C APRA
D ASIC
6 Which of the following is true?
A XML is based on XBRL
B XBRL is based on XML
C XML and XBRL are the same
D none of the above
7 When claiming to be 'transparent', which of the following is it not legitimate to withhold?
A trade secrets
B directors' remuneration
C decisions on future strategy
D a production manager's salary
8 What is the international organisation that sets accounting standards?
A AASB
B ASIC
C IASB
D IFRS

Answers to revision questions
273
Chapter 1
1 C Data management is not considered part of the IT platform, although it is part of the IT
infrastructure.
2 C Software is the name given to the program or sets of programs that instruct and manage
computers.
3 D A legacy system is an old system that continues to be used due to the high cost or
inconvenience involved replacing it.
4 C Peer-to-peer isn't a type of client-server topology, it is a different type of network.
5 D Data theft, fraud, radiation and tapping are all risks associated with transmitting data
over network communications lines.

Chapter 2
1 D All four are reasons why an organisation may collect or store data and information.
2 D Political / legal, Economic, Social and Technological.
3 D A unique employee number would be allocated to each employee and used as the key
field. The other options could all have duplicate values, for example if two employees were
born on the same day.
4 B A query language is used to interrogate a database, or in other words to select or extract

data from a database.
5 A SQL is a query language.
6 B In an Entity Life History, if events are alternatives (selection) a small circle is placed in the
top right hand corner.
7 D Training requirements, hardware needs, database security and DBMS selection should all be
considered when implementing a new database (as should many other factors as covered in
section 7 of Chapter 2).
8 D Accounting Information Systems (AIS) often utilise database technology and are sometimes
used to support the production of management, marketing and other types of information.
9 A Profiling involves the use of a database to identify individuals who share certain
characteristics.

Chapter 3
1 A ERP systems eliminate the need for separate systems and separate data silos. They also aim to
eliminate data duplication (data redundancy) through using a central database that holds data
that is utilised by all system modules.
2 D Staff reluctance is the most likely potential barrier. The motivation to share hard-won
experience is sometimes low as the individual feels they are 'giving away' their value.
3 A A data warehouse enables data to be analysed outside of operational systems.
4 D A digital dashboard is unlikely to include the relatively lengthy text required for detailed
financial commentary.
5 B Data mining software is used to search and analyse large pools of data with the aims of
predicting trends and behaviours and looking for hidden, previously unknown patterns and
relationships.

Chapter 4
1 D Software can only be written once the system has been designed and so this would occur in
the implementation phase.
2 D Systems would also be judged against operational feasibility criteria.
3 C Questionnaires are best suited to situations where a limited amount of specific information
is required from a large number of individuals as they are quick and relatively cheap to
conduct.
4 A Processes are shown in data flow diagrams.
5 D All three parties listed are involved in determining a requirements specification.
6 A Unit testing tests one function or part of a program to ensure that it operates as intended.
7 B System reviews should ideally be performed between one month and one year after
system implementation. Option A is too early and options C and D are too late.
8 C Corrective maintenance is performed in order to remedy a defect and would therefore

occur after some kind of systems failure. Option D is made up.

Chapter 5
1 D All of the above.

Accounting in itself is a very wide and a diverse field. Information systems that interface with
the AIS include: payroll, tax, cost, managerial and investment accounting.
2 C source documents, journal, posting.
3 C Ensure that the information that is produced by the system is relevant.
4 A is the expenditure cycle
B is the conversion cycle
C is the revenue cycle
5 D
6 A
7 D
8 D
9 D

Chapter 6
1 A Availability is not a principle, accessibility is.
2 B Backup is a technical control.
3 C Limiting data access to secure locations is a procedural control.
4 D Anti-virus software is a corrective control as it corrects the system should security

breaches occur.
5 A Firewalls disable part of a system's telecoms technology to prevent unauthorised

intrusions.
6 C As customers collect goods from the shop there is little or no risk of receiving defective
goods or of receiving no goods at all. Most transactions do not require customers to share
their personal details. The main risk is of card cloning.

Chapter 7
1 C Observing how staff perform the process in the workplace is likely to produce the most
accurate record of the process. Even this is not completely reliable though, as the fact that
staff are being observed may influence their behaviour.
2 D A deployment process map is sometimes referred to as a 'swim lane chart'.
3 D Items I to IV list Tucker's recommended steps when changing business processes.
4 C Workflow systems operate in three main ways; the casework basis, the flowline basis and
the ad hoc basis.

Chapter 8
1 C
2 D Mapping is associating tags from the taxonomy with existing data fields.
Tagging is associating data values with tags and putting both in the XBRL instance.
3 D
4 B The Trade Practices Act 1974.
The Corporations Act 2001 established accounting standards (and a great many other things);
The Australian Industries Preservation Act 1906 was largely ineffective;
The Australian Securities Commission Act 1989 set up the ASC, which became the ASIC.
5 D ASIC, The Australian Securities & Investments Commission
The Australian Prudential Regulation Authority (APRA) regulates the financial sector;
The Australian Accounting Standards Board (AASB) defines the standards, but does not
enforce them;
The Australian Competition and Consumer Commission (ACCC) promotes competition and
fair trade.
6 B
7 B It is in fact a requirement of AASB rules that directors' remuneration and loans are disclosed.
It is also possible that the production manager's salary must be disclosed, since, in addition to
the directors, disclosure applies to the five executives with the greatest authority for strategic
direction and management.
8 C The International Accounting Standards Board (IASB).
International Financial Reporting Standards (IFRS) are the international standards themselves.
The Australian Accounting Standards Board (AASB) sets the Australian standards (based on
the IFRS).
The Australian Securities & Investments Commission (ASIC) enforce the Australian standards.

Before you begin
Answers and commentary
283
Chapter 1
1 An organisation’s Information Technology (IT) infrastructure consists of the physical facilities,

IT components, IT services, and IT staff that support the provision of information systems and
information technology across the organisation.
2 IT components are sometimes referred to as the IT platform. This includes hardware, software,
networking and communications components.
3 The correct answer is B. Work stations are powerful computers, usually for technical or scientific
applications, such as complex graphics or complex calculations.
4 A DSS is a Decision Support System. Decision Support Systems combine data and analytical
models or data analysis tools to support semi-structured and unstructured decision making.
5 The correct answer is C. Executive Support Systems (ESS) or Executive Information

Systems (EIS) provide a generalised computing and communication environment to senior
managers to support strategic decisions.
6 Two from bus, ring, star or tree. Refer to Section 4.1 to check your diagrams.
7 In a client-server network, server computers hold and provide resources to client computers. In a
peer-to-peer network, each computer has equivalent capabilities and responsibilities – devices
communicate direct with each other.
8 A table held in memory that contains a list of all the networks that a router is connected to.
9 Generally, centralised networks are easier to control as data is held in a single location and
communication channels are more easily monitored and controlled. Although distributed networks
are more difficult to control, they offer greater flexibility.
Before you begin: Answers and commentary 285

Chapter 2
1 Some of the main reasons organisations collect and store data are to:
• Record transactions
• Facilitate planning
• Identify that control action is needed
• Measure performance
• Facilitate informed decision making
2 Examples of internal information sources:

• Accounting records
• Personnel records
• Production data
• Timesheets
Examples of external information sources:
• Competitors
• Specialists / consultants
• Publications, for example newspapers and journals
• Websites
3 A database record contains the data fields relating to one entity, for example one employee in a
payroll file.
4 The term 'database system' is used to describe a wide range of systems that utilise a central pool
of data.
5 The four main database storage models are:

• Hierarchical
• Network
• Relational
• Object-oriented
6 An Entity Relationship Model (ERM) shows what data a system requires (the logical data
requirements) independently of the system's organisation and processes. The ERM provides a static
view of data requirements.

7 The main steps involved in the implementation of a database are:
Step 1 Define the scope of the project and the proposed database
Step 2 Organise the project
Step 3 Develop an implementation plan
Step 4 Design the database and the infrastructure
Step 5 Training
Step 6 Generate a test database
Step 7 Develop a detailed data conversion plan
Step 8 Incorporate existing applications and train database users
Step 9 Fine-tune the database
Step 10 Periodically review database performance
8 An AIS collects, records, stores, and manipulates financial data, and then converts this data into
meaningful information for financial reporting and management decision making. Accounting
Information Systems utilise databases in a number of ways. For example, the accounts receivable
ledger stores customer data, the accounts payable ledger stores information about suppliers, and
payroll holds information about employees.
9 Encryption helps maintain confidentiality by encoding data in such a way that only authorised users,
who have the correct 'key', can read the data. Encryption therefore renders data unreadable to
unauthorised users.
10 Electronic databases enable organisations to capture and store vast amounts of data about individuals
and other organisations. They often contain sensitive data, for example credit card numbers or
medical records. Risks include unauthorised data linking and sharing and the existence and
propagation of errors.

Chapter 3
1 Enterprise Resource Management (ERM) systems, alternatively called Enterprise Resource

Planning (ERP) systems, integrate the planning, management, and use of all of an organisation’s
resources. (Laudon and Laudon 2009). They provide unity and co-ordination across different
functional areas of an organisation and eliminate the need for separate systems and separate data
silos. The two most popular ERM systems are SAP and Oracle.
2 Productivity software refers to general office application software such as Microsoft Office –
including word processing (Word), spreadsheet (Excel), scheduling (Outlook), presentation
(PowerPoint) and other types of software used by individuals to improve their productivity.
3 An intranet is an internal network used to share information. Intranets utilise Internet technology
and protocols. The firewall surrounding an intranet fends off unauthorised access. An extranet is an
intranet that is accessible to authorised outsiders.
4 Digital dashboards are software tools that provide a high level, summarised view of the
performance of an enterprise. Sometimes called an executive dashboard, an enterprise dashboard or
a management cockpit, they provide rapid access to timely information and direct access to
management reports. Information is presented in a clear, user friendly format, usually including
graphics.
5 Data mining software analyses data with the aim of discovering previously unknown,
potentially useful relationships. Data mining uses statistical analysis tools as well as fuzzy logic
and other intelligent techniques.

