Академический Документы
Профессиональный Документы
Культура Документы
Foundation level
Printed in Australia
©
BPP Learning Media Ltd 2012
ii
Welcome to the next step in your career –
CPA Program
Today’s CPA Program is a globally recognised education program available around the world. All candidates
of CPA Australia are required to attain a predetermined level of technical competence before the CPA
designation can be awarded. The CPA Program foundation level is designed to provide you with an
opportunity to demonstrate knowledge and skills in the core areas of accounting, business and finance.
A pass for each exam is based on a determination of the minimum level of knowledge and skills that
candidates must acquire to have a good chance at success in the professional level of the CPA Program.
In 2012 you have more opportunities to sit foundation level exams, allowing you to progress through to the
professional level of the CPA Program at your own pace.
The material in this study manual has been prepared based upon standards and legislation in effect as at
1 September 2011. Candidates are advised that they should confirm effective dates of standards or
legislation when using additional study resources. Exams for 2012 will be based on the content of this study
manual.
iii
iv
Contents
Page
Introduction
Welcome to CPA Australia iii
Chapter features vi
Chapter summary viii
Answering multiple choice questions ix
Learning objectives x
Chapter
1 Organisational information infrastructure 1
2 Database concepts 53
3 ERP systems and data analysis 81
4 Systems design and development 105
5 Accounting information systems 137
6 Controls, security and privacy 183
7 Business processes 207
8 Distribution and reporting of accounting information 227
Index 313
Introduction v
Chapter features
Each chapter contains a number of helpful features to guide you through each topic.
Topic list Tells you what you will be studying in this chapter.
Chapter summary Summarises the content of the chapter, helping to set the scene so that you can
diagram gain the bigger picture.
Before you begin This is a small bank of questions to test any pre-existing knowledge that you may
have of the chapter content. If you get them all correct then you may be able to
reduce the time you need to spend on the particular chapter. There is a
commentary section at the end of the Study Manual called Before you begin: answers
and commentary.
Section overview This summarises the key content of the particular section that you are about to
start.
Learning objective This box indicates the learning objective covered by the section or paragraph to
reference which it relates.
LO
1.2
Definition Definitions of important concepts. You really need to know and understand these
before the exam.
Exam comments These highlight points that are likely to be particularly important or relevant to
the exam. (Please note that this feature does not apply in every Foundation Level
study manual.)
Question This is a question that enables you to practise a technique or test your
understanding. You will find the solution at the end of the chapter.
Key chapter points Review the key areas covered in the chapter.
Revision The revision questions are not a representation of the difficulty of the questions
questions which will be in the examination. The revision MCQs provide you with an
opportunity to revise and assess your knowledge of the key concepts covered in
the materials so far. Use these questions as a means to reflect on key concepts
and not as the sole revision for the examination.
Case study This is a practical example or illustration, usually involving a real world scenario.
Formula to learn These are formulae or equations that you need to learn as you may need to apply
them in the exam.
Bold text Throughout the Study Manual you will see that some of the text is in bold type.
This is to add emphasis and to help you to grasp the key elements within a
sentence and paragraph.
Introduction vii
Chapter summary
This summary provides a snapshot of each of the chapters, to help you to put the syllabus as a whole and
the Study Manual itself into perspective.
The questions in your exam will each contain four possible answers. You have to choose the option that
best answers the question. The three incorrect options are called distractors. There is a skill in
answering MCQs quickly and correctly. By practising MCQs you can develop this skill, giving you a better
chance of passing the exam.
You may wish to follow the approach outlined below, or you may prefer to adapt it.
Step 1 Attempt each question – starting with the easier questions which will be those at the start of
the exam. Read the question thoroughly. You may prefer to work out the answer before
looking at the options, or you may prefer to look at the options at the beginning. Adopt the
method that works best for you.
Step 2 Read the four options and see if one matches your own answer. Be careful with numerical
questions, as the distractors are designed to match answers that incorporate common errors.
Check that your calculation is correct. Have you followed the requirement exactly? Have you
included every stage of the calculation?
Step 3 You may find that none of the options matches your answer.
• Re-read the question to ensure that you understand it and are answering the
requirement
• Eliminate any obviously wrong answers
• Consider which of the remaining answers is the most likely to be correct and select
the option
Step 4 If you are still unsure make a note and continue to the next question. Some questions will
take you longer to answer than others. Try to reduce the average time per question, to allow
yourself to revisit problem questions at the end of the exam.
Step 5 Revisit unanswered questions. When you come back to a question after a break you often
find you are able to answer it correctly straight away. If you are still unsure have a guess. You
are not penalised for incorrect answers, so never leave a question unanswered!
Introduction ix
Learning objectives
CPA Australia's learning objectives for this Study Manual are set out below. They are cross-referenced to
the chapter in the Study Manual where they are covered.
General overview
This exam covers a critical awareness of business processes in the context of information technology. It
requires an understanding of database concepts and data analysis tools, corporate networks and the design
and operations of business information and accounting systems. It also covers the key areas of information
controls and processes and the reporting of accounting information.
These are the topics that will be covered in the exam.
Topics
Chapter where
covered
LO1. Hierarchy of systems
LO1.1 Identify and explain the role of the core elements of an organisation’s
1
information infrastructure
LO1.2 Explain the hierarchy of systems 1
LO2. Database concepts
LO2.1 Illustrate the application of database concepts for accounting information 2
LO2.2 Explain the need for data collection and storage 2
LO2.3 Describe database systems and data storage models 2
LO2.4 Explain data modelling, design and implementation 2
LO2.5 Analyse controls for data and databases and their effectiveness 2
LO2.6 Identify and analyse the ethical issues related to data capture and storage 2
LO3. Data analysis tools
LO3.1 Identify and explain the role of application and data analysis tools 3
LO3.2 Illustrate the components of an enterprise-wide resource-management
system, highlighting the centralised database and workflow management 3
aspects of these systems
LO3.3 Analyse different types of productivity software 3
LO3.4 Describe data mining and its uses 3
LO4. Corporate networks
LO4.1 Identify and analyse the components of a corporate network 1
LO4.2 Illustrate typical corporate network configurations 1
LO4.3 Explain applications where client server and peer-to-peer architectures can
1
be used
LO4.4 Analyse control issues relating to the choice of network architecture 1
Introduction xi
Chapter where
covered
LO8. Distribution and reporting of accounting information
LO8.1 Explain the importance of ensuring accounting information is reported and
8
distributed appropriately
LO8.2 Compose a list of internal and external stakeholders 8
LO8.3 Explain the concepts of reliability and transparency 8
LO8.4 Distinguish between hard and soft accounting data 8
LO8.5 Describe and explain the use of XBRL (eXtensible Business Reporting
8
Language)
LO8.6 Analyse the reasons for the problems encountered in trials of XBRL
8
concerning the quality of externally reported accounting information
LO8.7 Describe the role of corporate regulators in relation to the distribution and
reporting of accounting information
LO8.8 Describe the key reasons for the growth of corporate watchdogs and
8
regulators
Topic exam weightings
1 Hierarchy of systems 6%
2 Database concepts 6%
3 Data analysis tools 8%
4 Corporate networks 10%
5 Design, configuration and operations of information systems 10%
6 Accounting information systems 20%
7 Information controls and processes 20%
8 Distribution and reporting of accounting information 20%
TOTAL 100%
Organisational information
infrastructure
Topic list
1
Introduction
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
1 What do we mean by an organisation's IT infrastructure? (Section 1.2)
2 Define the term 'organisational IT platform'. (Section 1.2)
3 A workstation: (Section 2.2)
A is often called a PC.
B is a powerful, high-end microcomputer.
C is small and lightweight enough to be carried around with the user.
D is a central processing unit.
4 In the context of information systems, what is a DSS? (Section 3.4)
5 Executive support systems (ESS) are information systems that support which of the (Section 3.2)
following?
A day-to-day processes of production.
B decision making and administrative activities of middle managers.
C long range planning activities of senior management.
D knowledge and data workers in an organisation.
6 The term used to describe the arrangement of computers in a network is topology. (Section 4.1)
Name two different Local Area Network (LAN) topologies and draw a diagram to
illustrate each one.
7 Distinguish between a client-server network and a peer-to-peer network. (Section 5.4)
8 What is a routing table? (Section 6.1)
9 Apart from the Internet, why is the client and server system normally easier to (Section 7.2)
secure than a peer-to-peer network?
Definition
An information infrastructure is defined as 'all of the people, processes, procedures, tools, facilities, and
technology which support the creation, use, transport, storage, and destruction of information'.
(Pironti, 2006)
s
m
te
s ys
n
re a t io
ct u r m
rt u fo Information Systems
s In
ra
nf i
on
ati ture
rm uc IT services
fo st r
In ra Data and security management
f
in
IT IT personnel
m
or Software and hardware
atf
pl Networks and communications
IT
Definition
The organisation's information technology (IT) infrastructure includes all the hardware, software,
databases, telecommunications, people and procedures that are configured to collect, manipulate, store and
process data resources into information products.
The Information Technology (IT) infrastructure can be separated into two layers: the IT platform and
IT services and data management
IT platform – refers to the hardware architecture and software framework (including application
frameworks), that allows software to run. (The terms 'platform' and 'environment' are used
interchangeably.) Typical platforms include a computer's architecture, operating system, programming
languages and program development system.
IT services – organisations require people to run and manage their IT infrastructure, including training
employees to use the technologies. Most organisations will have an information systems department to
perform at least part of this role; others may use external agencies or consultants to help in this task.
Service management ensures IT resources are aligned with business requirements, and allows the IT
department to appropriately identify points of flexibility and adaptability within the services they provide.
This ensures service issues and change requirements are handled efficiently and effectively.
The Service Desk is at the point in service management where people, process and technology blend to
deliver a business service. It provides the essential daily contact between customers, users, IT service and
any relevant third-party support organisation. The Service Desk not only handles incidents, problems and
questions but also provides an interface for other activities such as change requests, maintenance contracts,
software licenses, configuration management, availability management and financial management.
Definition
Data management comprises all the disciplines related to managing data as a valuable resource.
Organisations record and collect data (in databases) relating to transactions, inventory, employees,
customers and suppliers. This data must be organised and managed so it can be accessed and analysed for
operational purposes and informed management decision making.
Definition
An information system uses the resources of people, hardware, software, data, and networks to
perform input, processing, output, storage and control activities.
Control of system
Feedback Feedback
performance
Information systems
Globalisation challenge Understanding the business and system requirements of a global economic
environment and developing integrated multinational information systems to cope
with the restrictive trans-border dataflow legislation in many countries.
Information systems Can organisations determine the business value of information systems? This
investment challenge challenge focuses on how organisations can access and realise a return on their
investment in information systems.
Responsibility and control Can organisations design systems that people can control and understand and
challenge how can they ensure that their information systems are used in an ethically and
socially responsible manner? The potential for massive fraud, error, abuse, and
destruction is enormous. Systems must be designed so that they function as
intended.
LO
1.1 2 Role of core elements of information infrastructure
Section overview
• The organisation's information infrastructure consists of five major resources; people, hardware,
software, data and network resources.
An information system uses the resources of people, hardware, software, data and networks to perform
input, processing, output, storage and control activities that convert data resources into information
products. Data is first collected and converted to a form that is suitable for processing (input). Then the
data is manipulated and converted into information (processing), stored for future use (storage), or
communicated to the ultimate user (output) according to correct processing procedures (control).
Hardware resources include all the physical components (such as computers, peripherals,
telecommunications networks) and materials (such as paper, memory sticks and so forth) used in
information processing. The trend in the computer industry is to produce smaller, faster and more mobile
hardware.
Input devices include keyboards, mice, and document scanners with OCR (optical character recognition)
software. Banks may use voice response technology to allow consumers to access their balances and other
information with spoken commands.
Processing devices include computer chips that contain the central processing unit and main memory.
Advances in chip design allow faster speeds, less power consumption and larger storage capacity. A single
chip may have the power of a 1990s era supercomputer.
Output devices include printers, plotters, and computer screens. Mobile devices such as phones and
tablets are increasingly being used as output devices for corporate information. Touchscreens displaying
data in graphic form allow the data and files to be manipulated with the user’s fingers. Data can also be
written to CDs and DVDs.
Computers come in a variety of types designed for different purposes, with different capabilities and costs:
(a) Personal computers (PCs) are inexpensive general purpose computers widely used in homes and
businesses. Popular uses include word processing, surfing the web, sending and receiving e-mail,
spreadsheet calculations, database management, editing photographs and creating graphics.
(b) Workstations are more powerful computers, usually for technical or scientific applications, such as
complex graphics or intensive calculations. They are normally part of a network.
(c) Servers provide a service for many client computers (frequently PCs) over a network. They may
provide users with additional processing power, or file handling, or more specific facilities such as
ticketing or news.
Software consists of the computer programs that govern the operation of the computer. These programs
allow a computer to process payroll, send bills to customers and provide managers with information to
increase profits, reduce costs and provide better customer service. The two types of software are:
(a) System software, such as Windows 7, which controls basic computer operations including start-up
and printing, and
(b) Applications software, such as Microsoft Office, for specific tasks including word processing and
creating spreadsheets. Although most software can be installed from CDs, many of today's software
packages can be downloaded through the Internet. Sophisticated application software, such as Adobe
Creative Suite, can be used to design, develop, print and place professional-quality advertising,
brochures, posters, prints and videos on the Internet.
Question 3: Definition
An information system can be defined technically as a set of interrelated components that collect (or
retrieve), process, store and distribute information to support:
A decision making and control in an organisation.