Chapter 4
1 The three main criteria projects are judged against are:

• Time
• Cost (budget)
• Quality
There is often a trade-off between these factors. For example, quality may suffer if the timeframe
and / or cost are squeezed.
2 Costs that would be considered when considering financial feasibility include:

• Equipment costs
• Installation costs
• Development costs
• Personnel costs
• Operating costs
3 Tools used during system investigation include:

• Interviews
• Questionnaires
• Observation
• User workshops
• Review of system documentation
• Existing system review
4 A DFD is a Data Flow Diagram. Data flow diagrams are often produced during systems analysis to
provide a diagrammatic representation of how the system works.
5 Logical design involves describing the purpose of a system, i.e. what the system will do. Logical
design does not include any specific hardware or software requirements as it is more concerned
with the processes to be performed.
6 Unit integration testing involves testing two or more software units to ensure they work
together as intended. This would usually be carried out after unit testing has established that
individual units or parts of a program operate as intended.
7 Metrics are quantified measurements relating to system performance. They should be carefully
thought out, objective and stated clearly. Examples of metrics include system response time, the
number of transactions that can be processed per minute, the number of bugs per hundred lines of
code and the number of system crashes per week.
8 Adaptive maintenance is carried out to take account of anticipated changes in the processing
environment. For example, new taxation legislation might require changes to be made to payroll
software.

Chapter 5
1 Correct answer is B – Answers I, II, and III.

These are three of the ways a well-designed AIS can contribute to the organisation’s value chain.
2 Correct answer is True.
The role of a cost accounting system is to provide information useful for managing the activities that
consume resources. These resources may be used by a private or public company, a service or
manufacturing organisation or a non-profit making charity.
3 R – Economic resources are things of economic value to the organisation. They are used in
economic exchanges with trading partners and are either increased or decreased by the exchange.
E – Events may be either economic events or support events.
A – Economic agents are individuals and departments that participate in economic and support
events.
4 The correct answer is A – a transaction file is similar to a ledger in a manual accounting system.
5 The correct answer is A – a production database is used daily and typically has lots of transactions
running against it. A warehouse database gets new data more frequently, but in lower volumes. To
be correct, this would need to be re-worded as – a production database is used daily and typically
has lots of transactions running against it. A warehouse database gets new data less frequently, but in
higher volumes.
6 The correct answer is D – managers of systems are not responsible and cannot be held accountable
and liable for the damage done by systems.
7 The answer is A, B, C and D. They all demonstrate senior management commitment to ethical
values.

Chapter 6
1 Juran describes data as having good quality if they are 'fit for their intended uses in operations,
decision making and planning'.
2 Procedural controls manage the human aspects of system activity and are usually placed on the
day-to-day running of the system. They can be divided into three sub-categories, input controls,
processing controls, and output controls.
3 Technical controls address security issues such as authorisation, documentation, backup and
recovery.
4 In general terms, preventive controls are more cost-effective than those which detect or correct
problems because they reduce or eliminate the problems occurring in the first place. By definition,
detective and corrective controls allow errors or damage to occur.
5 The Privacy Amendment (Private Sector) Act 2000 aims to protect the privacy of individuals.
6 The two main security risks to organisations (when acting as the vendor) in Internet
transactions are:
• The customer is using fake bank or credit card details and so they will not be paid
• Goods are not received by the customer so replacements have to be sent

Chapter 7
1 You should speak with the people who do the work associated with the process. Identify the
person or people who really know the process, this usually means experienced employees. These
people should walk and talk you through their part of the process and answer any questions.
2 Below are examples of commonly used flowcharting symbols. Remember though that different
people and organisations may use different symbols.
Flowcharting symbols
Start/End
This symbol marks the starting or ending point of the system.
Action or
process
A box can represent a single step (‘add two cups of flour’), or an entire sub-process
(‘make bread’) within a larger process.
Document
A printed document or report. This symbol is not always used – it depends upon the
level of detail required in the model.
Decision
A decision or branching point. Lines representing different decisions emerge from

different points of the diamond.
Input/
Outp ut
Represents material or information entering or leaving the system, such as customer
order (input) or a product (output). Again, the use of this symbol is not consistent –
some people may identify a customer placing an order at a retail counter as an action –
others may identify it as Input.
Flow
This arrow indicates the sequence of steps and the direction of flow.
3 Business process re-engineering is the fundamental rethinking and radical redesign of business
processes to achieve dramatic improvements in critical contemporary measures of performance,
such as cost, quality, service and speed. Hammer and Champy (2004).
4 An Accounting Information System (AIS) is a collection of data and processing procedures that
records and creates accounting related information. An Enterprise Resource Planning (ERP) system
is one type of AIS. ERP systems use software to control workflow management, directly
impacting upon business processes.

Chapter 8
1 For example: Employees, shareholders, suppliers, customers, government, banks – but others are
possible.
2 Regular auditing by an outside firm.
Rotation of duties – but other answers are possible.
3 Reliable accounting data is produced by systems and companies that adhere to the national
guidelines known as Accounting Standards or Generally Accepted Accounting Principles
(GAAP).
There should be regular auditing by an outside firm.
There must be adequate internal controls to prevent records being falsified.
4 Financial statements must show the financial reality (the substance) rather than the legal form of the
transactions and events that underlie them.
5 Transparency:
Builds trust and reputation
Lenders prefer companies that do not conceal problems
Many investors may select only companies that give the fullest disclosure
If the company’s performance is good, making evidence of that more widely available will attract
more investors.
6 A - An instance
7 AASB, The Australian Accounting Standards Board
ASIC, The Australian Securities & Investments Commission
8 Trade Practices Act 1974
Corporations Act 2001

Glossary of terms
295
Accounting information system (AIS). The system that collects, records, stores and processes data to
keep and maintain a company’s accounting system. This includes the purchase, sales, and other financial
processes of the business.
Ad networks. Use web bugs to create a personal profile of the sites a person is visiting. This information
is stored in a database belonging to the ad network and in turn determines what banner ads the user is
shown.
Architecture. The structure of a system or IT service, including the relationships of components to each
other and to the environment they are in. Architecture also includes the standards and guidelines for the
design and evolution of the system.
Attribute. An XML element property used to describe name-value pairs.
Australian Accounting Standards Board (AASB). Produces and promotes accounting standards. It
does not enforce standards or check that individual companies are adhering to the standards – that is the
duty of the ASIC. It was set up under the Australian Securities and Investments Commission Act 2001.
Australian Competition and Consumer Commission (ACCC). Promotes competition and fair trade
in the market place. It was formed in 1994 with the amalgamation of the Australian Trade Practices
Commission and the Prices Surveillance Authority to administer mainly the Trade Practices Act (1974).
Among other things, this Act legislates against companies gaining market dominance (usually through
mergers) and so lessening competition. The ACCC acts as a corporate watchdog to monitor and enforce
this.
Australian Prudential Regulation Authority (APRA). The financial sector is regulated by APRA,
which was set up as a result of the Financial System Inquiry (better known as the Wallis Inquiry) in 1996 to
examine the results of the deregulation of the Australian financial system. It also resulted in ASIC becoming
the consumer regulator in the financial system.
Australian Securities & Investments Commission (ASIC). Australia's corporate regulator. It is an
independent government body that enforces and regulates company and financial services laws in the
interests of Australian consumers, investors and creditors. ASIC was originally the Australian Securities
Commission (ASC). The ASC came into being as a result of the ASC Act 1989 and replaced the National
Companies and Securities Commission and the Corporate Affairs offices of the states and territories, and
unified corporate regulation throughout Australia.
In 1998 the ASC was also made responsible for consumer protection in superannuation, insurance, deposit
taking and (from 2002) credit, and became the ASIC.
The ASIC is often referred to as Australia's corporate watchdog. It monitors the stock market for unusual
trading activity and investigates company collapses as well as checking that accounting standards are
maintained.
Australian Taxation Office (ATO). Manages Australia's revenue and collects income tax, Goods &
Services Tax (GST), superannuation and excise. It also administers some benefits. All businesses must
submit a Business Activity Statement to the ATO to report their taxation obligations.
Balanced scorecard. Allows an organisation to divide a vision, or overall objective into the smaller pieces
or necessary steps that will allow it to occur. For example, goals and measures of performance can be set
in a number of dimensions such as Financial, Customer, Internal, and Innovation.
Batch processing. Involves transactions being grouped and stored before being processed at regular
intervals, such as daily, weekly or monthly. Because data is not input as soon as it is received the system will
not always be up-to-date.
Bit. The smallest item of computer storage is referred to as a bit.
Blog. A website containing descriptions of events and personal experiences, or comments or reviews.
Bluetooth. Connects mobile devices wirelessly to each other or to desktop PCs.
Bridge. Joins two networks together, so as far as data packets are concerned it looks like one large
network.

Browser (or Web browser). An application (such as Mozilla Firefox or Microsoft Internet Explorer) that
locates and displays a Web page, allowing the user to jump from place to place by clicking on particular text
or graphics.
Bus networks. A common backbone to connect all devices. A single cable – the backbone – functions as a
shared communication medium that devices attach to or tap into with an interface connector.
Business intelligence (BI). Tools or applications transform data into information and present that
information to end users in a meaningful and usable manner.
Business process. A collection of co-ordinated activities or tasks performed to accomplish a specific goal
or output.
Business Process Re-engineering. The fundamental rethinking and radical redesign of business
processes to achieve dramatic improvements in critical contemporary measures of performance, such as
cost, quality, service and speed. Hammer and Champy (2004). Business Process Re-engineering is also known
as Business Process Redesign, Business Transformation, or Business Process Change
Management.
Byte (or character). Eight bits create a byte of data that can represent a single character, for example a
letter.
Campus Area Network (CAN). A network spanning multiple LANs but smaller than a MAN, such as on
a university or local business campus.
Central Processing Unit (CPU). The CPU, or microprocessor, can be thought of as the brain of a
computer system. The CPU is a chip that deciphers and executes your commands.
Centralised network architecture. Involves all processing being carried out on one or more processors
at a single central location.
Client. There are three meanings that apply in a data environment. In the first, a client is a customer (as
opposed to the organisation which provides a service or product). In the second definition, a client is a
computer that is used directly by a user, for example PCs, handheld computers, or workstations. In its third
usage, the term client means the part of a client/server application that the user directly interfaces with (for
example, an email client).
Client/Server. The splitting of an application into tasks performed on separate computers connected over
a network. In most cases, the ‘client’ is a desktop computer or a program ‘served’ by another networked
computing device.
Client-server network. A configuration in which desktop PCs or similar devices are regarded as 'clients'
that request access to services available on a more powerful server PC, for example access to files, or to
printing or to e-mail facilities.
Cluster area network. See system area network.
Computer Aided Design (CAD). The use of information technology in product design.
Computer Aided Manufacturing (CAM). The physical control of the production process or part of it
by computers, as applied in robots, computer numerical control tools.
Conceptual model. A descriptive model of a system based on qualitative assumptions about its elements,
their interrelationships, and system boundaries.
Consolidation. An analytical operation performed by On-line Analytical Processing (OLAP) database servers,
which involves computing all of the data relationships for one or more dimensions. For example, sales
offices can be rolled-up to districts and districts rolled-up to regions.
Cookies. An Internet cookie is a packet of information sent by a server to a browser, which is then used
by the browser each time it accesses the server. Cookies are typically used to authenticate a registered
user of a web site, or personalise the site, or maintain an online shopping cart. Originally developed by
Netscape, cookies offer convenience to the visitor if care is taken by the website. One of the controversies
surrounding cookies is their ability to build a personal profile of the user's browsing and purchasing habits.
Corporate watchdogs. Organisations that police other organisations to ensure they do not act illegally.
Their role is the prevention of such acts, as well as detection.
Glossary 297
Corporations Act 2001. The principal legislation regulating companies in Australia. The Act was
successfully challenged in the High Court by New South Wales, but a subsequent co-operative scheme led
to the Act being adopted by all states.
Corrective controls. Designed to rectify errors which have been detected. They require their own
preventive and detective controls to ensure the correction process is not defective.
Cost accounting. Includes product costing and activity-based costing and focuses on activities involved in
production, the service process and the departmental units within an organisation as well as other
resources.
Customer relationship management (CRM) system. An enterprise wide business strategy designed
to optimise profitability, revenue and customer satisfaction by organising the enterprise around customer
segments, fostering customer-satisfying behaviours and linking processes from customers through suppliers.
CRM is an information industry term for methodologies, software, and usually Internet capabilities that help
an enterprise manage customer relationships in an organised way.
Data. The raw material for data processing. Data consists of numbers, letters and symbols and relates to
Data cube. At the core of OLAP tools lays a multidimensional data model. The best and most typical way
to visualise this is in the form of a data cube. In general, each cube is defined by two entities, measurements
and metric. A metric is basically the dimensions in which data in an organisation is kept. Time (in years,
quarters or months) or region (north, south, east west), would be examples of metrics. Measurement, on
the other hand, represents values of the data that is being stored. Think of measurements as quantities in
which we want to analyse relationships between metrics. Measurements are typically numeric in nature.
While time (in years, quarters or months) is an example of a metric in the example given above, yearly sales
or average quarter-to-quarter growth are examples of measurements.
Data field. Several characters combine to form a data field, for example an account balance. Other names
for a data field are 'attribute,' 'column,' or simply 'field'.
Data flow. Represents the movement or transfer of data from one point in the system to another.
Data flow diagrams. Show the ways in which data is processed, and may be used to help map a process.
Data governance. Refers to the overall management of the availability, usability, integrity, and security of
the data employed in an enterprise.
Data management. Comprises all the disciplines related to managing data as a valuable resource.
Data mart. Similar to a data warehouse but the mart holds data relating to a specific department, function
or area of the business.
Data mining. An analytic process designed to explore data (usually large amounts of data and typically
business or market related) in search of consistent patterns and/or systematic relationships between
variables, and then to validate the findings by applying the detected patterns to new subsets of data. The
ultimate goal of data mining is prediction – and predictive data mining is the most common type of data
mining and one that has the most direct business applications.
Data processes. Data being used or altered. The processes could be manual, mechanised or
computerised.
Data store. A point which receives a data flow and holds data.
Data warehouse. Consists of a database, containing data from various operational systems, and reporting
and query tools, which enable data to be analysed outside of operational systems.
Database. A collection of logically-related records and files organised to service many applications. A
database consolidates many records previously stored in separate files, so that a common pool of data
records serves many applications. An organisation's database can contain facts and information on
customers, employees, inventory, competitors' sales, on-line purchases and much more. It provides
convenient access to data for a wide variety of users and user needs.
Database integrity. Data accuracy and consistency within the database.

Database management system (DBMS). The software that centralises data and manages access to the
database. It is a system which allows numerous applications to extract the data they need without the need
for separate files.
Database security. Aims to protect the confidentiality, integrity and availability of data held in the
database.
Decision Support Systems (DSS). Data and analytical models or data analysis tools to support semi-
structured and unstructured decision making.
Decision tables. Used as a method of defining the logic of a process (i.e. the processing operations
required) in a compact manner. They are particularly useful in situations where a large number of logical
alternatives exist.
Denial of service attack. A fairly new threat relating to the Internet. It involves an organised campaign to
bombard an Internet site with excessive volumes of traffic at a given time, with the aim of overloading the
site.
Detective controls. Designed to bring the error to the user's attention after the error has occurred.
Dial-up services. Data networking services using modems and telephone lines.
Digital dashboard. Sometimes called an executive dashboard, an enterprise dashboard or a management
cockpit. Provides rapid access to timely information and direct access to management reports.
Distributed network architectures. Spread the processing power throughout the organisation at
several different locations.
Drill-Down (or up). A specific analytical technique performed by On-line Analytical Processing (OLAP)
database servers, whereby the user navigates among levels of data ranging from the most summarised (up)
to the most detailed (down).
Dumb terminal. Refers to devices that are designed to communicate exclusively with a host (mainframe)
computer. It receives all screen layouts from the host computer and sends all keyboard entry to the host. It
cannot function without the host computer.
E-commerce. Transactions made between buyers and sellers using the Internet or other electronic
methods.
Element. An element in XBRL is a business reporting concept defined in a taxonomy and quantified in an
XBRL instance document.
Email (electronic mail). An electronic document (usually a message) sent to a person or group on the
Internet. When used as a verb, ‘email’ refers to the act of sending the document.
Email attachment. A data package sent via email, for example a Word document from a colleague, or a
photo from a friend.
Encryption. A way of scrambling information so that data can stay secure. It aims to protect confidentiality
by rendering data unreadable to unauthorised users.
End user. The person who is executing applications on the workstation.
Enterprise collaboration systems. Information systems that use a variety of information technologies to
help people work together to collaborate and communicate ideas, share resources and co-ordinate co-
operative work between teams.
Enterprise Information Portals (EIP). Serve as a gateway to an organisation's information and
knowledge. They deliver personalised business data and content directly to employees, business partners
and customers. The portal often is often similar to a website and extranet combined.
Enterprise Resource Management (ERM) systems. See Enterprise Resource Planning (ERP)
systems.
Enterprise Resource Planning (ERP) systems. Modular software packages designed to integrate the
key processes in an organisation so that a single system can serve the information needs of all functional
areas.
Glossary 299
Entity. Something in a system that has a distinct, separate existence. It is usually a low level object, that the
system treats as a single unit. It may also be a source or destination of data which is considered external to
the system (not necessarily external to the organisation), for instance people or groups who provide data
or input information or who receive data or output information.
Entity Life History (ELH). A diagram that shows the processes that happen to an entity, from its
creation to the time it is discarded.
Entity Relationship Model (ERM). Also known as an entity model or a logical data structure. Provides
an understanding of the logical data requirements of a system independently of the system's organisation
and processes.
Ethernet. A network connected by coaxial or twisted-pair wires for fast file transfer. Standard Ethernet
has a data transfer rate of 10 million bps (bits per second).
Ethics. Concerned with what is right and what is wrong. To act ethically generally means to 'do the right
and fair thing' in the eyes of society as a whole. Information systems raise new ethical questions for both
individuals and societies because they create opportunities for intense social change, and thus threaten
existing distributions of power, money, rights, and obligations.
Executive Information Systems (EIS). A generalised computing and communication environment to
senior managers to support strategic decisions. The emphasis is on graphical displays and ease of use.
Executive Support Systems (ESS). See Executive Information Systems (EIS).
Expansion slot. An area in a computer that accepts additional input/output boards to increase the
capability of the computer.
eXtensible Business Reporting Language (XBRL). An open standard for the electronic
communication of business and financial data that supports information modelling and the expression of
semantic meaning. The language has been built and promoted by XBRL International, a worldwide
consortium of approximately 550 companies and agencies.
Extension taxonomy. Created on top of a public taxonomy to define necessary reporting concepts that
have not been previously defined.
External stakeholders. Not part of a business but have a keen interest in what it does, and influence its
decision-making. Normally stakeholders are from within the company and could include internal clients,
customers, suppliers, lenders, management, employees, administrators, etc. However, a project may have
external stakeholders, including suppliers, investors, community groups and government organisations or
the wider society, which influence and are influenced by an organisation but are not in its 'internal part'.
Extranet. A private network that uses Internet technology and the public telecommunication system to
securely share part of a business's information or operations with suppliers, vendors, partners, customers,
or other businesses. An extranet can be viewed as part of a company's intranet that is extended to users
outside the company.
Fast Ethernet. A new Ethernet standard that supports 100 Mbps using category 5 twisted pair or fibre
optic cable.
Feasibility study. Involves a review of the existing system and the identification of a range of possible
alternative solutions. A feasible (technical, operational, economic, social) solution will be selected – or a
decision made not to proceed.
Feedback. In information systems, feedback is information from the system that is used to make changes
to input or processing activities.
Fibre optic cable. A cable, consisting of a centre glass core surrounded by layers of plastic, that transmits
data using light rather than electricity. It has the ability to carry more information over much longer
distances.
Field. See Data field.
File sharing. Swapping music, movies, games, and other media online with other users on a local network
or a peer-to-peer (P2P) program.