B managers analysing the organisation's raw data.
C communications and data flow.
D the creation of new products and services.
(The answer is at the end of the chapter)
Definition
Data management is the development, execution and supervision of plans, policies, programs and
practices that control, protect, deliver and enhance the value of data and information assets.
Telecommunications networks like the Internet, intranets and extranets have become essential to the
successful electronic business and commerce operations of all types of organisations and their computer-
based information systems. Telecommunications networks consist of computers, communications
processors and other devices interconnected by communications media and controlled by communications
software. Network resources include:
• Communications media – such as twisted-pair wire, coaxial cable, fibre-optic cable and
microwave, cellular and satellite wireless systems.
• Network support – people, hardware, software and data resources that directly support the
operation and use of a communications network.
Local area networking is dominated by Microsoft Server, but strong growth of Linux challenges this
dominance. Enterprise networking comprises almost entirely Linux or UNIX. Cisco, Lucent, Nortel and
Juniper Networks continue to dominate networking hardware.
The telecommunications services market is highly dynamic; in Australia this sector is currently dominated
by the telecommunications provider, Telstra. Other telecommunications providers include Optus (owned
by Singapore Telecommunications), AAPT and Powertel (both owned by Telecom New Zealand), Soul (SP
Telemedia), Vodaphone Hutchison 3G (3 Mobile). The sector is in a state of rapid growth and technological
development, and subject to frequent changes of participants e.g. currently there is rapid growth of non-
telephone Wi-Fi and Wi-Max services and Internet telephony.
We discuss mobile technology in more detail in Section 5.
Management Middle
MIS and DSS Level Managers
Operational Operational
TPS Level Managers
There are six major types of information systems to serve the needs of each of the four levels of an
organisation.
LO
1.2
Organisation level Type of information system
Strategic Executive Information Systems (EIS) or Executive Support Systems (ESS)
Middle Decision Support Systems and Management Information Systems
Knowledge Knowledge Work Systems and office automation
Operational Transaction Processing System
Menus
Graphics
Communications
Local processing
EIS EIS
workstation workstation
Internal data External data
Management Information Systems generate information for monitoring performance (e.g. productivity
information) and maintaining co-ordination (e.g. between purchasing and accounts payable).
MIS extract, process and summarise data from the TPS and provide periodic (weekly, monthly, quarterly)
reports to managers.
Today MIS are becoming more flexible by providing access to information whenever needed, rather than
pre-specified reports on a periodic basis. Users can often generate more customised reports by selecting
subsets of data (such as listing the products with 2 per cent increase in sales over the past month), using
different sorting options (by sales region, by salesperson, by highest volume of sales) and different display
choices (graphical, tabular).
MIS have the following characteristics:
• Support structured decisions at operational and management control levels.
• Designed to report on existing operations.
• Have little analytical capability.
• Relatively inflexible.
• Have an internal focus.
Decision Support Systems (DSS), which are sometimes called Business Intelligence Systems, and
Management Information Systems (MIS) serve the middle management level. They are specifically designed
to help management make decisions in situations where there is uncertainty about the possible outcomes of
those decisions. DSS comprise tools and techniques to help gather relevant information and analyse the
options and alternatives. They often use complex spreadsheet and databases to create 'what-if' models.
Decision support systems are intended to provide a wide range of alternative information gathering and
analytical tools with a major emphasis upon flexibility and user-friendliness.
DSS have more analytical power than other systems enabling them to analyse and condense large volumes
of data into a form that helps managers make decisions. The objective is to allow the manager to consider a
number of alternatives and evaluate them under a variety of potential conditions.
DSS are user-friendly and highly interactive. Although they use data from the TPS and MIS, they also allow
the inclusion of new data, often from external sources, such as current share prices or prices of
competitors.
A DSS has three fundamental components:
1 Database management system (DBMS): Stores large amounts of data relevant to problems the
DSS has been designed to tackle.
2 Model-based management system (MBMS): Transforms data from the DBMS into information
that is useful in decision making.
3 Dialogue generation and management system (DGMS): Provides a user-friendly interface
between the system and the managers who do not have extensive computer training.
Knowledge Work Systems (KWS) support highly skilled knowledge workers in the creation and integration
of new knowledge into the company. Computer Aided Design (CAD) systems used by product designers
not only allow them to make modifications easily without having to redraw the entire object (just like word
processors for documents), but also enable them to test the product without having to build physical
prototypes. 3-D graphical simulation systems like GRASP (Graphical Robotics Applications Simulation
Package) are used by British Aerospace and Rolls Royce for evaluating and programming industrial robots.
Architects use CAD software to create, modify, evaluate and test their designs; such systems can generate
photo realistic pictures, simulating the lighting in rooms at different times of the day, perform calculations,
for instance on the amount of paint required. Surgeons use sophisticated CAD systems to design
operations.
Financial institutions are using knowledge work systems to support trading and portfolio management with
powerful high-end PCs. These allow managers to get instantaneous analysed results on huge amounts of
financial data and provide access to external databases.
OAS support the major activities performed in a typical office such as document management, facilitating
communication and managing data. Examples include:
• word processing, desktop publishing, and digital filing systems.
• e-mail, voice mail, videoconferencing, groupware, intranets, schedulers.
• spreadsheets, desktop databases.
Office Automation Systems (OAS) support general office work for handling and managing documents
and facilitating communication. Text and image processing systems evolved from word processors to
desktop publishing, enabling the creation of professional documents with graphics and special layout
features. Spreadsheets, presentation packages like PowerPoint, personal database systems and note-taking
systems (appointment book, notepad and card file) are part of OAS.
OAS create, handle and manage documents (through word processing and desktop publishing), manage
workflow and scheduling, help manage client portfolios and help with communication (through electronic
mail, electronic bulletin boards, voice mail and teleconferencing).
Definition
The term network is a general term used to describe any computing system that includes connected
computers.
A computer network is made up of a number of connected computers and other devices, for example a
number of connected PCs and printers. Networks are popular because they provide a number of users
with access to resources (e.g. data files, printers and software).
Definition
A centralised architecture can be defined as 'processing performed in one computer or in a cluster of
coupled computers in a single location'.
Centralised network architectures use a centralised file server to provide the majority of services to the
LO
4.2 workstations on the network. File and print services are easily the most popular but may be augmented
with communication, directory, backup and a number of other services.
High security installations may require that the PCs used do not have any CD drives, floppy drives or USB
ports. No email sites should be allowed on the workstations.
Centralised architectures could be based in a single location or spread over multiple locations. For example,
both a local area network (LAN) and a wide area network (WAN) could utilise a centralised architecture
(these terms are explained later in this section).
Advantages of centralised architectures include the following:
(a) There is one set of files. Everyone uses the same data and information.
(b) It gives better security/control over data and files and automatic back up. It is easier to enforce
standards and easier to support.
(c) Head office (where the computer is usually based) is able to control computing processes and
developments.
(d) An organisation might be able to afford a very large central computer, with extensive processing
capabilities that smaller 'local' computers could not carry out.
(e) There may be economies of scale available in purchasing computer equipment and supplies.
The main disadvantages of centralised architectures include the following:
(a) This type of system is not particularly flexible. Resources must be placed on the server to be shared.
For example, a file produced by one user must be transferred to the server before it can be made
available to other users.
(b) Local offices might experience processing delays or interruptions.
(c) Reliance on head office. Local offices rely on head office to provide information they need.
(d) If the central computer or cluster breaks down, or the software develops a fault, the entire system
goes out of operation.
Definition
Distributed architectures spread the processing power throughout the organisation at several different
locations. With modern distributed systems, the majority of processing power is held on numerous
personal computers (PCs) spread throughout the organisation.
An example of a distributed architecture, with a combination of stand-alone PCs and networks spread
throughout an organisation, is shown in the following diagram:
LO
4.2
Wikipedia defines cloud computing as the delivery of computing as a service rather than a product,
whereby shared resources, software, and information are provided to computers and other devices as a
utility (like the electricity grid) over a network (typically the Internet).
Cloud computing is essentially the management and provision of applications, information and data as a
service. These services are provided over the internet, often on a consumption-based model.
People who have an e-mail account with a Web-based e-mail service like Hotmail, Yahoo! Mail or Gmail will
have already used some form of cloud computing. Instead of running an e-mail program on your computer,
you log in to a Web e-mail account remotely. The software and storage for your account exists on the
service's computer cloud - not on your computer. Google is one of the most prominent companies offering
software as a free online service to billions of users across the world. The internet giant hosts a set of
online productivity tools and applications in the cloud such as email, word processing, calendars, photo
sharing, and website creation tools.
A cloud can be private or public. A public cloud sells services to anyone on the Internet. (Currently,
Amazon Web Services is the largest public cloud provider.) A private cloud is a proprietary network or a
data centre that supplies hosted services to a limited number of people. When a service provider uses
public cloud resources to create their private cloud, the result is called a virtual private cloud. Private or
public, the goal of cloud computing is to provide easy, scalable access to computing resources and IT
services.
A cloud service has three distinct characteristics that differentiate it from traditional hosting.
• It is sold on demand, typically by the minute or the hour. You pay for cloud services only when
you use them, either for the short term (for example, for CPU time) or for a longer duration (for
example, for cloud-based storage or vault services). Cloud computing involves shifting the bulk of
the costs from capital expenditures (or buying and installing servers, storage, networking, and
PC PC PC
Shared Database and
LO
4.2
Network
Server
Switch
Shared printer
PC PC
A Virtual Private Network (VPN) is a network technology which gives the owner the ability to share
information with others on the network by means of a private, exclusive link that is created by a method
other than hard-wires or leased lines; usually via the internet. Before the internet, computers in different
offices, cities or even countries could only talk to each other like people could - through telephone wires.
For computer A to talk to computer B, there had to be a physical wire connection. For security reasons,
you would want to make sure that only your two computers used that line, so you would contract with a
vendor to ‘lease’ that circuit. With the advent of the internet, connections no longer needed to be physical.
As long as each computer has access to the internet, information can be shared using local ISP circuits. This
is why the way VPN works is considered a ‘virtual’ network; the entire connection is not hard-wired.
(i) Authentication – validates that the data was sent from the sender.
(ii) Access control – limiting unauthorised users from accessing the network.
(iii) Confidentiality – preventing the data from being read or copied as it is being transported.
(iv) Data integrity – ensuring that the data has not been altered.
• Security - VPNs provide the highest level of security by using advanced encryption and authentication
protocols that protect data from unauthorised access. The data is not only encrypted, but it is
encapsulated, meaning it is sent in its own private ‘tunnel’ or connection across the internet. No one
can see the data, and even if they could, they could not decipher or change it.
• Cost savings - VPNs enable organisations to use the global Internet to connect remote offices and
remote users to the main corporate site, thus eliminating expensive dedicated WAN links.
• Scalability - because VPNs use the Internet infrastructure within ISPs and devices, it is easy to add
new users. Corporations are able to add large amounts of capacity without adding significant
infrastructure.
• Compatibility with broadband technology - VPN technology is supported by broadband service
providers such as Digital Subscriber Line (DSL) - a local telephone network - and cable, so mobile
workers and telecommuters can take advantage of their home high-speed Internet service to access
their corporate networks.
• Healthcare: enables the transferring of confidential patient information within the medical facilities
and health care provider
• Manufacturing: allow suppliers to view inventory and allow clients to purchase online safely
• Retail: able to securely transfer sales data or customer information between stores and the
headquarters
• Banking/Financial: enables account information to be transferred safely within departments and
branches
• General business: communication between remote employees can be securely exchanged.
While LAN, WAN and VPN are by far the most popular network types mentioned, you may also
commonly see references to the following:
(a) Wireless Local Area Network (WLAN) – a LAN based on WiFi wireless network technology
(b) Storage Area Network (SAN) – connects servers to data storage devices through a technology
like Fibre channel.
(c) System Area Network - links high-performance computers with high-speed connections in a
cluster configuration. Also known as Cluster Area Network.
(d) Client-server networks consist of two kinds of computer. The clients are usually computer
workstations sitting on the desks of employees in an organisation. The servers are usually more
powerful computers and are held in a central location or locations within an organisation. There are
several types of servers, for example file servers which store and distribute files and applications, and
print servers which control printers. Client/Server networks need client software which is installed
on the workstations and in addition, they also need server software such as Windows NT® Server
or Novell Netware®.
(e) Peer-to-peer networks have workstations connected to each other but do not have servers. Files
can be shared between workstations, and a printer connected to one workstation can be accessed
by another workstation. Peer-to peer networks are often much simpler to set up than client/server
networks. However, they lack some of the advantages normally associated with networks such as
centrally managed security and ease of backing up files.
5 Corporate networks
5.1 Definition
A corporate network is a combination of computer hardware, cabling, network devices, and computer
software owned by the same company and used together to allow computers to communicate with each
other. The purpose of the network is to provide easy access to information, thus increasing productivity for
LO users.
4.1
Many different types and locations of networks exist. You might use a network in your home or home
office to communicate via the Internet, to locate information, to place orders for merchandise, and to send
messages to friends. You might work in a small office that is set up with a network that connects other
computers and printers in the office. You might work in a large enterprise in which many computers,
printers, storage devices, and servers communicate and store information from many departments over
large geographic areas.
A corporate or main office is a site where everyone is connected via a network and where the bulk of
corporate information is located. A Corporate office can have hundreds or even thousands of people who
depend on network access to do their jobs. A main office might use several connected networks, which can
span many floors in an office building or cover a campus that contains several buildings.