File server. A computer, connected to the network, that contains primary files/applications and shares
them as requested with the other computers on the network. If the file server is dedicated for that purpose
only, it is connected to a client/server network. All the computers connected to a peer-to-peer network
are capable of being the file server.
Financial accounting. The standard accounting used to provide information about an organisation's
performance. Legal and GAAP (Generally Accepted Accounting Principles) guidelines are provided in the
recording process. Internal control and auditing are part of this system.
Firewall. A system designed to control access between two networks.
Folksonomy. A classification that arises when people collaborate to create and manage the links between,
for example, Wikis, Blogs and normal web pages.
Gate keeping. The restricted access to services, privileges, benefits or opportunities on the basis of
certain data values.
Gateway. Converts the data passing between dissimilar networks so that each side can communicate with
the other i.e. it converts data into the correct network protocol.
General Packet Radio Service (GPRS). An extension to GSM which organises data into packets,
resulting in higher data transmission speeds. Among other things, this allows continuous Internet access and
more advanced messaging.
Gigabyte (GB). One billion bytes of information or one thousand megabytes.
Global Ledger Taxonomy (or XBRL-GL). Allows the representation of anything that is found in a chart
of accounts, journal entries or historical transactions, financial and non-financial. This defines the underlying
data elements in AIS, and is available from the XBRL International web site www.xbrl.org/GLFiles/.
Global System for Mobile Communications (GSM). By far the most widely used mobile telephone
system in the world. Control signals and speech are both transmitted digitally.
Graphical Robotics Applications Simulation Package (GRASP). A 3-D graphical simulation system
used by engineering companies for evaluating and programming industrial robots.
Groupware. Software that provides functions for the use of collaborative work groups.
Hard data. Data that can be verified objectively, satisfies audit criteria, and is considered reliable. The rules
for generating the data are inflexible with little scope for guesswork or human feeling for a situation. Hard
data is characterised by clear objectives, and a clearly defined problem which can be solved by standard
techniques, and it is obvious when a solution, a particular value, has been achieved.
Hardware. The various physical components that comprise a computer system, which are used to
perform input, processing and output activities. Hardware resources include the computer, its peripherals,
and consumables such as stationery.
Hub. The network hub allows computers to share data packets within a network.
Information. Data that have been processed in such a way as to be meaningful to the recipient. Data are
subjected to a 'value-added' process (data processing or information processing) where their form is
aggregated, manipulated and organised or their content is analysed and evaluated and is placed in a proper
context for a human user.
Information infrastructure. Includes all of the people, processes, procedures, tools, facilities, and
technology which support the creation, use, transport, storage, and destruction of information.
Glossary 301
Information superhighway. A 1990s concept for a high-speed computing and communications network
that would deliver ubiquitous voice, telephony, data, video and other communications. The Internet itself
was originally cited only as a model for the information superhighway, though the popularity of the Web
made it the default successor to the concept.
Information system (IS). Uses the resources of people, hardware, software, data, and networks to
perform input, processing, output, storage and control activities.
Information technology (IT). The common term for the entire spectrum of technologies for information
processing, including software, hardware, communications technologies and related services. In general, IT
does not include embedded technologies that do not generate data for enterprise use. Information
Technology is often used to support Business Processes through IT Services.
Information technology (IT) infrastructure. All the hardware, software, databases,
telecommunications, people and procedures that are configured to collect, manipulate, store and process
data resources into information products.
Input controls. Regulate the input of data to ensure it is accurate and free from error as possible. Such
controls are important where, for example, an employee is required to type or copy data into the system
from another source.
Instance. An XBRL business report containing tagged business facts together with the context in which
they appear and any further attributes needed to describe them.
Integrated services digital network (ISDN). A high-speed networking infrastructure that operates
over standard copper telephone wires or other media. ISDN connections are used to provide a variety of
digital services to customers, including digital voice telephone, fax, e-mail, digital video, and access to the
Internet. A wide range of data transfer rates are available, with speeds up to about 128 kilobits per second
(kbps). ISDN is faster than an ordinary dial-up connection (at about 56 kbps), but much slower than cable
modem or Digital Subscriber Line (DSL) connections (which typically exceed one megabit per second).
Internal stakeholders. All employees (from directors down) and their families, their unions and
associations and professional organisations, and previous employees who rely on the company pension fund
as well as shareholders.
Internet. A global network linking computers so they can communicate. The Internet was developed in
1969 for the U.S. military and gradually grew to include educational and research institutions. Use of the
Internet has mushroomed, primarily due to the popularity of the Web – the graphical form of the Internet
that most people use – and email.
Internet Protocol (IP). The basic underlying protocol of the Internet. Used in conjunction with
Transmission Control Protocol (TCP), it provides a common address system and communications protocol
to track the addresses of network nodes, route outgoing messages and recognise incoming ones. Today, its
use has spread beyond the Internet to become a de facto standard used in enterprise networking. See
Internet, TCP and TCP/IP.
Internet Protocol (IP) address. The Internet protocol (IP) address is the address of a computer on a
TCP/IP (transmission control protocol/Internet protocol) network. IP addresses are written as four groups
of up to three digits (e.g., 169.237.104.18).
Internet Service Provider (ISP). An organisation that provides access to the Internet, sometimes for a
fee.
Intranet. A network internal to an enterprise that uses Internet technology and protocols. It is meant for
the exclusive use of the organisation and is protected from unauthorised access with security systems such
as firewalls. Intranets are often used by companies for informational purposes, such as distributing internal
announcements or displaying job postings, internal directories and organisational charts.
Intrusion detection. A security measure that collects and analyses information on a computer or
network to determine if/when an attack has occurred.
IT environment. See IT platform.
IT platform. Refers to the hardware architecture and software framework (including application
frameworks), that allows software to run. (The terms 'platform' and 'environment' are used
interchangeably.)

Knowledge. Information within people's minds.
Knowledge management. The process of collecting, storing and using the knowledge held within an
organisation.
Knowledge Work Systems (KWS). Information systems that facilitate the creation and integration of
new knowledge into an organisation.
Knowledge Workers. People whose jobs consist primarily of creating new information and knowledge.
They are often members of a profession such as doctors, engineers, lawyers or scientists.
Logical design. Describing the purpose of a system, i.e. what the system will do. Logical design does not
include any specific hardware or software requirements as it is more concerned with the processes to be
performed.
M-business. See M-Commerce.

M-commerce or Mobile Commerce. Any e-commerce or e-business activities performed in a wireless
environment. It is not merely a variation on existing Internet services; it is a natural extension of e-business
creating new opportunities.
Management or Managerial accounting. Accounting for the internal use of the management,
specifically for planning, monitoring and decision making.
Management Information Systems (MIS). Convert data from mainly internal sources into information
(e.g. summary reports, exception reports). This information enables managers to make timely and effective
decisions for planning, directing and controlling the activities for which they are responsible.
Master file. A computer file containing relatively permanent information, usually updated periodically, such
as subscriber records or payroll data other than time worked. A computer file that is used as an
authoritative source of data in carrying out a particular job on the computer.
Metadata. Data about data. The definition and scope of metadata depends upon its context. In the context
of information management, metadata is generally thought of as providing information (what database stores
it? what data type is it? how long is the field? etc.) about a data element. Within the context of data
governance, the term also includes ‘business’ metadata such as the names and roles of data stewards.
Metadata repositories are employed to store and report on metadata.
Metadata management. Like other data management initiatives (e.g. data quality), metadata management
comes under the ownership and accountability of a data steward (which is a business role).
Metropolitan Area Network (MAN). A network spanning a physical area larger than a LAN but smaller
than a WAN, such as a city. A MAN is typically owned an operated by a single entity such as a government
body or large corporation.
Middleware. Software that helps glue systems together by connecting applications on a network.
Modem. A communications device that enables a computer to transmit information over a standard
telephone line, and a common way for people to connect to the Internet. A connection requires two
modems: one from the user's computer to the phone jack and, at the other end of the line, one that
communicates with a server or another user’s computer.
Multipurpose Internet Mail Extensions (MIME). Data specification which allows non-ASCII files to be
sent over the Internet. Email programs and Web browsers are configured to interpret a variety of standard
MIME types so they can transmit and receive graphics, audio, video, and formatted text files.
Netiquette. Short for 'Internet etiquette’, netiquette refers to standards of courtesy in electronic
communications.
Network. Any computing system that includes connected computers. It is a set of conjoined computers
that can share storage devices, peripherals, and applications. Networks may be connected directly by cable,
or indirectly by telephone lines or satellites, and can be part of a small-office system, or of a global web of
numerous other networks.
Glossary 303
Network Access Ports. On-campus stations (desks or booths) designated for connecting laptops to the
Internet via the organisation’s network.
Network Security. Measures taken to protect a set of computers from threats posed by hackers, thieves,
viruses, and other destructive forces. See also computer security.
Newsgroup. A virtual forum focusing on a specific subject. The collected email entries (known as news
articles) can be perused by all Internet users.
Object-oriented databases. Emerged in the mid-1980s, but relational databases remain the most
popular. The main difference with an object-oriented database is that database 'records' are treated as
properties of an object rather than as a group of related fields. Links can be established between different
objects and their associated properties and classes. Objects may hold other objects, allowing them to
inherit properties.
Office Automation Systems (OAS). Support general office work for handling and managing documents
and facilitating communication. They are designed to increase the productivity of data and information
workers.
On-line Analytical Processing (OLAP). Involves on-line transactions that include large amounts of data
used for extensive analysis. OLAP applications support management-critical tasks through analysis of data in
the data warehouses.
On-line Transaction Processing (OLTP). Events relating to current activities of the business. OLTP
applications support mission-critical tasks.
Operations support systems. The role of an organisation's operations support systems is to effectively
process business transactions, control industrial processes, support enterprise communications and
collaboration and update corporate databases.
Operating system (OS). Software that controls the basic operation of the machine. The operating
system performs such tasks as recognising keyboard input, sending output to the monitor, keeping track of
files and directories on the disk, and controlling other connected devices such as printers.
Output controls. Designed to ensure that the output of data is authorised and as accurate and complete
as possible.
Parallel running. The old and new systems are run in parallel for a period of time, both processing
current data and enabling cross checking to be done.
Password. A common security measure, a password is generally a string of letters, numbers and symbols
used by individuals to access protected computers or computing systems.
Patches. See Software Patches.
Payroll accounting. This accounting system is the only operation in a business that is almost completely
governed by various federal, state, and local laws and regulations. Rules establish who is an employee, what
is time worked, when overtime is to be paid, what deductions are made, when to pay an employee, and
when taxes are paid. Lack of compliance with these laws and regulations can result in both fines and back-
pay awards. With each new year, payroll administrators must keep abreast of the changes in legislation that
affect their firms' payroll record keeping.
Peer-to-peer network. Each computer has equivalent capabilities and responsibilities – devices
communicate directly with each other.
Pharming. A scam in which malicious code is installed on a personal computer or server, misdirecting
users to fraudulent Web sites without their consent.
Phishing. A form of fraud. Phishers send email messages that appear to come from a reputable business
(often a financial institution) in an attempt to gain personal or account information. The message typically
includes a link to a fake Web site that resembles a legitimate page. The fake page collects the information
and then uses it for fraud.

Physical computer security. Environmental and physical controls that secure and protect a computer or
network. Examples include locks for laptops and doors, plus systems to protect against power surges and
excessive heat and humidity.
Physical design. The 'nuts and bolts' of the system, for example the technical specifications for the
hardware and software required.
Platform. A combination of hardware and system software that forms the basis of a computer system. The
term ‘cross-platform’ refers to programs and formats that can be used on more than one platform.
Podcasting. A method of publishing audio and video broadcasts via the Internet. Users listen to the files
on their computers or portable music players.
Preventive controls. Designed to stop errors or damage before they occur.
Primary key. The data field in each record that enables a database system to uniquely distinguish one
record from another.
Privacy. The claim of individuals to be left alone, free from surveillance or interference from other
individuals or organisations including the state. Claims to privacy are also involved at the workplace. Millions
of employees are subject to electronic and other forms of high tech surveillance. Information technology
and systems threaten individual claims to privacy by making the invasion of privacy cheap, profitable and
effective.
Procedural controls. Manage the human aspects of system activity and are usually placed on the day-to-
day running of the system. They can be divided into three sub-categories, input controls, processing
controls, and output controls.
Procedures. The rules and steps to accomplish the defined goals of the system. Many of the procedures
are expressed as software. For instance, banking systems have their predefined rules for providing interest
at different rates for different types of accounts.
Process control systems (PCS). Use computers to control ongoing physical processes. Software
automatically makes decisions that adjust the physical production process. Examples include petroleum
refineries and the assembly lines of automated factories.
Process maps. A way of analysing and representing information flows.
Processing controls. Designed to ensure as far as possible that the processing and conversion of data is
performed correctly.
Productivity software. A term used to describe office application software such as Microsoft Office –
including word processing, spreadsheet, scheduling, presentation and other types of software used by
individuals to improve their productivity.
Protocol. A network protocol is the agreed method of communication to be used within the network.
Each device or computer will use this protocol.
Query language. A formalised method of constructing queries in a database system. A query language
provides the ways in which you ask a database for data. Some query languages can be used to change the
contents of a database. SQL, short for Structured Query Language, is a popular language.
Record. Data fields combine to form a complete record. A database record stores all the information
about one file entity, for example one employee in a payroll file.
Relational database. A computer database in which all the data is stored in relations which (to the user)
are tables with rows and columns. Each table is composed of records (called tuples) and each record is
identified by a field (attribute) containing a unique value. Every table shares at least one field with another
table in 'one to one,' 'one to many,' or 'many to many' relationships. These relationships allow the database
user to access the data in almost an unlimited number of ways, and to combine the tables as building blocks
to create complex and very large databases.
Glossary 305
Reliability. Reliable data is at the heart of an accounting information system. If the data is not reliable,
nothing else is of any consequence. Reliable data is truthful, accurate, complete, and capable of being
verified.
Repeater. A device used in a network to strengthen a signal as it is passed along the network cable.
Resources, Events and Agents system (REA). This model (McCarthy 1982) is an accounting
framework for modelling an organisation's critical resources, events and agents and the relationship
between them. Unlike some traditional accounting systems, REA permits both accounting and non-
accounting data to be identified, captured and stored in a centralised database.
Ring network. Every device has exactly two neighbours for communication purposes. All messages travel
through a ring in the same direction (either 'clockwise' or 'counter clockwise').
Router. A device that connects different networks. It can select the best path to route a message, as well
as translate information from one network to another. It should also be used to block unauthorised or
undesired traffic between networks.
Routing table. A table in memory that contains a list of all the networks a router is connected to, along
with the latest information on how busy each path in the network is at that moment.
Secure sockets layer (SSL). A protocol allowing secure transmission of confidential material via the
Internet.
Server. Any machine that provides a service for other users on the network.
Service Desk. The point in service management where people, process and technology blend to deliver a
business service. It provides the essential daily contact between customers, users, IT service and any
relevant third-party support organisation.
Simple mail transfer protocol (SMTP). A protocol for transferring email messages from one server to
another.
Slicing and Dicing. Refers to the ability to look at the database from different viewpoints. A slice is a
subset of a multi-dimensional array corresponding to a single value for one or more members of the
dimensions not in the subset. The dice operation is a slice on more than two dimensions of a data cube (or
more than two consecutive slices). One slice of the sales database might show all sales of product type
within regions. Another slice might show all sales by sales channel within each product type. Slicing and
dicing is often performed along a time axis in order to analyse trends and find patterns.
Soft data. Consists of estimates or relies on value judgements. It is the product of systems and methods
which do not give a rigid answer, but may produce a range of results or assign probabilities, or just be based
on what people think the answer should be. It may not be clear what the objective is, for the item to be
measured may be difficult to define and standard methods of solution will not apply. Examples of soft data
are employee morale and customer satisfaction.
Soft Systems Methodology (SSM). Checkland's SSM is a way of analysing situations. It provides an
organised approach (seven stages) which can be used to tackle unstructured and poorly defined problems.
The seven stages include first identifying and then analysing the problem. Then a set of 'root definitions' is
developed for anything thought to be relevant to the problem. Conceptual models of the root definitions
are built and compared with the real world. Possible changes are defined before a change is made, and
the resultant problems are considered.
Software. Sets of instructions or data that tell a computer what to do. Software is often divided into two
categories: system software, which includes the operating system (e.g., Windows Vista, MacOSX) and all
utilities that enable the computer to function; and application software, which includes programs that
perform specific tasks (e.g., word processors, spreadsheets, and databases).
Software patches. Updates that fix a flaw in a computer program.
Source code. Computer programs or operating systems are originally written by a person in a
programming language. This is the software's source code. To use it, the computer has to translate the
program from the source code into the machine language that the computer understands and can execute.
This translation process is referred to as compiling.