A variety of remote access locations use networks to connect to the main office or to each other.
• Branch offices - in branch offices, smaller groups of people work and communicate with each other
via a network. Although some corporate information might be stored at a branch office, it is more
likely that branch offices have local network resources, such as printers, but must access information
directly from the main office.
• Home offices - when individuals work from home, the location is called a home office. Home office
workers often require on-demand connections to the main or branch offices to access information
or to use network resources such as file servers.
• Mobile users - connect to the main office network while at the main office, at the branch office, or
travelling. The network access needs of mobile users are based on where the mobile users are
located.
Corporate network components - all networks share many common components. The network is basically
sharing of information via network components. Some of the most essential network components are listed
here and we will analyse these individually later in this chapter:
• Applications
• Protocols
• Computers
• Network devices
• Media types
The Client-Server network model usually consists of one or more server computers that provide services
LO
4.3 to a number of workstation computers. Such services include: file handling, web access, email, printing, and
applications such as ticket reservations. An example of the Client-Server network model is the Internet.
On the Internet, the clients are computers with web browsers, which access web sites that are hosted on
servers.
A server is a host or central computer that is dedicated to managing the logistics of routing data,
information, and processing capacity among the clients on the system. In small networks, the server might
be a single PC. On larger networks, the server can be a group of computers or a mainframe.
Clients on a network are typically PCs or workstations on which users run applications. Clients rely on
servers for resources, such as files, devices, and sometimes processing power.
In the client-server diagram below, the client computers are separate and subordinate to the file server.
The primary applications and files used by each of the clients are stored in a common location on the file
server. File servers are often set up so that each user on the network has access to an individual directory,
along with a range of 'public' or shared directories where applications and data are stored. If the clients
want to communicate with each other, they must do so through the file server. A message from one client
to another client is first sent to the file server, where it is then routed to its destination by the server.
If clients need access to the Internet, say, this will usually be via the server and a broadband connection.
LO
4.2
The server may also allow access to the network from the Internet. Users with an Internet terminal
anywhere in the world, once a connection has been established and passwords verified, can access
programs or data on the network just as if they were seated at one of its local workstations.
Advantage Comment
Greater resilience Processing is spread over several computers. If one server breaks down, other
locations can carry on processing.
Scalability They are highly scalable – hardware can be added as required.
Shared programs and Program and data files held on a file server can be shared by all the PCs in the
data network. Data duplication is avoided.
Shared workloads Each PC in a network can do the same work.
If there were separate stand-alone PCs, A might do job 1, B might do job 2, C
might do job 3 and so on. In a network, any PC, (A, B or C) could do any job (1, 2
or 3). This provides flexibility in sharing workloads.
Shared peripherals Peripheral equipment can be shared. For example, in a LAN, five PCs might share a
single printer.
Communication LANs can be linked up to the office communications network. Electronic mail,
calendar and diary facilities can be used.
Compatibility Client-server systems are more likely than centralised systems to have Windows
interfaces, making it easier to move information between applications such as
spreadsheets and accounting systems.
Disadvantage Comment
Less powerful than large Mainframes are more suited to dealing with very large volumes of transactions.
mainframes
Control can be difficult It is easier to control and maintain a system centrally with a mainframe. In
particular, it is easier to keep data secure.
Client-server Peer-to-peer
(i) One PC on the network acts as the server or (i) Each PC is an equal.
controller.
(ii) The server controls network resources. (ii) PCs are not reliant on the server for access to
network resources.
(iii) Network access and security are controlled (iii) Can be set-up using standard PC operating system
centrally. software.
(iv) The server requires an operating system with (iv) Generally simpler and lower cost.
network capability.
Structure could be added to the system shown in the diagram above by making some of the nodes
responsible for routing data and allocating resources, and in a fully centralised P2P system the peers
interact with each other via a central server. Access to the server may be over the Internet.
The server may just function to connect two peers together, or supply additional resources or index and
keep track of the resources that the peers make available (usually files). Also, instead of building an index,
the server may just ask each of the peers if they have a particular resource that another peer wants (again,
usually a file), and, if there is a positive response, link the two peers together so that the file can be
transferred.
Such file transferring is widespread, and may infringe copyright, particularly with music and video files. In
business it can be useful for providing and accessing user guides and manuals or for a group collaborating on
a project - although for security any use of the Internet will normally be restricted to a VPN (Virtual Private
Network).
Case study
Intel uses P2P to streamline the distribution of computer-based training materials to employees. Rather
than have employees download huge multimedia files from a central server, it developed an application on
LO every desktop to reduce the network burden. When a user requests a course, the application searches for
4.3
it on local desktops, gradually widening the search until it finds the closest source.
Question 6: Technology
An arrangement of several computers connected together is called:
A client-server
B client
C computer network
D hub
(The answer is at the end of the chapter)
5.5.4 Security
The potential security concerns for P2P software can be categorised as follows:
• Denial of Service - every user of a P2P program is soaking up network bandwidth. If enough users
are transferring large files it can cause network resources to be tied up.
• Security Holes - e.g. Freely available software can allow users to ‘sniff’ for open ports on a peer
machine.
• Confidentiality - the P2P application is installed on a ‘trusted device’ that is allowed to communicate
through the organisation’s firewall with other P2P users. Once the connection is made from the
trusted device to the external Internet, attackers can gain remote access to the trusted device for
the purpose of stealing confidential corporate data, launching a Denial of Service attack or simply
gaining control of network resources.
• Malware - just as average users can freely distribute any files they choose, malicious users can freely
distribute Trojan horse applications and viruses.
• Information Gathering - disclosure of IP and MAC addresses, connection speed.
An article in the Scientific American reported that, in 2009, classified or sensitive files found on file-sharing
networks included: the Secret Service safe house location for the first lady, the Social Security numbers of
every master sergeant in the Army and the medical records of 24,000 patients of a Texas hospital.
5.5.5 Control
Unfortunately, because P2P networks are installed on local client machines and link directly to the Internet,
those client machines are wide open to abuse that is uncontrolled by standard information security
measures. P2P networking can circumvent an organisation’s security by providing decentralised security
administration, decentralised shared data storage, and a way to get round critical perimeter defences such
as firewalls.
Sharing is endorsed or repealed by each machine's user. Passwords can be assigned to each individual
shared resource whether it is a file, folder, drive or peripheral, again done by the user. Although this
solution is workable on small networks, it introduces the possibility that users may have to know and
remember the passwords assigned to every resource and then re-learn them if the user of a particular
machine decides to change them. Due to this flexibility and individual discretion, security can be a major
concern because users may give passwords to other unauthorised users, allowing them to access areas of
the network that the company does not permit. Furthermore, due to lack of centralisation, it is impossible
for users to know and remember what data lives on what machine, and there are no restrictions to prevent
them from over-writing files. This of course cripples attempts to organise proper backups.
Applications such as Kazaa have been popular with music-loving Internet users for several years, and many
users take advantage of their employers’ high-speed connections to download files at work. Over and above
the potential for productivity loss and the overload of network bandwidth with unauthorised file sharing
activities, P2P networks can:
• Enable the exchange of copyrighted material in a way that violates intellectual property laws.
• Allow an employee to share files in a manner that violates an organisation’s security policies. For
example, if instant messaging applications like those provided by AOL, Microsoft and Yahoo are used
to discuss sensitive information, an attacker can read all the messages that are sent back and forth
across the network or Internet by using a network-monitoring program.
• Allow bundled adware applications to be installed on the network without the user's knowledge.
Definition
An Intranet is an internal or private network of an organisation based on Internet technology (such as
hypertext and TCP/IP protocols) and accessed over the Internet. An intranet is meant for the exclusive use
of the organisation and is protected from unauthorised access with security systems such as firewalls.
Intranets provide services such as email, data storage, and search and retrieval functions, and are employed
in disseminating policy manuals and internal directories for the employees, price and product information
for the customers, and requirements and specifications for the suppliers. Some intranets are confined to a
building whereas others span continents.
An intranet is used to disseminate and exchange information 'in-house' within an organisation. A firewall
is a security device that effectively isolates the sensitive parts of an organisation's system from those areas
available to external users. It examines all requests and messages entering and exiting the Intranet and
blocks any not conforming to specified criteria.
The idea behind an intranet is that companies set up their own mini version of the Internet. Each employee
has a browser, used to access a server computer that holds corporate information on a wide variety of
topics, and in some cases also offers access to the Internet.
Intranets are used for the following:
(a) Performance data: linked to sales, inventory, job progress and other database and reporting systems,
enabling employees to process and analyse data to fulfil their work objectives.
(b) Employment information: on-line policy and procedures manuals (health and safety, disciplinary and
grievance), training and induction material, internal contacts for help and information.
(c) Employee support/information: advice on first aid, healthy working at computer terminals, training
courses offered and resources held in the corporate library and so on.
(d) Notice boards for the posting of messages to and from employees: notice of meetings, events and
trade union activities.
(e) Departmental home pages: information and news about each department's personnel and activities
to aid identification and cross-functional understanding.
(f) Bulletins or newsletters: details of product launches and marketing campaigns, staff moves, changes in
company policy – or whatever might be communicated through the print equivalent, plus links to
relevant databases or departmental home pages.
(g) E-mail facilities for the exchange of messages, memos and reports between employees in different
locations.
(h) Upward communication: suggestion schemes, feedback questionnaires.
(i) Individual personnel files, to which employees can download training materials, references,
certificates and appraisals.
Definition
An extranet is a private network that uses Internet technology and the public telecommunication system
to securely share part of a business's information or operations with suppliers, vendors, partners,
customers, or other businesses. An extranet can be viewed as part of a company's intranet that is extended
to users outside the company.
Catalogue
Catalogue Wiring
Wiring hub
hub
database
database
Router
Router
Internet
Internet
Router
Router
Mainframe
Mainframe
Firewall
Firewall
Customer
CustomerIntranet
Intranet
Customer
Customer
purchase
purchase order
order
service
service
Drawbacks
PDAs that have keyboards can be small and so can be difficult to use. It is possible to get around this by
choosing one with a stylus, which can be quicker than typing or using a touch screen. The larger size tablet
is more comfortable for users, similar to working on a laptop or desktop PC. It has the capability to be
used in a docking station so that it can be used with a mouse and keyboard and the screen size is easy to
read.
Laptops, netbooks and PDAs have security issues – e.g they are easy to steal or lose. When using mobile
devices it is important to ensure that employees are aware of their responsibilities and the need to keep
both mobile devices and business information secure. If using public WiFi to access the Internet, it may not
always be possible to find a secure and available network. This may prevent access to business information
when required.
There are costs involved in setting up the equipment and training required to make use of mobile devices.
Mobile IT devices can expose valuable data to unauthorised people if the proper precautions are not taken
to ensure that the devices, and the data they can access, are kept safe.
Definition
M-commerce and m-business is any e-commerce or e-business activities performed in a wireless
environment. It is not merely a variation on existing Internet services; it is a natural extension of e-business
creating new opportunities.
Wireless
transmission
Mobile
network Fixed telephone
infrastructure
Mobile Mobile
phone phone
(terminal)
This section will give you an overview of the main components of a corporate network.
The basic components of a network, which act as the front-line gatekeepers, are the router, the firewall,
and the switch. These core components use an Intrusion Detection System (IDS) to look out for possible
malicious attacks on the network, as shown in the diagram below.
6.2 Repeaters
All signals fade as they travel from one place to another.
Each type of network cable has a maximum useable length. If you go beyond that length, the signal will be
too weak to be useful.
Of course, computers on a real network can easily be more than 200 metres apart. Therefore, the network
LO cable is split up into segments. Each segment is less than the maximum length allowed. Joining the segments
4.1 together is a device known as a repeater. A repeater boosts the signal back to its correct level.
Smaller distorted
Clean signal signal
Repeater
6.4 Hubs
There are many network topologies available: the star and tree use a hub but the bus and ring do not use
one. To allow the Star and Tree network topologies to work properly, each computer must be able to send
data packets to any other computer on the network.
The network Hub allows computers to share data packets within a network.
Each computer will be connected to a single port on the hub. So if you purchase an 8-port hub, you will be
able to connect up to eight computers together.
You can also daisy chain hubs to allow even more computers to join the network.
Typical network (below) making use of a hub:
LO
4.2
The availability of low-priced network switches has largely rendered hubs obsolete but they are still seen in
older installations and more specialised applications.
6.5 Switches
Switches perform the same job as hubs, but with slightly more intelligence. They can examine each data
packet, and send it to just the recipient, reducing the traffic, and so increasing the network performance.
You can easily configure a switch by sending specially formatted packets to it.
Switches can be managed or unmanaged. Unmanaged switches are the least expensive and are usually found
in home or small business networks. They have no user interface for reconfiguration. Managed switches can
be smart (or intelligent) and allow basic reconfiguration of speeds and port settings, or fully managed
(the most expensive) with many options which can be changed, usually from the central control location for
the whole network. In the event of failure or overload in part of the network, managed switches can be
used to route traffic through alternative paths.
Definition
A network protocol is the agreed method of communication to be used within the network. Each device
or computer will use this protocol.
Network Interface Data Link layer – supports error free organisation and transmission of data in
the network
Physical layer – provides physical access to the telecommunications media in
Physical layer the network
6.7 Gateway
There are many different network protocols in use today. For example, the large Internet company called
AOL has its own special email protocol.
A gateway converts the data passing between dissimilar networks so that each side can communicate with
each other i.e. converts data into the correct network protocol.