Spam. Unsolicited bulk email, which is irritating if not fraudulent and sent to large numbers of people.
Spyware. Some companies place spyware through their software installations, usually without the user's
permission. It can pass on information about software, browsing habits and purchasing habits of the user to
the company's data collection facilities. It also has the capability to take names, credit card and other
personal information. The information gathered by such companies is usually sold and combined with other
databases to build a profile of individual web users. This profile is mainly used for direct marketing
purposes.
Stakeholder mapping. An important part of making strategy. It consists of making judgements on three
issues: how likely each stakeholder group is to impress its expectations on the organisation; whether they
have the means to do so - power of the stakeholder group; and the likely impact that stakeholder
expectations will have on future strategies.
Stakeholders. Individuals or groups of people whose interests are affected by the activities of the business.
Star network. Many home networks use the star topology. A star network features a central connection
point called a 'hub' that may be a hub, switch or router.
Storage Area Network (SAN). Connects servers to data storage devices through a technology like
Fibre channel.
Switch. Has a minimal role in a secure network environment. Switches perform the same job as hubs, but
with slightly more intelligence. They can examine each data packet, and send it to just the recipient,
reducing the traffic, and so increasing the network performance.
System analysis. Once the workings of the existing system have been documented, they can be analysed.
This process examines why current methods are used, what alternatives might achieve the same, or better,
results, and what performance criteria are required from a new system.
System area network. Links high-performance computers with high-speed connections in a cluster
configuration. Also known as Cluster area network.
System configuration. Refers to the hardware, software and processes that comprise a system. In other
words it defines what the system consists of.
System design. Examines existing computerised and manual procedures, addressing, in particular, inputs,
outputs, program design, file design and security. New processes will also be considered allowing a detailed
specification of the new system to be produced.
System implementation. Carries development through from design to operations. It involves the
acquisition (or writing) of software, program testing, file conversion or set-up, acquisition and installation of
hardware and 'going live'.
System investigation. A fact finding exercise which investigates the existing system to assess its problems
and requirements and to obtain details of data volumes, response times and other key indicators.
System software. Includes the operating system (e.g., Windows Vista, MacOSX) and all utilities that
enable the computer to function.
Tag. A mechanism used in markup languages, such as XML, to describe and locate data. XBRL tags are
generally a word or words enclosed in angle brackets to denote an opening tag, and the same but with a
forward slash for an ending tag.
Tax accounting. Is principally based on Australian Tax Office (ATO) regulations. Its objective is to ensure
that the organisation is paying what is due or what it owes to the Government in the form of taxes. Tax
accounting systems include taxation as it applies to individuals, partnerships and corporations, estate and
trusts, international taxation and special tax issues and topics.
Taxonomy. An electronic dictionary of business reporting elements used to report business data.
Technical controls. IT solutions to security concerns and often relate to the storage of, and access to
data, as well as to amending or deleting data files.
Telecommunications. The electronic transmission of signals for communications, which enables
organisations to carry out their processes and tasks through effective computer networks.
Glossary 307
Terminator. A device that provides electrical resistance at the end of a transmission line. Its function is to
absorb signals on the line, thereby keeping them from bouncing back and being received again by the
network.
Third generation (3G). Global system for mobile communications (GSM) and general packet radio
service (GPRS) data services – data networking services for mobile phones.
Token. A special packet that contains data and acts as a messenger or carrier between each computer and
device on a ring topology. Each computer must wait for the messenger to stop at its node before it can
send data over the network.
Token ring. A network protocol developed by IBM in which computers access the network through
token-passing.
Topology. Refers to how a computer network is physically arranged.
Trade Practices Act 1974. The first attempt to regulate and promote fair competition was the
Australian Industries Preservation Act in 1906. It attempted to prohibit combinations and
monopolies, but key sections were declared unconstitutional by the high court, and it was finally repealed in
1965, having been largely ineffective.
From 1911 to 1973 there were several attempts to introduce nation-wide regulation of industry and
commerce, but all failed, though some quite narrowly. As a result there arose a host of anti-competitive
trade practices: cartels and monopolies, price fixing, and restrictions to market entry.
The Trade Practices Act (1974) was a landmark piece of legislation because it changed the Australian
trade landscape from one of restrictive practice to one of competition.
Transaction Processing Systems (TPS). Process the data generated by business transactions (sales,
purchases, inventory changes). TPS also produce a variety of information products for internal or external
use (customer statements, sales receipts and payslips).
Transmission control protocol (TCP). Together with Internet protocol (IP), TCP is one of the core
protocols underlying the Internet. The two protocols are usually referred to as a group, by the term
TCP/IP. TCP enables two computers to establish a connection and exchange information. It guarantees
delivery of data, and also guarantees that information packets will be delivered in the same order in which
they were sent.
Transparency. The open and clear disclosure of relevant information to shareholders and other
stakeholders, and not concealing information that may affect decisions.
Tree network. A local area network (LAN) topology similar to linear bus topology, except that tree
networks can contain branches with multiple nodes. In its simplest form, only hub devices connect directly
to the tree bus and each hub functions as the 'root' of a tree of devices.
Twisted pair. Network cabling consists of four pairs of wires that are manufactured with the wires
twisted to certain specifications. They are available in shielded and unshielded versions.
Ubiquity. Refers to the attribute of being available at any location at any given time. A mobile terminal in
the form of a smart phone or a PDA offers ubiquity.
Unshielded Twisted Pair (UTP). Is the most common kind of copper telephone wiring. Twisted pair is
the ordinary copper wire that connects home and many business computers to the telephone company. To
reduce crosstalk or electromagnetic induction between pairs of wires, two insulated copper wires are
twisted around each other. Each signal on twisted pair requires both wires. Since some telephone sets or
desktop locations require multiple connections, twisted pair is sometimes installed in two or more pairs, all
within a single cable. For some business locations, twisted pair is enclosed in a shield that functions as a
ground. This is known as shielded twisted pair (STP).

Validation. The process of checking that an instance document meets the syntactical and semantic rules
provided in its associated taxonomy. Validation also confirms that XBRL reports and taxonomies conform
to the XBRL specification.
Virtual private network (VPN). A network that uses a public telecommunication infrastructure, such as
the Internet, to provide remote offices or individual users with secure access to their organisation's
network. A virtual private network can be contrasted with an expensive system of owned or leased lines
that can only be used by one organisation. The goal of a VPN is to provide the organisation with the same
capabilities, but at a much lower cost. VPNs are widely used as replacements for Wide Area Networks
(WANs).
Virus. A program designed to replicate itself and spread to other computers. Some viruses are also
designed to damage data or halt operations on a system. Viruses can spread through networks, shared
media, email attachments, and the Internet.
Voluntary Filing Program XBRL trials. Carried out in China (2003), the United States (2005), Canada
(2007), Japan (2007), and several other countries such as the Netherlands, Australia, and the United
Kingdom. In these trials companies voluntarily submitted XBRL returns in addition to the data legally
required by the government.
Web browser. See Browser.

Web Bugs. Used to gather statistics about web browser usage and independent accounting of the number
of people who have visited a particular web site. A web bug is often invisible as its size is only 1 pixel by 1
pixel. It is represented as an HTML IMG tag. Any graphics used for monitoring is a web bug. Not all invisible
gif images are web bugs, as some are used for alignment purposes. Web bugs are also known as ‘clear gifs’
or ‘1 by 1 gifs’ or ‘invisible gifs’.
Web Server. A combination of computer hardware and special software used to store Web pages.
Web site. A collection of Web pages that provides information such as text, graphics, and audio files to
users, as well as connections (‘hypertext links,’ ‘hyperlinks’, or just ‘links’) to other Web sites on the
Internet.
Wide area network (WAN). A computer network covering a large geographical area, usually consisting
of two or more LANs.
Wiki. A website that allows users to easily create new web pages on the site, to make links between the
pages, and to edit existing pages. Wiki sites are used by many companies to encourage collaboration
between individuals and groups. One of the most widely known public Wiki sites is Wikipedia, an on-line
encyclopedia.
Wireless application protocol (WAP). A secure method for connecting handheld wireless devices on
any operating system.
Wireless fidelity (WiFi). A type of wireless computer network.
Wireless Local Area Network (WLAN). A LAN based on WiFi wireless network technology.
Wireless network. A service that allows a computer to access the Internet without a cable.
Wireless wide area networks (WWAN). Wide area networks for mobile computing.
Workflow. A term used to describe the defined series of tasks within an organisation to produce a final
outcome.
Workgroup. A collection of workstations and servers on a Local Area Network (LAN) that are
designated to communicate and exchange data with one another.
Workstation. A computer connected to a network at which users interact with software stored on the
network.
World Wide Web (WWW). A graphical interface for the Internet, composed of Internet servers that
provide access to documents that in turn provide links to other documents, multimedia files, and sites.
Glossary 309
Index
311
3G technologies, 36 BPR problems, 219
Bridge, 38
A Broad reach, 33
Bubble Act, 250
Acceptance, 108, 215 Bubbles, 250
Access control, 24 Budget, 111
Accountability and control, 171 Bugs, 126
Accountancy & Actuarial Discipline Board, 251 Bus topology, 18
Accounting cycle, 147 Business intelligence, 94
Accounting information system (AIS), 72, Business intelligence management, 11
141, 160, 220 Business Intelligence Systems, 15
Accounting records, 57 Business intelligence tools, 94, 96
Accounting Regulatory Committee (ARC), 251 Business process, 210
Accounting software, 142 Business process re-engineering (BPR), 216
Accounting Standards, 236 Business processes, 210, 215, 217, 218, 220
Accounting Standards Board of Japan, 249 Business processes and IT, 220
Active resistance, 215 Business process summary, 210
Ad networks, 173 Byte, 59
Adaptation, 215
Analysis stage, 109 C
Anti-virus software, 193, 194
Association for Project Management Book Campus Area Network (CAN), 25
of Knowledge (APM BoK), 113 Cardinalities, 156
Associations, 97, 98 Cash, 147
Attribute, 240 Categories, 116
Audit Oversight Board, 249 Centralised architecture, 19
Australian Accounting Standards Board (AASB), Centralised network architecture, 19
236, 248 Change
Australian Competition and Consumer Pace, Manner, Scope, 216
Commission (ACCC), 248 Change control, 114
Australian Industries Preservation Act, 251 Changeover, 123
Australian Institute for Project Management Changing business processes, 215, 217, 218
(AIPM), 113 Check digits, 73
Australian National Competency Standards for Checkland's SSM, 238
Project Management (ANCSPM), 113 Checkpoint, 113, 135
Australian Prudential Regulation Authority China, 249
(APRA), 248 China Securities Regulatory Commission, 249
Australian Securities & Investments Commission Classification, 98
(ASIC), 248 Client applications, 27
Australian Taxation Office (ATO), 145, 248 Clients, 27
Authentication, 24, 194 Client-server networks, 25, 27
Cloud computing, 21
B Clustering, 98
Communications media, 12
Backbone network, 19 Computer Aided Design (CAD) systems, 15, 21,
Backup and Recovery, 166 88
Balanced Matrix Organisation, 112 Computer crime, 175
Balanced Scorecard, 230 Computer ethics, 171
Bar chart, 231 Computer fraud, 143
Batch, 161 Computer-based information system (CBIS), 12
Batch processing, 161 Confidentiality, 24
Batch processing systems, 168, 169 Consistency, 62
Batch systems, 170 Consolidation, 142, 167
Benefits Consultancies, 58
intangible, 116 Control investment, 190
Bit, 59 Control systems, 190
Blog (Weblog), 195 Control totals, 73
Blogs, 89 Controlling, 56, 128
Boochholdt J, 141 Controls, 193
Index 313
Conversion cycle, 152 Database implementation, 70
Cookies, 173, 194 Database integrity, 72
Copyright law, 173 Database management, 11
Corporate applications, 27 Database Management System (DBMS), 15, 60,
Corporate network, 25, 46 61, 153
Corporate network components, 26 Database security, 72
Corporations Act, 248 Database system, 60, 61, 62
Cost, 128 Database user privileges, 73
Cost accounting, 145, 148 Database user rights, 73
Cost-benefit analysis, 115 Databases, 11, 72
Costs Dataflow Diagrams (DFDs), 109, 110
categories of, 116 Davenport and Short, 217
Creativity, 215 Decentralised network architecture, 20
Cryptography, 193 Decision making, 56
Customers, 234 Decision Support System (DSS), 8, 15, 16, 17, 50
Decision support tools, 220
D Decision tables, 120
Decision-makers, 168
Data, 11, 56, 57, 186 Denial of Service (DoS), 175
Data analysis, 94, 96 Denial of service attack, 43, 193
Database, 60, 62 Dependence, 175
Data capture, 63 Deployment, 108
Data collection, 163 Deployment flowchart, 214
Data collision, 40 Design stage, 109
Data compression, 40 Desktop computers, 10
Data corruption, 151 Development costs, 116
Data design, 67 Development stage, 109
Data dictionary, 74 Dial-back security, 194
Data flow, 118 Dialogue generation and management system
Data flow diagrams, 118, 214 (DGMS), 15
Data governance, 11 Digital dashboards, 94
Data independence, 62 Digital Subscriber Line (DSL), 24
Data integrity, 24 Direct productivity loss, 194
Data management, 5, 11 Distributed architectures, 20
Data mining, 96, 97, 101, 165, 168, 230 Document, record and content management, 11
Data modelling, 67 Documentation, 126
Data mosaic, 64 Documentation files, 110
Data packets, 39 Double entry bookkeeping, 156
Data privacy, 172 Drill down, 167, 230
Data processes, 118 Duality, 155
Data processing, 161, 163 Duplicate copies of data, 151
Data quality, 186
Data quality management, 11 E
Data quality principles, 186, 187
Data redundancy, 62 EasyMiner, 97
Data security management, 11 E-commerce analytics, 96
Data sources, 57 Economic agents, 155
Data storage, 63 Economic resources, 155
Data storage models, 65 Electronic communication, 197
Data store, 118 Electronic Data Interchange (EDI), 58
Data warehouse, 92, 93, 167, 168 Electronic signatures, 193, 194
Data warehouse systems, 168 Element, 240
Data warehousing, 92 Employment, 175
Data warehousing, 11, 97 Empowerment, 175
Database, 60, 153, 220 Encryption, 73 193, 194
Database Activity Monitoring (DAM), 74 End users, 9
Database administrator (DBA), 74 Enterprise collaboration systems, 8, 50
Database availability, 74 Enterprise information portals, 96
Database controls, 72

Enterprise Resource Management (ERM) Forecasting, 98
systems, 84, 120 Full mesh topology, 19
Enterprise Resource Planning (ERP) Fuzzy logic, 88
systems, 84, 158
Entity, 68, 69 G
Entity life history, 120
Entity relationship models, 120 Gate keeping, 173
Entity-relationship (ER) diagrams, 110 Gates, 127, 128, 131
Environmental scanning, 59 Gateway, 41
Equipment cost, 116 Generally Accepted Accounting Principles
Equity and access, 175 (GAAP), 236
ERP and workflow, 84 Global Ledger Taxonomy, 241
ERP centralised database, 84 Google analytics, 96
ERP success, 85 Government, 234
Error correction, 64 GPRS (General Packet Radio Service), 35
Error propagation, 64 GRASP (Graphical Robotics Applications
Errors, 126 Simulation Package), 15
Ethical issues, 63, 174 Grid computing, 21
Ethics, 63, 72, 170, 171 Groupware, 88
European Financial Reporting Advisory Group, Growth, 215
251
Events, 69, 155 H
Executive Information systems (EIS), 8, 13, 50
Executive Support Systems (ESS), 13, 17 Hackers, 142, 193
Expenditure cycle, 152 Hacking, 43, 175
Expert System (ES) , 88, 90, 220 Hammer and Champy, 216
Explicit knowledge, 86 Hard data, 238
Extensible Business Reporting Language Hardware, 6, 9
(XBRL), 239 Hardware architecture, 5
Extensible Markup Language, 239 Hash totals, 73
Extension taxonomy, 240 Heuristics, 90
Extensions, 246 Hierarchical database, 65
External data, 57 Hierarchical model, 65
External data sources, 58 Hierarchy of systems, 12
External entity, 118 Highlight reports, 113
External information, 57 Hoaxes, 192
Extranet, 12, 32 Hubs, 38
Hyperlinks, 89
Hypertext Markup Language (HTML), 240
F
Hypertext Transfer Protocol (HTTP), 45
Facilitator, 117
Fair use, 172 I
Feasibility study, 108, 115, 131
Feasibility study team, 115 Immediate mode, 169
Feedback, 6 Implementation, 108
Field, 59 Implementation stage, 109
File, 60 Imposition, 215
File conversion, 123 Incremental model, 109
File servers, 27 Index entry, 186, 191
Filter, 41 India, 249
Financial accounting (reporting), 145, 146 Indifference, 215
Financial Crimes Enforcement Network Information, 56, 186
(FinCEN), 252 Information bureaux, 58
Financial Reporting Council (FRC), 251 Information infrastructure, 4, 8
Financial Reporting Foundation, 249 Information policy, 74
Firewall, 31, 41, 193, 194 Information rights, 171
Flat-file model, 151 Information services, 58
Flowchart, 212, 213 Information System (IS) , 8, 5, , 63, 109, 169
Folksonomies, 89 Information Technology (IT), 63
Index 315
Information technology (IT) infrastructure, 5 Malaysia, 249
Information time frame, 169 Malaysian Accounting Standards Board (MASB),
InfoSphere Warehouse, 97 249
Input controls, 73, 188 Malicious software, 175
Input devices, 9 Malware, 195
Installation, 108, 121 Management accounting, 145, 149
Installation costs, 116 Management Information Systems (MIS), 8, 13,
Instance, 240 14, 50
Instant Messaging (IM), 29 Management support systems (MSS), 8, 50
Integration, 108, 158 Managerial accounting, 145, 149
Intelligent agents, 88 Manner, 216
Internal information, 57 Manual processing, 151
International Accounting Standards Board (IASB), Many-to-many, 68
236 Many-to-one, 68
International Financial Reporting Standards Mapping, 242, 247
(IFRS), 236, 249 Masquerading, 143
Internet, 12, 19, 58 Master, 60
Internet Protocol, 23 Master file, 161
Intranet, 12, 31, 88 M-business, 35
Investment workstation, 88, 89 M-commerce, 35
IT platform, 5 Measuring performance, 125
IT services, 5 Mesh topology, 19
Iteration, 69 Metadata management, 12
Iterative Development, 109 Metropolitan Area Network (MAN), 25
Microcomputers, 9
J Milestones, 127, 128, 129, 131
Mobile commerce (m-commerce), 35
Jamming, 175 Mobile technology, 33
Japan, 249 Mobility, 33
Model-based management system (MBMS), 15
K Monetary Authority of Singapore (MAS), 249
Monitoring, 128
Kermit, 40 Multidimensional data model, 166
Key, 59, 193 Multidimensional database, 95, 165
Knowledge, 86 Multidimensionality, 95
Knowledge Areas, 112
Knowledge bases, 11
N
Knowledge creation, 87
Knowledge management, 86, 87 National Companies and Securities Commission
Knowledge Work Systems (KWS), 15, 17, 89 (NCSC), 252
Knowledge Workers, 15 NetTracker, 97
Kotter and Schlesinger, 215 Network, 12, 17
Network database, 65
L Network devices, 26
Network model, 66
Labour costs, 149 Network protocol, 39
Laptop, 10 Network Service Providers (NSPs), 23
Liability, 174 Network support, 12
Libraries, 58 Network topologies, 18
Limit checks, 73 Network topology, 18
Local applications, 27 Neural networks, 88
Local Area Network (LAN), 22 Notebook computers, 10
Logic bomb, 192 Notes, 246
Logical design, 121
Logical view, 62
O
M Object-oriented database, 65, 67
Object-relational database, 67
Maintenance, 108 Office Automation System (OAS), 16, 17, 88