The gateway is a mixture of hardware components and software. This is unlike a standard 'bridge' which
simply joins two networks together that share the same protocol.
6.9 Servers
In some small networks, every machine is equally likely to have a resource that another machine needs to
use. For example a small home network may be set up like this:
There are files stored on each computer. One machine is linked to the scanner, whilst another is linked to a
printer. The game machine is linked to the Internet, which all three machines can use.
This is fine for small networks as the number of requests to use a resource is not going to be too high.
But now imagine there are a dozen computers on the network and each one needs to print out a document
every few minutes. The machine that is connected to the printer is going to be tied up most of the time.
In this case it makes sense to allocate a machine exclusively to service printer requests. This machine is
called a printer server.
A similar situation is likely to arise with files and the database so a dedicated file server and database server
might be required.
A server is any machine that provides a service for other users on the network. Common services include:
(a) Email server.
(b) Internet Proxy server – a proxy server is an intermediary between the clients and the server which
checks that requests and responses are from legitimate sources. It can be a physical device (such as a
PC) or software.
(c) Intranet server.
The email server will provide all the usual facilities such as address books, spam filtering and so on.
Quite often, staff want to use the same web site over and over again. The Internet Proxy server will store a
local copy of often-used web pages to speed up access and to reduce bandwidth consumption (which costs
money).
Many companies run their own private internal web services. This is called an intranet and is run from the
intranet server.
6.10 Modems
A modem converts the digital data from the computer into a continuous analogue wave form that the
telephone system is designed to deal with (MODulation). The reason for this is that the telephone system
was originally designed for the human voice i.e. continuous signals. The modem also converts the analogue
signal from the telephone network back into digital data that the computer can understand. (DEModulation).
WiFi modems – In addition to telephone modems, radio has now become very popular as a means of
connecting to the Internet. The device that allows you to do this is called the WiFi modem. Some routers
also provide WiFi access.
6.11.1 Electrical
LO A multi-wired cable with a socket at each end is used to connect the various devices together e.g.
4.1 computer to hub, hub to switch or switch to router and so forth.
The Ethernet network cable transfers data by means of electrical signals. A typical network cable called 'Cat
5' is used which is especially designed to carry the signal efficiently.
Microwaves are just a small part of the radio spectrum, but because they are so widely used, they tend to
be called by their own name.
Data is sent out through aerials mounted on tall towers. The 'cable' is effectively the microwave link
between towers. Some large companies use microwave towers spread along hilltops to allow one office to
communicate with others in the same country. They do this because it is cheaper than renting telephone
lines for carrying the same amount of data.
On a much smaller scale, laptops can communicate with the local area network with radio links.
6.11.3 Infra-Red
This is a very familiar method of transferring data. The television remote control makes use of an infra-red
link.
PDA and personal organisers often make use of an infra-red link to synchronise calendars and 'to-do' lists.
Computer networks are able to store vast amounts of data. All networks have potential for unauthorised
access and misuse at any network access point.
Generally, centralised networks are easier to control as data is held in a single location and communication
channels are more easily monitored.
Software
(operating system)
• User errors Hardware
• Unauthorised • Message • Hacking
access alteration • Viruses and worms • Altering, stealing
• Theft and and copying data
• Viruses and • Theft and fraud
worms fraud • Denial of service attacks
• Hardware failure
• Spyware • Sniffing • Vandalism
• Software failure
If a network is open to the Internet, there is a balance to be struck between being so restrictive as to
prevent genuine users from accessing the system, and being too lax and allowing malicious data packets to
enter.
Genuine users, and in particular users within the company who may be inside a firewall (see Section 6.8),
should be educated to detect possible Trojans (Internet pages that mimic, say, a banking site, and attempt
1 Hardware means the various …………… components which comprise a computer system.
What word is missing from the statement above?
2 Which of the following is not one of the three major classes of information systems?
A decision support system
B collaboration system
C management information system
D transaction processing system
3 Drawing on diverse yet predictable data resources to aggregate and summarise data is characteristic
of
A web 2.0.
B decision support systems.
C expert systems.
D transaction processing systems.
4 An information system that provides information that helps senior management with long-term
planning operates at what level of the organisation?
A operational
B knowledge
C management
D strategic
5 …………… workers are people whose jobs consist primarily of creating new information or
knowledge.
What word is missing from the statement above?
6 Centralised networks are generally easier to control and keep secure than decentralised or
distributed networks. Is this statement true or false?
A true
B false
7 In a P2P network, each PC is considered an equal. Is this statement true or false?
A true
B false
8 A small company is installing a computer network. Employees are to be issued with a handbook to
help them to understand the networking terms. Provide a brief explanation of the following terms
for the handbook.
(a) Local Area Network and Wide Area Network
(b) Client-server and peer-to-peer
1 Hardware means the various physical components which comprise a computer system, as opposed
to the non-tangible software elements.
2 B You should have identified 'collaboration system' as being outside the three major classes of
information system.
3 B Drawing on diverse yet predictable data resources to aggregate and summarise data is
characteristic of decision support systems.
4 D If an information system that provides information that helps senior management with long-
term planning it is operating at the strategic level.
5 Knowledge workers are people whose jobs consist primarily of creating new information or
knowledge.
6 The statement is True. Centralised networks are generally easier to control and keep secure than
decentralised or distributed networks.
7 The statement is True. In a P2P network, each PC is considered an equal.
8 A local area network connects devices over a relatively short distance.
A wide area network spans a relatively large geographical area.
A client-server network is a configuration in which desktop PCs are regarded as clients that request
access to services on a more powerful server.
Peer-to-peer computing is a form of distributed processing that links computers via the Internet or
private networks so they can share processing tasks.
1 The correct answer is B information technology. This is the term used to refer to all of the
computer-based information systems used by organisations, and their underlying technologies.
2 The role of an organisation's operations support systems is to:
• effectively process business transactions.
• control industrial processes.
• support enterprise communications and collaboration.
• update corporate databases.
The systems which support the operations include:
• Transaction Processing Systems (TPS).
• Process control systems (PCS).
• Enterprise collaboration systems – information systems that use a variety of information
technologies to help people work together.
Management support systems (MSS) include:
• Management Information Systems (MIS).
• Decision Support Systems (DSS).
• Executive Information Systems (EIS)
3 The correct answer is A. An information system can be defined technically as a set of interrelated
components that collect (or retrieve), process, store and distribute information to support decision
– making and control in an organisation.
4 Decision support systems (DSS) are often referred to as D business intelligence systems.
5 The correct answer is A. Decision support systems. DSS have more analytical power than other
systems enabling them to analyse and condense large volumes of data into a form that helps
managers make decisions.
6 The correct answer is C. Several computers connected together is called a computer network.
7 An intranet is an Internet-like network within an organisation. It is usually less expensive than
proprietary groupware software.
Intranet environments include a combination of the organisation's own networked computers and
Internet technologies e.g. web-browsers to view internal web pages. Each employee will have a
browser to access a server, which holds corporate information.
The main difference between an intranet and the Web is that while the Web is open to anyone, the
intranet is private and is protected from public visits by firewalls.
The intranet provides:
• a universal e-mail system.
• a set of collaborative tools.
• an electronic library.
• an application sharing system.
• a company communications network.
It can be used for:
• company newspapers.
• induction material.
• on-line procedure and policy manuals.
• employee web pages.
• internal databases.
Database concepts
Topic list
53
Introduction
In this chapter we consider the role played by data and databases within an organisation.
Data feeds an organisation's information systems. There is no point investing heavily in high quality
information systems unless the data that feeds them is of an equally high standard – accurate, appropriate
and up-to-date.
Most systems utilise databases in some way. In this chapter we explain how data and databases are
structured and how they should be managed.
Later in the chapter we consider the role of databases in relation to Accounting Information Systems (AIS)
and explore some of the ethical questions raised by the vast amounts of data held in computerised
databases today.
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
1 List five reasons why an organisation would collect and store data. (Section 1)
2 Identify three internal and three external sources of data or information. (Section 2)
3 What is a database record? (Section 3)
4 Define the term 'database system'. (Section 4)
5 List the four main database storage models. (Section 5)
6 What does an Entity Relationship Model show? (Section 6)
7 What are the main steps involved when implementing a database? (Section 7)
8 Explain how databases are used in Accounting Information Systems (AIS). (Section 8)
9 Explain how encryption could help maintain database confidentiality. (Section 9)
10 Discuss how databases may present a threat to privacy. (Section 9)
2: Database concepts 55
LO
2.2
1 Data collection and storage
Section overview
• We start this chapter by considering why organisations need to collect and store data.
Reasons include:
– To record transactions.
– For planning purposes.
– To facilitate control.
– To enable performance to be measured.
– To facilitate decision-making.
Definitions
Data are the raw material for data processing. Data consists of numbers, letters and symbols and relates to
facts, events, and transactions.
Information is data that have been processed in such a way as to be meaningful to the person who
receives it.
Some of the main reasons organisations collect and store data are explained in the following paragraphs.
1.2 Planning
Organisations make decisions on a day-to-day basis. Once decisions are made, it is necessary to plan how
to implement the steps necessary to make them effective. Planning requires data and information relating to
available resources, possible time-scales for implementation and the likely outcome under alternative
scenarios. Data feeds information systems that provide planning tools.
1.3 Controlling
Once a plan is implemented, data is required to assess whether it is proceeding as expected or
whether there is some unexpected deviation from the plan. It may consequently be necessary to take some
form of corrective action. Data captured by information systems can be used to monitor and control the
outcomes of plans.
Data and information collected and then utilised by information systems comes from both inside and
outside the organisation.
2.1.4 Timesheets
Many service businesses, notably accountants and solicitors, need to keep detailed records of the time
spent on various activities, both to justify fees to clients and to assess the efficiency and profitability of
operations.
2: Database concepts 57
Factor Comment
Political/legal National or local politics may affect how an organisation operates. Changes in legislation may
put new responsibilities or liabilities on an organisation.
Economic Economic factors affect an organisation's finances such as the availability of loans or sales levels.
Social Society's views may put pressure on how the organisation is run, for example pressure to
reduce environmental pollution.
Technological Technological advances may affect an organisation's production and/or management processes.
Technology may also allow the development of new products and services which were not
previously possible.
Other areas an organisation may require external data and information on include:
(a) Competitors – how successful are they, are they developing new products?
(b) Customers – what are their needs, how large is the potential market, are there any new market
segments?
(c) Suppliers – what are their prices, what is the quality of their products like, are there any new
potential suppliers in the market?
Capturing data from outside the organisation might be entrusted to particular individuals, or might be
'informal'.
Routine formal collection of data from outside sources includes the following:
(a) A company's tax specialists will be expected to gather information about changes in tax law and
how this will affect the company.
(b) Obtaining information about any new legislation on health and safety at work, or employment
regulations.
(c) Research and development (R & D) work often relies on information about other R & D work
being done by another company or by government institutions.
(d) Marketing managers need to know about the opinions and buying attitudes of potential
customers. To obtain this information, they might carry out market research exercises.
Informal gathering of information from the environment goes on all the time, consciously or
unconsciously, because the employees of an organisation learn what is going on in the world around
them – perhaps from newspapers, television reports, meetings with business associates or the trade press.
Exam comments
Exam questions could test your understanding of why data collection and storage is important.
LO
2.3 3 The data hierarchy
Section overview
• The way in which computer data is stored can be viewed as a hierarchy as follows: bit, byte, data
field, field, record, file and database.
3.1.1 Bit
The smallest item of computer storage is referred to as a bit.
3.1.4 Record
At the fourth level, data fields combine to form a complete record. A database record stores all the
information about one file entity, for example one employee in a payroll file.
Record structure
The data fields in each record are referred to collectively as the record structure. In many accounting
applications, this structure is fixed, meaning that each record contains the same number, same type, and
same-sized data fields as every other record on the file. This would probably be the case for payroll
records.
In other applications, either the number of data fields in each record might vary, or the size of a given data
field in each record might vary. For example, in a file of customer complaints, the memo field in each record
might vary in length to accommodate different-sized descriptions of customer problems.
Primary key or key field
The primary key is the data field in each record that enables a database system to uniquely distinguish one
record from another. In a payroll record, the primary key might be the employee's tax file number. Other
organisations may allocate each employee a unique employee number and use this as the key field. The
primary key enables users and computer programs to find a specific record.
It is possible to search a database using data fields which are not unique across records, for example a
payroll file could be searched by surname.
2: Database concepts 59
Data fields from a payroll record
Employee
number First Tax file Hourly
(key field) Surname name number Start date Dept rated? Rate
E01046 Walsh Barry NR123456 Z 01/01/2010 M Y $22.50
3.1.6 Database
Finally, at the highest level, several tables or files create a database, for example a collection of files that
contain all the information for an accounting application. In an inventory module, for example, this database
might contain a part-number master table, a supplier table, a price table and an order transaction table.
LO
2.3 4 Databases and database systems
Section overview
• The term 'database system' is used to describe a wide range of systems that utilise a central
pool of data.
Definitions
A database is a collection of data organised to service many applications. The database provides
convenient access to data for a wide variety of users and user needs.
A database management system (DBMS) is the software that centralises data and manages access to
the database. It is a system which allows numerous applications to extract the data they need without the
need for separate files.
The only required elements for something to qualify as a database are that it should contain data and that it
should have a logical structure to allow easy access to that data. Some tasks can be carried out using either
a spreadsheet or a database package e.g., simple cash flows could be kept on either. However, there are
differences between the two types of package.
Spreadsheets provide a more flexible working environment that is not limited in its structure. They are
particularly good at handling numerical data and calculating results, and so are appropriate for many financial
applications.
Database systems have sophisticated data retrieval and reporting facilities that are not normally found in
spreadsheets. They are more appropriate for conventional record-keeping tasks where the main
requirement is to retrieve information and produce transaction documents and reports.
Database systems have sophisticated data retrieval and reporting facilities that are not normally found in
spreadsheets. They are more appropriate for conventional record-keeping tasks where the main
requirement is to retrieve information and produce transaction documents and reports. The term 'database
system' is used to describe a wide range of systems that use a central pool of data. However, not every
collection of data is a database; the term database implies that the data is managed to some level of quality
(measured in terms of accuracy, availability, usability, and resilience) and this in turn often implies the use of
a Database Management System (DBMS).
Input data
Database
management Database
system
Application
programs
Branch and
Sales application Staff payroll Other
personnel
statistics etc analysis, etc. applications
statistics, etc.
2: Database concepts 61
4.2 The characteristics of a database system
The way in which data is held on a system affects the ease with which the data is able to be accessed and
manipulated. A database system has the following characteristics:
(a) Shared. Different users are able to access the same data for their own processing applications. This
removes the need to hold the same data in different files.
(b) Controls to preserve the integrity of the database.
(c) Flexibility. The database system should provide for the needs of different users, who each have
their own processing requirements and data access methods. The database should be capable of
evolving to meet future needs.
(a) Avoidance of unnecessary duplication of data (data redundancy). The same information is held
only once, leading to reduced storage space and
(b) Less processing. If a piece of data changes, it has to be updated only once as it is recorded only once.
(c) Data independence; the database does not have to be altered if programs using it are changed. The
database management system handles the changes.
(d) Data is looked upon as serving the organisation as a whole, not just for individual departments.
The database concept encourages management to regard data as a resource that must be properly
managed.
(e) Greater formality over security and control of access.
(f) The installation of a database system encourages management to analyse data, relationships
between data items, and how data is used in different applications.
(g) Consistency – because data is only held once, the possibility of departments holding conflicting data
on the same subject is reduced.
(h) Data on file is independent of the user programs that access the data. This allows greater
flexibility in the ways that data can be used. New programs can be easily introduced to make use of
existing data in a different way.
(i) If all data concerning each entity is in one place, more useful and faster processing will be possible.
(j) Developing new application programs with a database system is easier because the programmer
is not responsible for the file organisation.
Professions such as law and accountancy have a codified set of ethics its practitioners are expected to
honour. Violations are dealt with in the harshest possible terms, and even minor lapses can result in
significant penalties. No such codification exists for Information Systems (IS) and technology (IT)
professionals. They generally abide by personal codes of conduct and are essentially self-policing.
The technology environment is becoming ever more challenging. Areas such as data access and capture,
processing speed, tracking and monitoring and job redesign are just a few examples of IT capabilities with
ethical considerations. Electronic databases enable organisations to capture and store vast amounts of data
about individuals and other organisations. Information can be retrieved and manipulated cheaply, quickly and
easily.
Some ethical issues associated with electronic databases such as privacy, unauthorised data linking,
propagation of errors and responsibility for correction and sharing and profiling are discussed below.
4.5.1 Privacy
Databases often contain data that should be kept confidential, 'sensitive data'. For example, a database that
supports the processing of on-line transactions would hold customer names, addresses and credit card
numbers. A payroll database includes employee salary details; a medical database holds patients' medical
histories. Most countries have data protection legislation designed to protect individuals from unauthorised
disclosure and distribution of this type of data, for example the Privacy Act in Australia and the Data
Protection Act in the UK.
Living in a free society, we can do business with any organisation as we see fit and when conditions change,
we are free to take our business elsewhere. Let us say a person has a car insurance policy with Beta
Indemnity, and over the course of time has numerous accidents and files a series of claims. The person then
applies for a new policy with Midtown Mutual. Does Beta have an ethical obligation to supply information to
Midtown that might affect its decision on the conditions for that policy? If not, and if our ability-impaired
driver has a serious accident, does Beta bear any responsibility for withholding information that might have
prevented new insurance, and possibly even the license to drive, from being issued? Without technological
advances in processing high data volumes, enabling data about consumers to be easily shared among
organisations, it would be difficult if not impossible to build up a comprehensive ‘life file’ about anyone.
Does the fact that technology enables this to happen necessarily mean it should?
Prior to the advent of technology enabling mass capture, storage, and processing of data, maintaining the
security of that data and ensuring it was not misused was relatively easy. Critical and confidential data was
kept on paper, in locked files, in a secure file room, with access that was controlled by a responsible
person. Today, we have terabyte-sized databases that are tabulated and cross-referenced with others to
provide all sorts of information about us to all sorts of people. As individuals, we have little or no control
over that data. When you apply for a car loan your personal financial data is legitimately provided by the
credit reporting agencies to enable your lender to make an appropriate financial decision as to whether you
are a good risk. The lending institution subsequently uses that data to market products to you. That was
not the original intention of the transaction by which the data was supplied, but there is nothing inherently
illegal about it. However, is it ethical for that organisation to use an asset to which it wouldn't ordinarily
have had access and in an entirely different manner than what was agreed by the two parties to begin with?
Does this constitute an invasion of your privacy?
2: Database concepts 63
can be rearranged for different uses and shared easily. The bigger the mosaic and the greater the number of
users, the greater the risk of misuse of information.
For example, every time you use a debit or credit card, make an online purchase, access an ATM, or
complete virtually any financial transaction, a significant amount of data about you and your activity is
recorded. In the simplest application, companies use that data to issue bills, record payments, or update
portfolios. This is basic recordkeeping. However, technology has enabled more sophisticated uses of that
data.
As just one example, data mining using segmentation analysis can swiftly analyse buying patterns and
‘suggest’ additional purchases on the basis of the product you are trying to buy. Is this an ethical use of data?
The information being used is all about you, but it was collected by the company with which you were
doing business. Is it your data or theirs? If it is their data, do you have the right to tell them how to use it?
Not too many of us would have much of a problem with technology enabling the bank to quickly and
accurately apply interest to our accounts, but do we have the same attitude when that same bank uses that
data for marketing purposes?
4.5.4 Profiling
Databases enable people and organisations to identify individuals with certain characteristics. For example, a
family holiday supplier may target people living in certain postcodes who have two or more children. Some
people find this type of targeted, unrequested marketing attention annoying.
Profiling has also been used by government agencies, such as airport authorities and the police, to identify
'suspects'. For example, utility records have been used to identify people who use unusual amounts of water
and electricity as possible illegal drug producers. Many innocent individuals have been investigated on the
basis of this type of profiling.
Airlines can collect and cross-reference an enormous amount of data on travellers. Patterns can emerge
that could allow them to draw conclusions identifying individuals as possible security risks. Is this profiling,
and if so, is it ethically challenged? If airlines do not do this and someone who could have been stopped at
the gate boards a flight and hijacks the plane, is the airline ethically responsible for its own inaction?
Exam comments
Ethical concerns relating to data capture and storage are topical and therefore likely to be tested in your
exam.
Case studies
Some of the US's largest databases are truly vast. The US Internal Revenue Service (IRS) maintains records
on over 75 million taxpayers. Ford Motor Company maintains a customer database of 50 million records.
Citicorp uses a database of 30 million records.
Section overview
• There are four main types of database storage models – hierarchical, network, relational and
object-oriented.
A data storage model is a specification describing how a database is structured and used. There are many
options for defining a database and storing the application's data. Because a database consists of data in
many files there must be some kind of structure or organisation of data to be able to access data from one
or more files easily. Among the most popular structures are hierarchical, network and relational data
storage technologies. These types of data storage differ not only in the way they physically manage the
storage and retrieval of data, but also in the conceptual models they present to the user and programmer.
In recent years, the relational database has generally become the de facto standard for database storage.
This is due both to the usability of the relational model itself, and because it provides a standard interface
called Structured Query Language (SQL) that allows many different database tools and products to work
together in a consistent and understandable way. Additionally, a relational database typically provides
mechanisms for handling referential integrity, data validation, and a host of administrative processes to set
up and maintain the application's data.
Hierarchical structures are appropriate when systems must handle large numbers of routine requests for
information e.g. an airline reservation system. The hierarchical nature of the model makes it unsuitable for
situations involving 'many-to-many' relationships.
2: Database concepts 65
Returning to our part sales example, a network model is shown below:
Data from these tables can be extracted and or linked provided that any two share a common data
element. For example, the customer code could be used to link the Customer table with the Order table.
Once the link has been established between two or more tables a query can permit any combination of the
data from the tables to be viewed.
These views are obtained by using enquiry tools such as Structured Query Language (SQL). This permits an
application to create a unique data set (record) from a common set of data (database) in a fashion that
meets the application requirements. The two main benefits of a relational database are quick access to data
and the easily implemented data integrity.
Exam comments
Exam questions could test your knowledge and understanding of the different data storage models.
LO
2.4 6 Data modelling and design
Section overview
• An Entity Relationship Model (ERM) may be used to establish and model the logical data
requirements of a system.
To ensure data is able to be used effectively, databases must be designed effectively and the data organised
efficiently. There are several modelling techniques available to help plan and design a database.
2: Database concepts 67
6.1.2 One-to-many relationship (1:M)
For example, the relationship employs also exists between company and director. The company employs
more than one director.
When analysing relationships the correct classification is important. If the one-to-many relationship
customer order contains part numbers is incorrectly described as one-to-one, a system designed on the
basis of this ERM might allow an order to be entered with one item and one item only.
Entity life histories identify the various states in which an entity can legitimately be. It is really the functions
and events which cause the state of the entity to change that are being analysed, rather than the entity itself.
The following notation rules are used for Entity life histories:
(a) Three symbols are used. The main one is a rectangular box. Within this may be placed an asterisk or
a small circle, as explained below.
(b) At the top level the first box (the 'root node') shows the entity itself.
(c) At lower levels the boxes represent events that affect the life of the entity.
(d) The second level is most commonly some form of 'create, amend, delete', as explained earlier (or
birth, life, death if you prefer). The boxes are read in sequence from top to bottom and left to
right.
(e) If an event may affect an entity many times (iteration) this is shown by an asterisk in the top right
hand corner of the box. A customer account, for example, will be updated many times.
(f) If events are alternatives (selection) – for example, accept large order or reject large order – a
small circle is placed in the top right hand corner.
2: Database concepts 69
Note the three types of process logic referred to above:
• Sequence.
• Iteration (or repetition).
• Selection.
o o
LO
2.4 7 Database implementation
Section overview
• Database implementation should be formally planned and managed to ensure the database is
fit for purpose.
Implementing a database requires formal planning. Many of the steps involved are similar to other systems
implementation projects covered elsewhere in this Study Manual (Chapter 4).
The general systems development and implementation information provided in Chapter 4 can be applied to
many of the steps listed below.
Step 1: Define the scope of the project and the proposed database
• Identify the groups and functions within the organisation that will be served by the database.
• Identify the existing applications that will be converted to the database system.
• Prepare project proposal and obtain management approval.
Step 6: Training
• Establish training requirements and the training schedule.
• Train programmers and the DBA.
Question 1: DBMS
What is a database management system (DBMS)?
(The answer is at the end of the chapter)
2: Database concepts 71
LO
2.1 8 Databases and Accounting Information Systems
(AIS)
Section overview
• Accounting Information Systems (AIS) apply database concepts and techniques to produce
meaningful accounting information.
Definition
An Accounting Information System (AIS) is a collection of data and processing procedures that
records and creates accounting related information.
Accounting Information Systems use databases in a number of ways. For example, the accounts receivable
ledger stores customer data, the accounts payable ledger stores information about suppliers, and payroll
holds information about employees.
An AIS collects, records, stores, and manipulates financial data, and converts this data into meaningful
information for financial reporting and management decision making.
Throughout this chapter we have illustrated how database concepts apply to AIS – for example, payroll.
Controls are required to protect the security and integrity of data held in databases.
As databases are held within an organisation's information infrastructure, security controls that protect an
organisation's information systems as a whole also provide protection to databases. Controls more relevant
to all aspects of an organisation's information systems are covered in Chapter 6. In this chapter section we
focus on controls most relevant to database security.
LO
2.5
9.1 Database security and controls
Many databases maintained by organisations contain sensitive data, for example credit card details. There
have been cases in recent years where sensitive data has been lost or compromised, through either hacking,
theft or carelessness, for example leaving a laptop containing sensitive data on a train.
Definitions
Database security aims to protect the confidentiality, integrity and availability of data held in the database.
Database integrity relates to data accuracy and consistency within the database.
We will now look at some specific control measures intended to protect the database.
2: Database concepts 73
9.1.7 Database activity logs and Database Activity Monitoring (DAM)
Most Database Management Systems (DBMS) include some monitoring capability that provide an audit trail
(a log) detailing database activity by user. The log can be examined for unusual activities, usually through
some automated process.
Audit trails are the last line of database defence as they detect the existence of a potential violation rather
than preventing it.
Some organisations use an additional tool, Database Activity Monitoring (DAM) software. DAM tools sit
outside the database and monitor activity 'live'. The DAM software alerts the database administrator of any
activity considered potentially suspicious, rather than relying upon subsequent inspection of the audit trail.
9.2 Availability
Database controls and security measures aim to protect the confidentiality and integrity of the database and
also aim to ensure the database is available and able to be used effectively by authorised users.