Off-line testing, 122 Processing devices, 9
OLAP tools, 166 Processing speed, 166
One-to-many, 68 Production data, 57
One-to-one, 68 Productivity software, 86, 87, 88
Online Analytical Processing, 230 Professional Oversight Board, 251
On-line analytical processing systems (OLAP), Profiling, 64
165, 168, 230 Project control, 127, 128, 131
On-line processing, 161, 163 Project management, 111
Online real-time (OLRT) systems, 169 Project Management Body of Knowledge
Online testing, 122 (PMBOK), 112
Online transaction entry (OLTE) system, 168, Project Management Institute (PMI), 112
169 Project planning, 108
On-line transaction processing (OLTP), 163 Project scope, 128
Operating costs, 116 Property rights, 171
Operational efficiency, 170 Protocol stack, 40
Operations, 146 Public Company Accounting Oversight Board,
Operations support systems, 7 253
Organisational learning, 87
Output controls, 73, 188 Q
Output devices, 9
Outsourcing, 44 Quality, 111
Quality of life, 171, 174
P Query languages, 62, 145
Pace, 216 R
Packet sniffing, 43
Partial mesh topology, 19 Range checks, 73
Passive resistance, 215 Rapid Application Development, 108
Passwords, 44 Rapid Prototyping, 108
Payroll accounting, 146 REA (resources, events and agents) system, 155
Payroll system, 149 REA model, 155, 156
Peer-to-peer, 30 REA system, 156
Peer-to-peer networks, 25, 28, 29, 44 Reactions to proposed change, 215
Performance measurement, 56 Real-time systems, 168
Personal Computers, 9 Record, 59
Personal Digital Assistants (PDAs), 10 Recording transactions, 56
Personnel costs, 116 Reference and master data management, 11
Personnel records, 57 Reference works, 58
Physical view, 61 Relational database, 65
Pie chart, 231 Relational Database Management System
Piggybacking, 143 (RDBMS), 61
Planning, 56, 109 Relational model, 66
Planning stage, 109 Reliability, 236
Political issues, 174 Repeater, 37
Porter, M, 144 Requirements changes, 126
Ports, 45 Requirements definition, 108
Post implementation review, 125 Requirements specification, 120
Power failure, 142 Resistance to change, 215
PRINCE2, 113 Resources, 170
Principles of BPR, 216 Revenue cycle, 152
Primary, 59 Ring topology, 18
Privacy, 63, 172, 198 Risk assessment, 130
Procedural controls, 187
Procedures, 6 S
Process control systems (PCS), 8, 50
Process flowchart, 213 Sarbanes Oxley Act, 142, 252, 253
Process mapping, 211, 212, 213 Satyam Computer Services Limited, 249
Process maps, 211 Savings, 116
Processing controls, 73, 188 Scheduling, 128
Index 317
Scope, 111, 216 Tag, 239
Securities Commission of Malaysia, 249 Tagging, 247
Securities Exchange Act, 252 Tax accounting, 145, 147
Securities Exchange Commission (SEC), 245, 252, Taxonomy, 240
253 TCP (Transmission Control Protocol), 40
Security, 193, 198 TCP/IP, 44
Selection, 69 TCP/IP protocol stack, 40
Sequences, 98 TCP/IP protocols, 31
Sequential patterns, 97 Technical controls, 189
Servers, 9, 41 Telecommunications, 12
Service Desk, 5 Telecommunications networks, 12, 220
Seven-layer Open Systems Interconnection (OSI) Testing, 108, 121
model, 40 Time, 127
Signatures, 193 Time bomb, 192
Singapore, 249 Timesheets, 57
Slates, 10 Topology, 18
Slicing and dicing, 167 Torrington and Weightman, 215
Sniffing, 43, 175 Tracking technology, 220
Social issues, 174 Trade Practices Act, 251
Social Networking, 29 Training, 122
Soft data, 238 Transaction, 60
Soft Systems Methodology (SSM), 238 Transaction cycles, 152
Software, 6 Transaction Processing System (TPS) , 8,
Software developers, 9 16, 50, 151
Software framework, 5 Transparency, 237
South Sea Bubble, 250 Trap door, 192
Spam, 195 Tree topology, 19
Spiral model, 108 Trial balance, 230
Spoofing, 44, 175 Trojan horse, 192
Spyware, 43, 173 Tucker, 218
Stakeholders, 232 Types of change, 215
Static, 67
Storage Area Network, 25
Strategic level information system, 13
U
Strong Matrix Organisation, 112 Ubiquity, 33
Structured query language (SQL) , 62, 65, 67, 156 UMTS (Universal Mobile Telephone System ), 36
Sub processes, 169 Unauthorised access, 43
Suppliers, 234 Unauthorised data linking, 64
Switches, 39 Unauthorised data sharing, 64
System analysis, 109, 118 User, 73
System analysts, 9 User Datagram Protocol (UDP), 45
System Area Network, 25 User passwords, 73
System design, 110, 120
System development, 110
V
System implementation, 110, 121
System investigation, 117 Validation, 240, 247
System maintenance, 126 Value chain, 144
System operation, 110, 127 Vandalism, 43
System operators, 9 Virtual Private Network (VPN), 24
System quality, 174 Virtual Reality, 88
System review, 125 Virtual reality systems, 90
Systems analysis, 108, 118 Viruses, 142, 192
Systems design, 108 Viruses and worms, 43
Systems development lifecycle (SDLC), 109, 131 Voluntary Filing Program (VFP), 245
T W
Table, 60 WAP phones, 35
Tacit knowledge, 86 Watchdogs, 250, 251

Waterfall method, 108 Wireless-enabled devices, 34
Waterfall model, 108 Work breakdown structure (WBS), 128
Weak Matrix Organisation, 112 Workflow, 84
Web Beacons, 194 Workstations, 9
Web Bugs, 173
Wide Area Network (WAN), 23 X
WiFi Internet access, 34
Wiki, 89 X.25, 40
Wikipedia, 21 XBRL Australia, 242
Wireless Application Protocol, 35 XBRL International, 239
Wireless commerce, 35 XBRL trials, 245
Wireless Fidelity, 34 XBRL-GL, 241
Wireless Local Area Network (WLAN), 25 XML, 239
Index 319

Study Manual It and Business Processes

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Study Manual It and Business Processes

Загружено:

Авторское право:

Доступные форматы

STUDY MANUAL

IT and Business Processes

ISBN 9781 4453 8012 4

Previous ISBN 9780 7517 8152 6

British Library Cataloguing-in-Publication Data

Published by BPP Learning Media Ltd

All rights reserved. No part of this publication may

We are grateful to CPA Australia for permission to

Additional Learning Support

Revision questions 261

Answers to revision questions 275

Before you begin questions: answers and commentary 285

Glossary of terms 295

Learning Show the referenced CPA Australia learning objectives.

Introduction Presents a general idea of what is covered in this chapter.

Worked example This is an illustration of a particular technique or concept with a solution or

vi IT and Business Processes

Chapter 1 Organisational information infrastructure

Chapter 2 Database concepts

Chapter 3 ERP systems and data analysis

Chapter 4 Systems design and development

Chapter 5 Accounting information systems

Chapter 6 Controls, security and privacy

Chapter 7 Business processes

Chapter 8 Distributing and reporting accounting information

viii IT and Business Processes

IT and Business Processes

x IT and Business Processes

xii IT and Business Processes

Learning objectives Reference

1 Identify the core elements of an organisation’s information infrastructure

The IT platform, IT infrastructure and information architecture together make up an organisation's

2 IT and Business Processes

1: Organisational information infrastructure 3

1.1 Communications network

1.2 Elements of the information infrastructure

4 IT and Business Processes

Question 1: Information systems

1.2.2 Role of organisational information systems

1: Organisational information infrastructure 5

Input of data Processing Output of

Storage of data resources

All these components together make a complete functional system.

Example: Feedback and forecasting

6 IT and Business Processes

Strategic uses of information systems

Improving Promote business Locking in customers

Use IT to reduce Use IT to improve

Enhance Create new Maintain valuable

In general, information systems offer either operations or management support:

Operations support Management support

Transaction Process Enterprise Management Decision Executive

Operations support systems:

1: Organisational information infrastructure 7

1.3 Successful information systems

Question 2: Support systems

8 IT and Business Processes

2.2 Hardware resources

1: Organisational information infrastructure 9

2.3 Software resources

10 IT and Business Processes

2.4.1 Data management

Aspects of data management include:

1: Organisational information infrastructure 11