The security measures described above help achieve this by reducing the chances of unauthorised activity
and damage to the database. It is also important to ensure the database is backed-up regularly and
appropriately to ensure efficient data recovery if required.
Case study
The Gartner Group consultants reported that more than 25 per cent of the critical data in large US
Fortune 1 000 companies' databases is inaccurate or incomplete. This includes incorrect product codes and
product descriptions, faulty inventory descriptions, erroneous financial data, incorrect supplier information,
and incorrect employee data. Gartner believes that customer data degrades at a rate of two per cent per
month, making poor data quality a major obstacle to successful customer relationship management (Gage
and McCormick, 2005).
2: Database concepts 75
Key chapter points
7 The implementation of a new database should not be constrained by formal planning – a flexible 'see
how we go' approach is best.
Is the statement above true or false?
A true
B false
8 An ………………….. ………………….. ………………….. is a collection of data and processing
procedures that records and creates accounting related information.
What three words are missing from the statement above?
9 In the context of computer databases, what does the abbreviation DAM mean?
2: Database concepts 77
Answers to quick revision questions
1 Data is the raw material for data processing. Data consists of numbers, letters and symbols and
relates to facts, events, and transactions. Information is data that has been processed in such a way
as to be meaningful to the person who receives it.
2 Data and information captured and stored in an organisation’s information systems comes from a
variety of internal and external sources.
3 The statement is True. Computer data is made up of a hierarchy: bit, field, record, file and
database.
4 SQL is short for Structured Query Language, and is a popular database query language.
5 There are four main types of database storage models – hierarchical, network, relational and
object-oriented.
6 The relationship shown is a many-to-one relationship (M:1), many sales managers reporting to one
sales director.
7 The statement is false. Database implementation should be formally planned and managed to ensure
the database is fit for purpose.
8 An Accounting Information System is a collection of data and processing procedures that
records and creates accounting related information.
9 The abbreviation DAM stands for Database Activity Monitoring. DAM software tools sit outside
the database and monitor activity ‘live’. The DAM software alerts the database administrator of any
activity considered potentially suspicious, rather than relying upon subsequent inspection of the audit
trail.
1 A database management system (DBMS) is the software that manages access to a database. The
DBMS enables numerous applications to operate from the database without the need for separate
files.
2: Database concepts 79
80 IT and Business Processes
Chapter 3
Topic list
81
Introduction
We start this chapter by considering the role of Enterprise Resource Planning (ERP) software, focusing on
the centralised database and workflow management aspects of these systems.
Then we discuss the concept of knowledge management, and the software that can help an organisation
gather and manage knowledge and information. Productivity software is covered as part of this discussion.
Later, we focus on the use of data warehouses, before turning our attention to tools used to utilise the
data, information and knowledge stored in organisational information systems.
Don't become too focused on the detailed IT aspects of these topics. What is important for professionally
qualified accountants is an understanding of the principles and thinking behind these systems and techniques
– and most importantly a focus on the business benefits technology can bring.
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
Definition
Enterprise Resource Planning (ERP) systems integrate the planning, management, and use of all of an
organisation's resources. (Laudon and Laudon 2009).
Enterprise Resource Planning (ERP) systems provide unity and co-ordination across different functional
areas of an organisation. They eliminate the need for separate systems and separate data silos within an
organisation. The two most popular ERP systems are SAP and Oracle.
Case study
SAP Workflow is designed to facilitate and automate business processes involving tasks performed by users
(people in the workplace). It ensures that the right work is assigned in the right sequence at the right time
to the right person in the workflow.
Each step of a business transaction can be easily monitored throughout the initiation and completion of
business processes. SAP Workflow enables the process owners to track deadlines, determine the workload
as well as provide statistics on the length of time to complete work processes.
SAP Workflow can be linked to other software tools such as Microsoft Outlook or Lotus Notes.
Definitions
Knowledge is information within people's minds.
Knowledge management describes the process of collecting, storing and using the knowledge held
within an organisation.
Case study
Facilitating knowledge sharing
World-class companies now realise that the best ideas do not necessarily come from the executive
boardroom but from all levels of the company; from line workers all the way through to top management.
Companies that have cultures that encourage best practice sharing can unlock the rich stores of
knowledge within each employee. Sharing promotes overall knowledge and facilitates further creativity.
World-class companies are innovatively implementing best practice sharing to shake them of out of the rut
of 'the way it's always been done'. Programs such as General Electric's Work-Out sessions help employees
challenge conventions and suggest creative new ideas that drive process improvement, increased efficiency,
and overall, a stronger bottom line.
The fundamental goal of knowledge management is to capture and disseminate knowledge across an
increasingly global enterprise, enabling individuals to avoid repeating mistakes and to operate more
intelligently – striving to create an efficient learning organisation.
The best companies create a best practice-sharing culture through all levels of the organisation, using both
internal and external sources of best practices. They then capture that knowledge and communicate it to all
employees.
2.5.2 Groupware
Definition
Groupware is a term used to describe software that provides functions for the use of collaborative work
groups.
Typically, groups using groupware are small project-oriented teams that have important tasks and tight
deadlines The most widely-used groupware products are Microsoft Outlook and Lotus Notes.
However, there are many related products and technologies.
It is when groupware is used to share information with colleagues that it comes into its own. Features of
groupware include the following:
(a) Messaging, an e-mail account to send and receive messages.
(b) Access to an information database, and customisable 'views' of the information held on it, which
can be used to standardise the way information is viewed in a workgroup.
(c) Group scheduling, to keep track of colleagues' schedules and to enable meetings to be arranged,
including booking the meeting room and required resources.
SOFTWARE
External
knowledge Graphics Visualisation
base Modelling Simulation
Document management
Communications
User
interface
Case studies
Virtual reality
Burger King have used virtual reality stores to test new store designs.
Volvo have used virtual reality test drives in vehicle development.
Definition
An expert system is a computer program that captures human expertise in a limited domain of
knowledge.
Expert system software uses a knowledge base that consists of facts, concepts and the relationships
between them on a particular domain of knowledge and uses pattern-matching techniques to 'solve'
problems.
Rules of thumb or ('heuristics') are important. A simple example might be 'milk in first' when making a cup of
tea: this is a rule of thumb for tea making that saves people having to rethink how to make a cup of tea every
time they do so. A simple business example programmed into a credit check may be: 'Don't allow credit to a
person who has no credit history and has changed address twice or more within the last three years'.
For example, many financial institutions now use expert systems to process straightforward loan
applications. The user enters certain key facts into the system such as the loan applicant's name and most
recent addresses, their income and monthly outgoings, and details of other loans. The system will then:
(a) Check the facts given against its database to see whether the applicant has a good previous credit
record.
(b) Perform calculations to see whether the applicant can afford to repay the loan.
(c) Make a judgment as to what extent the loan applicant fits the lender's profile of a good risk (based
on the lender's previous experience).
(d) Suggest a decision.
(a) The knowledge base contains facts and rules from past experience.
(b) The knowledge acquisition program is a program which enables the expert system to
incorporate new knowledge and rules.
(c) The working memory stores the facts and rules being used by the current enquiry, and the
current information given to it by the user.
(d) The inferencing engine is the software that executes the reasoning. It decides which rules apply,
and allocates priorities.
Section overview
• A data warehouse consists of a database, containing data from various operational systems, and
reporting and query tools.
Definitions
A data warehouse is a database that contains data from other databases, and other sources, that enables
data to be analysed outside of operational systems.
A data mart is similar to a data warehouse but the mart holds data relating to a specific department,
function or area of the business.
Subject-oriented A data warehouse is focused on data groups, not application boundaries. Whereas the
operational world is designed around applications and functions such as sales and purchases, a
data warehouse world is organised around major subjects such as customer, supplier, product
and activity.
Integrated Data within the data warehouse must be consistent in format and codes used – this is referred
to as integrated in the context of data warehouses. Data must arrive in the data warehouse in a
consistent integrated state. The data import routine should 'cleanse' any inconsistencies.
Time-variant Data is organised by time and stored in 'time-slices'. Data warehouse data may cover a long
time horizon, perhaps from five to ten years. Data warehouse data tends to deal with trends
rather than single points in time. As a result, each data element in the data warehouse
environment must carry with it the time for which it applies.
Non-volatile Data cannot be changed within the warehouse. Only load and retrieval operations are made.
Organisations may build a single central data warehouse to serve the entire organisation or may create a
series of smaller data marts. A data mart holds a selection of the organisation's data for a specific
purpose. A data mart can be constructed more quickly and cheaply than a data warehouse. However, if too
many individual data marts are built, organisations may find it is more efficient to have a single data
warehouse serving all areas.
Case studies
Data gathering and use
Gathering data is the easy bit. Many companies have a transactional database at their disposal – the difficult
part is figuring out how to use the data to drive more profitable relationships with customers. Data that is
of little value should be discarded. There might be hundreds of columns on a database that can be
segmented at the touch of a button but, unless this information can result in some action with regard to the
customer, it is redundant.
LO
3.1
4 Data analysis using business intelligence tools
Section overview
Business intelligence (BI) tools enable users to analyse, manipulate, and report on data. Examples include:
– Digital dashboards
– Multidimensional databases
– Enterprise Information Portals (EIP)
– E-commerce analytics
Definitions
Business intelligence (BI) applications enable the data held in databases to be manipulated and analysed.
Case study
Business intelligence and IT infrastructure
JJB Sports, a retailer of sports equipment based in the UK, completed a £500 000 upgrade to its business
intelligence and merchandise management system in 2008, cutting reporting times by half.
The upgrade included a new IT infrastructure that consists of servers connected to an existing storage area
network, and an Oracle database. Access to accurate and timely information on merchandise sales,
inventory levels and store performance is crucial in meeting customers' needs.
LO
3.4
5 Data mining
Section overview
• Data mining software looks for hidden, previously unknown patterns and relationships in large
pools of data.
Definition
Data mining is the analysis of data with the aim of discovering previously unknown, potentially useful
relationships.
There are many different definitions of data mining. However, the principle of data mining relates to the use
LO
3.4 of advanced analytical techniques to discover useful relationships in large databases.
For example, the sales records for a particular brand of golf club might, if sufficiently analysed and related to
other market data, reveal a seasonal correlation with the purchase of tennis equipment by the same people.
Data mining differs from the use of structured query language to access large databases, in that the latter is
simply summarising data that is already in the database. Data mining, on the other hand, is looking for
Exam comments
Exam questions could test your understanding of what data mining is and the types of relationship it may
uncover.
Case study
Data mining technology
Facebook and MySpace, the social networking giants, have both used data mining software to tailor the
advertisements presented to different users. In some cases the technology has improved the likelihood of
members clicking on an advert by up to 80 per cent. Factors taken into account include user group
membership and personal interests to formulate detailed portraits that can be used by advertisers to target
ads.
Case study
A step-by step approach to improving performance through IT
A diagram showing how data, databases, a data warehouse and various data analysis tools work together
follows:
Databases, multi dimensional data cubes, data warehouse and data analysis tools
1 An Enterprise Resource Planning (ERP) system includes separate, distinct databases for each
organisational function. Individual ERP modules use their own data.
Is the statement above true or false?
A true
B false
3 Match the following types of system (left column) with how they help knowledge management (right
column).
Knowledge work systems Knowledge distribution
Artificial intelligence systems Knowledge sharing
Office automation systems Knowledge creation
Group collaboration systems Knowledge capture and codification
5 Microsoft Word is an example of both productivity software and Office Automation System
software.
Is the statement above true or false?
A true
B false
6 Distinguish between a data warehouse and a data mart.
7 A ………………. …………………. is a software tool that provides a high level, summarised view of
the performance of an enterprise.
What two words are missing from the statement above?
8 What type of software looks for hidden, previously unknown patterns and relationships in large
pools of data?
1 The statement is False. Enterprise Resource Planning (ERP) systems are built around a unified
central database that holds data that is utilised by all system modules.
2 Explicit knowledge is knowledge that an organisation already stores in formal systems. It includes
facts, transactions and events that can be clearly stated and stored in information systems.
Tacit knowledge is expertise held by people within the organisation that has not been formally
documented.
3 The correct combinations are shown below.
Knowledge work systems Knowledge creation
Artificial intelligence systems Knowledge capture and codification
Office automation systems Knowledge distribution
Group collaboration systems Knowledge sharing
4 The statement is False. Artificial intelligence (AI) is the development of computer-based systems
designed to behave as humans. Artificial intelligence systems are based on human expertise,
knowledge and reasoning patterns. An expert system is one example of AI. Expert systems are
computer programs that capture human expertise in a limited domain of knowledge.
5 The statement is True. Microsoft Word is an example of both productivity software and Office
Automation System software.
6 A data warehouse consists of a database, containing data from various operational systems, and
reporting and query tools. A data mart is similar, but generally smaller. It holds a selection of the
organisation's data for a specific purpose.
7 A digital dashboard is a software tool that provides a high level, summarised view of the
performance of an enterprise.
8 Data mining software looks for hidden, previously unknown patterns and relationships in large
pools of data.
1 A data warehouse consists of a database, containing data from various operational systems, and
reporting and query tools.
The following issues would need to be addressed if a data warehouse is to be implemented at the
Westhampton University.
(a) The 24 different departments use different systems and data, a common format for data held
in the data warehouse needs to be selected and applied.
(b) Manipulating the data into the required format for import into the warehouse would require
an automated data conversion program. Different conversion routines will be required to
cope with the different systems that will feed the warehouse.
(c) The effort required establishing and implementing a data warehouse may not be justified. The
data warehouse would hold historical student data which is not essential for the day to day
tuition of current students.
(d) The data warehouse should incorporate a reporting and query tool that allows users to view
and analyse data. All staff that may be required to access data held in the warehouse will
require training to enable them to extract that data they require.
(e) Data warehouses require staff to maintain and administer them. Data must be copied to the
data warehouse as often as required. As operational data will be held on other systems, it is
likely that data would be copied to the data warehouse at the end of each academic year.
Other tasks associated with the system will include the assigning of appropriate access rights
to users, and establishing back-up routines.
(f) Data warehouses are often used in a business context in conjunction with data mining, which
involves searching for patterns within information that are able to be exploited. It is unlikely
that data mining could be applied beneficially in the context of the University – hidden
patterns related to student course selection are unlikely to bring any benefit.
Topic list
105
Introduction
In this chapter we introduce a methodology for designing and developing information systems – the
systems development life cycle (SDLC).
We shall use the SDLC as a foundation to explain the processes and controls which organisations use when
creating new systems and maintaining them once they have been implemented.
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
1 What are the criteria on which the success of projects are judged? (Section 1.1)
2 What cost categories are considered when considering a project's feasibility? (Section 2.3)
3 What are the tools used in system investigation? (Section 3.1)
4 What is a DFD? (Section 4.1)
5 What is meant by a system's logical design? (Section 5.1)
6 What is unit integration testing? (Section 6.2)
7 What are metrics? (Section 7.2)
8 What is adaptive maintenance? (Section 8.1)
In the early days of computing, systems were developed in a fairly haphazard fashion and poorly planned.
The consequences were often badly designed systems, which cost too much to make and which were not
suited to users' needs.
As early as the 1960s, developers attempted to bring order to the development process. Since then, a
number of systems development life cycle (SDLC) models have been created. The original 'typical'
SDLC is sometimes referred to as the waterfall model – this is because it involves a sequence of stages
in which the output of each stage becomes the input for the next stage. These stages can be
characterised and divided up in different ways, including the following:
• Project planning, feasibility study - establishes a high-level view of the intended project and determines
its goals.
• Systems analysis, requirements definition - refines project goals into defined functions and operation of
the intended application. Analyses end-user information needs.
• Systems design - describes desired features and operations in detail, including screen layouts, business
rules, process diagrams, pseudo code and other documentation.
• Implementation - the real code is written here.
• Integration and testing - brings all the pieces together into a special testing environment, then checks
for errors, bugs and interoperability.
• Acceptance, installation, deployment - the final stage of initial development, where the software is put
into production and runs in the actual business structure.
• Maintenance - includes what happens during the rest of the software’s life: changes, correction,
additions, and moves to a different computing platform. This, the least glamorous and perhaps most
important step of all and goes on seemingly forever.
P Planning (feasibility)
• Planning stage
Review and
A Analysis
• Analysis stage maintenance
• Design stage D Design
• Development stage
D Development
• Implementation stage.
I Implementation
The first step is to identify a need for the new system. This will include determining whether a business
problem or opportunity exists, conducting a feasibility study to determine if the proposed solution is cost
effective, and developing a project plan.
This process may involve end users who come up with an idea for improving their work or may only
involve Information Systems (IS) people. Ideally, the process occurs in tandem with a review of the
organisation's strategic plan to ensure that IT is being used to help the organisation achieve its strategic
objectives. Management may need to approve concept ideas before any money is budgeted for its
development.
The activities associated with the steps outlined by the mnemonic ‘PADDI’ follow:
Planning (P) - will include establishing the terms of reference and a project feasibility study. The terms of
reference will include details as to what is expected from the project team.
The project feasibility study is concerned with justifying the system in terms of the benefits it will bring to
the organisation. The study will look at the volume and nature of transactions, the operating costs and the
availability of alternatives.
System analysis (A) - this stage will include a detailed investigation of the existing system in order to
discover the precise nature of the users’ needs and the way in which the system currently operates. The
performance achieved by the existing system should be measured for effectiveness - providing a benchmark
for the new system. This stage will involve fact finding exercises and documentation of the system to enable
the production of an outline specification of users’ needs. The information that has been collected must be
summarised, sorted and critically judged. This will help to identify any problems, inefficiencies and
bottlenecks in the current system. The information will be recorded in a series of dataflow diagrams (DFDs)
LO
5.6
1.4 Project management
Developing a new system, even with a framework such as the SDLC to go by, is no small or easy
undertaking and it is important for the project to be carefully managed to ensure a successful result.
Projects are usually deemed successful if they are completed at the specified level of quality, on time
and within budget.
Constraint Comment
Scope or The work that was specified has been done and all the deliverables have, in fact, been
Functionality delivered.
Budget The project should be completed without exceeding authorised expenditure.
Timescale The progress of the project must follow the planned process, so that the 'result' is ready
for use at the agreed date. As time is money, proper time management can help contain
costs.
It is possible to add a fourth constraint: Quality, which extends the Scope constraint such that the end
result conforms to the project specification. In other words, the result should achieve what the project was
supposed to do
An article in Financial Management (June 2006) helpfully summarises the factors that contribute to successful
project delivery as follows:
(a) Proper planning with regard to time, cost and resource constraints.
(b) The involvement of users (among other key stakeholders) in development and delivery processes,
to ensure that their needs are met (without subsequent changes).
(c) Competent and committed project staff, with the right skills.
(d) Ownership by senior managers on the basis of a clear business case.
(e) Careful management of constraints: control procedures for monitoring the pace,
money/resource usage and conformance of the project.
(f) Risk assessment and management, allowing for risk reduction and contingency planning.
(g) Clear criteria for business case and precise measurements of performance, so that project
success can be evaluated and lessons learned.
Exam comments
You can see from the list above that there are many important considerations for a project manager to
think about when managing a project. The focus of the syllabus and the exam is on the controls used in
project management.
Appointing project managers with control over staff in a number functional areas creates a ‘Balanced
Matrix’, and creating a new function area containing a pool of such project managers results in a ‘Strong
Matrix’.
PMBOK assumes that each phase of a project (eg. Design Phase, Implementation Phase) is accomplished by
five groups of processes:
• Initiating – recognising the needs, and committing the necessary resources;
• Planning – devising and maintaining a workable scheme;
• Executing – coordinating people and other resources;
• Monitoring and Controlling – measuring progress and taking corrective action;
• Closing – formal acceptance of a completed project.
The completion of one process implies the start of the next, and the outputs of a process (documents, etc)
become the inputs of the next, though in complex projects these groups may overlap considerably in time.
Management Processes may also be grouped into the following Knowledge Areas:
1 Integration – creating and executing a Project Plan to coordinate the various elements of the project,
and establish a Change Control system to coordinate changes across the whole project;
2 Scope – ensuring the project includes all the work required, and no more;
The Australian Institute for Project Management (AIPM) included these nine areas into the
Australian National Competency Standards for Project Management (ANCSPM).
1.5.3 PRINCE2
PRINCE was developed by the UK Government. The acronym PRINCE stands for PRojects IN
Controlled Environments.
The latest version of PRINCE, PRINCE2 is now the de facto UK standard for systems project management
and is widely used in other countries.
Stage control is the process undertaken by the project manager to ensure that any given stage of the
project remains on course. A project might consist of just one stage.
PRINCE2 project control includes a structure of reports and meetings as follows:
(a) A project initiation meeting agrees the scope and objectives of the project and gives approval for
it to start.
(b) The completion of each project stage is marked by an end stage assessment, which includes
reports from the project manager and the project assurance team. The next stage does not
commence until its plans have been reviewed and approved.
(c) Mid stage assessments are optional and may arise if, for example, a stage runs for a particularly
long time or it is necessary to start a new stage before the current one is complete.
(d) Highlight reports are submitted regularly by the project manager to their superiors. These
reports are the main overall routine control mechanism and their frequency (often monthly) is
agreed at project initiation. They are essentially progress reports and should include brief summaries
of project schedule and budget status.
(e) The checkpoint is the main control device used by the project team itself. Meetings are held more
frequently than highlight reports are prepared (possibly weekly) and provide a basis for continuing
progress review by team leaders and members.
The earlier a change is made the less expensive it should prove. However, changes will cost time and
money and should not be undertaken lightly.
When considering a change an investigation should be conducted to discover:
(a) The consequences of not implementing the proposed change.
(b) The impact of the change on time, cost and quality.
(c) The expected costs and benefits of the change.
(d) The risks associated with the change, and with the status quo.
The process of ensuring that proper consideration is given to the impact of proposed changes is known as
change control.
In the remainder of this chapter, we will look in greater detail at the activities undertaken during each stage
of systems development.
Question 1: PRINCE2
Which of the following is the main control device for a project team operating under PRINCE2?
A checkpoint
B highlight report
C mid stage assessment
D end stage assessment
(The answer is at the end of the chapter)
LO 2 Feasibility study
5.5
Section overview
• A feasibility study is a formal study to decide what type of system can be developed which best
meets the needs of the organisation.
A feasibility study team should be appointed to carry out the study (although individuals might be given
the task in the case of smaller projects). The team should include people from departments affected by the
project as well as those with the required technical and business knowledge. With larger projects it may
well be worthwhile for a small firm to employ a professional systems analyst and then appoint a
management team to work with the analyst.
Once the team is assembled the study begins. A common approach is to look at the existing system
for problems, generate possible alternative solutions and evaluate them.
2.3 Costs
The costs of a new system can be classified into a number of categories – the following table provides some
examples.
Cost Examples
Equipment costs • Computers and peripherals
• Ancillary equipment
• The initial system supplies (flash drives, CD-ROMs, paper)
Installation costs • New buildings (if necessary)
• The computer room (wiring, air-conditioning if necessary)
Development costs • Measuring and analysing the existing system
• Software/consultancy work
• Systems analysis and programming
• Changeover costs such as file conversion
Personnel costs • Staff training
• Staff recruitment/relocation
• Staff salaries and pensions
• Redundancy payments
• Overheads
Operating costs • Consumable materials (memory sticks, toners, CD-ROMs, stationery)
• Maintenance
• Accommodation costs
• Heating/power/insurance/telephone
• Standby arrangements, in case the system breaks down
LO
5.5 3 System investigation
Section overview
• System investigation is a detailed fact-finding exercise about the areas and system under
consideration. Methods employed include the use of interviews and questionnaires.
Once the project team has determined that the project is feasible, it has to determine the existing system's
inputs, outputs, processing methods and volumes so that the new system can perform the tasks
which it is needed for. As part of this, the team should review the organisational structure and examine
controls, staffing and costs. It should also consider the expected growth of the organisation and its future
requirements.
LO
5.5
4 System analysis
Section overview
• System analysis examines why current methods are used, what alternatives are available,
what restricts the effectiveness of the system and what performance criteria are required
from a new system.
Systems analysis is a process which examines why current methods are used and what alternatives
might achieve the same or better results. A variety of fact-finding techniques are available to determine how
a system operates, what document flows occur, what work processes are involved and what personnel are
involved. Common techniques used include data flow diagrams, entity relationship modelling and entity life
histories and decision tables.
The purpose of the condition stub is to specify the values of the data that require testing. The condition
entry specifies what those values might be. Between them, the condition stub and condition entry show
what values an item of data might have that a computer program should test for. Establishing conditions will
be done within a computer program by means of comparison checks.
The action entry quadrant shows the action or actions that will be performed for each rule. In the
computer program, instructions specify the action to take, given the conditions established by comparison
checks.
In this stage the new system should be designed to meet an agreed (by users, developers, management)
requirements specification. There are two types of design, logical and physical.
LOs
5.1
5.5
6 System implementation
Section overview
• System implementation describes a number of processes which take the new system's logical
and physical design through to the point where it is ready for operations.
The main stages in the implementation of a computer system once it has been designed are as follows:
(a) Installation of the hardware and software.
(b) Testing.
(c) Staff training and production of documentation.
(d) Conversion of files and database creation.
(e) Changeover.
The items in the list above do not necessarily happen in a set chronological order, and some can be
done at the same time. Therefore the requirements for implementation vary from system to system.
6.2 Testing
A system must be thoroughly tested otherwise there is a danger that it will go live with faults that might
prove costly. The scope of tests and trials will vary with the size and complexity of the system. To ensure a
coherent, effective approach to testing, a testing plan should be developed. The following types of testing
may be used:
(a) Logic testing. Before any programs are written the logic behind them should be checked. This
process would involve the use of flow charts or data flow diagrams. The path of different types of
data and transactions are manually plotted through the system, to ensure all possibilities have been
catered for and that the processing logic is correct.
(b) Program testing. This involves processing test data through all programs. Test data should be of
the type that the program will be required to process and should include invalid/exceptional items to
test whether the program reacts as it should.
(c) Unit testing and unit integration testing. Unit testing means testing one function or part of a
program to ensure it operates as intended. Unit integration testing involves testing two or more
software units to ensure they work together as intended.
(d) System testing. System testing has a wider focus than program testing and extends into areas such
as the practicalities of input, system flexibility, the system's ability to cope with peak transaction
volumes and to produce information when required. System testing involves testing before
installation (known as off-line testing) and after implementation (on-line testing).
(e) User acceptance testing. This is used to establish whether users are satisfied that the new system
meets the system specification when used in the actual operating environment. Users process test
data, system performance is closely monitored and users report how they felt the system meets
their needs. Test data may include some historical data, because it is then possible to check results
against the 'actual' output from the old system. This form of testing also has the benefit of helping
the new users accept the new system and any changes to how they perform their work.
6.3 Training
Staff training in the use of a new system is essential if the return on investment is to be maximised. Training
should be provided to all staff who will use the system. Examples of situations where significant training
is likely to be required include, when:
Training should focus on the specific tasks the user is required to perform e.g. entering an invoice
or answering a query. There are a range of options available to deliver training, as shown below:
The training method applicable in a given situation will depend on the following factors:
• Time available.
• Software complexity.
• User skill levels.
• Facilities available.
• Budget.
User documentation may be used to explain the system to users. Much of this information may be
available on-line using context-sensitive help e.g. 'Push F1 for help'.
Held in manual (i.e. paper) Data will be keyed into the new system – probably via input forms, so that data
files entry operators have all the data they require in one document. This is likely to
be a time-consuming process.
Held in existing computer How complex the process is in converting the files to a format compatible with
files the new system will depend on technical issues and the coding systems used. It
may be possible to automate much of the conversion process.
Held in both manual and Two separate conversion procedures are required.
computer files
Existing data is incomplete If the missing data is crucial, it must be researched and made available in a
format suitable for the new system – or suitable for the file conversion process.
The file conversion process is shown in the following diagram, which assumes the original data is held in
manual files.
The relative advantages and disadvantages of the various changeover methods are outlined in the
following table:
Parallel running Safe, built-in safety Costly - two systems need to be operated
Provides a way of verifying results of new Time-consuming
system
Additional workload
Pilot operation Less risky than direct changeover Can take a long time to achieve total
changeover
Less costly than complete parallel running
Not as safe as complete parallel running
Phased changeover Less risky than a single direct changeover Can take a long time to achieve total
changeover
Any problems should be in one area – other
operations unaffected Interfaces between parts of the system may
make this impractical
LO
5.7 7 System review
Section overview
• A system should be reviewed after implementation, and periodically, so that any unforeseen
problems may be solved and to confirm that it is achieving the desired results.
The system should have been designed with clear, specified objectives, and justification in terms of cost-
benefit analysis or other performance criteria. Once it has been implemented the project team can
review the system's actual performance against what was expected.
LO
5.4 7.1 Review
A post-implementation review should establish whether the objectives and targeted performance
criteria have been met, and if not, why not, and what should be done about it. In appraising the operation of
the new system immediately after the changeover, comparison should be made between actual and
predicted performance.
LOs
5.2 8 System maintenance and operations
5.7
Section overview
• There are three types of systems maintenance. Corrective maintenance is carried out to
correct an error, perfective maintenance aims to make enhancements to systems and adaptive
maintenance takes account of anticipated changes in the processing environment.
Maintenance must be included in the initial planning of a system with the allocation of adequate staff and
resources. The software must be structured and the documentation must be of a high enough standard to
allow people who are unfamiliar with the system to make any necessary changes to one part without
impairing other parts.
Definition
Maintenance is the process of modifying an information system to continually satisfy organisational and user
requirements.
We can distinguish between hardware and software maintenance in costs as well as in objectives.
Hardware maintenance - the purpose of maintaining computer system hardware is to keep the equipment
in working order without changing its functionality. Traditionally, this aspect of system maintenance has
been covered by maintenance contracts with equipment manufacturers.
Systems maintenance - the principal effort in system maintenance is directed at maintaining the applications
software. Software maintenance includes all modifications of a software product after it has been turned
over to operations. The cost of this maintenance over the useful life of an application is typically twice the
development cost.
The traditional view of software maintenance deals with the correction of faults and errors that are found
after the delivery of the product. However, other significant changes are made to the product as software
evolves. These changes can happen when the product needs to meet the new environment or new user
requirements, or even to increase the product’s maintainability.
Some characteristics of software that affect software maintenance are system size, age, and structure.
Understanding the characteristics of software will facilitate maintaining the software more efficiently. It is
also important to look at how software maintenance fits into the relationship between products and
services. Software maintenance, including software operation, has relatively more aspects of a service than a
product does, whereas software development yields a product rather than a service.
LO
5.4
8.2 System maintenance
Regular maintenance of the system is required to keep it up-to-date and meeting the needs of users.
The key features of system maintenance are flexibility and adaptability. These mean:
(a) The system, perhaps with minor modifications, should cope with changes in the computer user's
procedures or volume of business.
(b) The computer user should benefit from advances in computer hardware technology without having
to switch to another system altogether.
Besides environmental changes, three factors contribute to the need for maintenance:
Errors However carefully and diligently the systems development staff carry out systems testing and
program testing, it is likely that bugs will exist in a newly implemented system. Most should be
identified during the first few runs of a system. The effect of errors can obviously vary
enormously.
Poor If old systems are accompanied by poor documentation, or even a complete lack of
documentation documentation, it may be very difficult to understand and therefore update them.
Programmers may opt instead to patch up the system with new applications using newer
technology.
Changes in Although users should be consulted at all stages of systems development, problems may arise
requirements after a system is implemented because users may have found it difficult to express their
requirements, or may have been concerned about the future of their jobs and not participated
fully in development.
Cost constraints may have meant that certain requested features were not incorporated. Time
constraints may have meant that requirements suggested during development were ignored in
the interest of prompt completion.
There are therefore three broad types of system maintenance as described below:
(a) Corrective maintenance is carried out when there is a systems failure of some kind. For example
a defect in processing or in an implementation procedure. Its objective is to ensure that systems
remain operational.
(b) Perfective maintenance is carried out in order to perfect the software, or to improve it so that
the processing inefficiencies are eliminated and performance is enhanced.
(c) Adaptive maintenance is carried out to take account of anticipated changes in the processing
environment. For example, new taxation legislation might require changes to be made to payroll
software.
Corrective maintenance usually consists of action in response to a problem. Much perfective
maintenance consists of making enhancements requested by users to improve or extend the facilities
available. The user interface may be amended to make software more user friendly.
Provision must also be made to ensure computer hardware is maintained. A hardware maintenance
contract should specify service response times in the event of a breakdown, and include provision for
temporary replacement equipment if necessary. Maintenance services may be provided by the computer
manufacturers or suppliers, or by a third-party maintenance company.
Section overview
• Project control is the continuous monitoring of the project for deviations from plan (time, cost, and
scope) and the execution of corrective action. There are two key elements to the control of any
project: gates and milestones (clear, unambiguous targets of what, by when); and an established
means of communication.
• Developing a new system is no small or easy undertaking and it is important for the project to be
carefully managed to ensure a successful result. The systems development lifecycle is a methodology
for developing information systems to ensure they are properly planned, cost-effective and meet the
needs of users.
• The systems development life cycle (SDLC) can be described using the main stages involved in an
information system development project, from an initial feasibility study in the planning stage through
analysis, design, development and implementation to maintenance of the completed application.
• A feasibility study is a formal study to decide what type of system can be developed which best
meets the needs of the organisation.
• System investigation is a detailed fact-finding exercise about the areas and system under
consideration. Methods employed include the use of interviews and questionnaires.
• System analysis examines why current methods are used, what alternatives are available, what
restricts the effectiveness of the system and what performance criteria are required from a new
system.
• System design is a technical phase which addresses in particular inputs, outputs, program design,
dialogue design, file design and security.
• System implementation describes a number of processes which take the new system's logical and
physical design through to the point where it is ready for operations.
• A system should be reviewed after implementation, and periodically, so that any unforeseen problems
may be solved and to confirm that it is achieving the desired results.
• There are three types of systems maintenance. Corrective maintenance is carried out to correct an
error, perfective maintenance aims to make enhancements to systems and adaptive maintenance
takes account of anticipated changes in the processing environment.
• Project control is the continuous monitoring of the project for deviations from plan (time, cost, and
scope) and the execution of corrective action. There are two key elements to the control of any
project: gates and milestones (clear, unambiguous targets of what, by when); and an established
means of communication.
• Published standards for Project Control include the Project Management Body of Knowledge
(PMBOK), the Association for Project Management Book of Knowledge (APM BoK), and PRINCE2.
1 In the systems development life cycle (SDLC) which stage comes after feasibility study?
A system analysis
B system design
C system investigation
D system implementation
2 When conducting a feasibility study a number of costs and benefits of the proposed system are
analysed. Which of the following is a tangible benefit as opposed to an intangible benefit?
A increased customer satisfaction
B improved efficiency resulting in lower operating costs
C improved staff morale
D better decision making
3 Which of the following methods of system investigation is the most expensive to conduct?
A interviews
B questionnaires
C document review
D looking at existing systems
4 Which method of system analysis provides an investigator with a basic understanding of how a
system works?
A data flow diagrams
B entity relationship modelling
C entity life histories
D decision tables
5 The term 'system configuration' describes the:
A hardware specification of a system
B software specification of a system
C purpose of the system
D hardware, software and processes of which a system comprises
6 Which method of system changeover is the most expensive?
A direct changeover
B parallel running
C pilot operation
D phased changeover
7 Which of the following are direct measures of system quality?
I throughput speed
II number of errors
III number of calls to the help desk
A I and II only
B I and III only
C II and III only
D I, II and III
8 Which of the following are examples of system operations?
I testing system security
II updating the system for changes in legislation
III purchasing consumables needed by the system
A I and II only
B I and III only
C II and III only
D I, II and III
2 B Cost savings are a tangible benefit, the others are all intangible benefits.
3 A Interviews are more time consuming than the other options and therefore more
expensive.
4 A Data flow diagrams provide an investigator with a basic understanding of how a system
works.
5 D ‘System configuration’ describes the hardware, software and processes of which a system
comprises.
6 B Parallel running is the most expensive as it requires both systems to be running together
for a period of time.
8 B Updating the system for changes in legislation is adaptive maintenance, not system
operations.
1 A Checkpoints are the main control device used by project teams operating under PRINCE2.
Topic list
137
Introduction
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
1 AIS adds value to an organisation by (Section 1.2)
I improving efficiency.
II sharing knowledge.
III improving the internal control structure.
A answers I and II only
B answers I, II, and III
2 Cost accounting systems may be used to determine the cost of performing service (Section 2.4)
functions, such as those performed by hospitals or governmental agencies, as well
as to determine the cost of manufactured products
A True
B False
3 Briefly explain what the initials REA represent. (Section 3.5)
4 Which of the following statements is not true with respect to the characteristics (Section 4.2)
of the Master and the Transaction files?
A A transaction file is similar to a ledger in a manual accounting system.
B A transaction file contains records that hold the details of daily events
affecting an attribute of the master file.
C A master file should only contain data that are of a permanent or
semi-permanent nature.
D Records in the transaction file are used to update some of the data
in the master file.
E None of the above.
5 Which of the following comparisons is incorrect? (Section 4.3.4)
A A production database is used daily and typically has lots of transactions
running against it. A warehouse database gets new data more frequently,
but in lower volumes.
B A production database is typically associated with a particular application
area but the data warehouse database tries to model fragmented data as
parts of the entire enterprise so that it focuses on subject areas rather than
application areas.
C A production database works best when it is as small as possible, whereas
a data warehouse database works best when it has as much data as it can get.
D A data warehouse can provide historical information; an operational
system typically has only a snapshot view of the business.
Definition
An accounting information system (AIS) is the system that collects, records, stores and processes
data to keep and maintain its accounting system. This includes the purchase, sales, and other financial
processes of the business.
LO An alternative definition is 'the processing, presentation, and use of accounting information for internal
6.2 reporting to managers and external reporting to shareholders, creditors, and government.'
Boochholdt J (Accounting Information Systems Transaction Processing and Control. The McGraw-Hill companies,
1999) defines accounting information systems as systems that operate functions of data gathering,
processing, categorising and reporting financial events with the aim of providing relevant information for the
purpose of score keeping, attention directing and decision-making.
Accounting Information Systems (AIS) have many benefits; however, there are also some disadvantages to
them.
Information system
LO As well as processing the company's transactions, an AIS fulfils three important business functions.
6.1
(1) It can collect and store data about organisational activities, resources, and personnel.
(2) It transforms data into information that is useful for making decisions so management can plan,
execute, control, and evaluate activities, resources, and personnel.
(3) It provides adequate controls to safeguard the organisation's assets, including its data, to ensure the
assets and data are available when needed and the data are accurate and reliable.
The margin is the excess the customer is prepared to pay over the cost to the firm of obtaining resource
inputs and providing value activities.
A well-designed AIS can contribute to the organisation's value chain by
(a) Improving the quality and reducing the costs of products or services. For example, the
system can monitor machinery so operators are notified immediately when performance falls outside
acceptable quality limits. This helps maintain product quality. It also reduces the amount of wasted
materials and the costs of having to rework.
(b) Improving the efficiency and effectiveness of the organisation's supply chain. For example,
allowing customers to access the company's inventory and sales order entry systems directly can
reduce the costs of sales and marketing activities. By getting this type of access their customers'
costs and time of ordering may reduce and both sales and customer retention rates may increase. A
well-designed AIS can make operations more efficient by providing more timely information. For
OPERATIONS
Dividends paid to
stock investors –
detailed on the CASH
statement of
changes in equity
Income from sales
Bond investors
Materials
Direct
Indirect
Direct
Labour
Note
Direct materials + Direct labour = Prime cost
Direct labour + Factory overhead = Conversion cost
Direct materials + Direct labour + Factory overhead = Manufacturing cost
Definition
Management accounting or managerial accounting is concerned with the provisions and use of
accounting information to managers within organisations, to provide them with the basis to make informed
business decisions that will allow them to be better equipped in their management and control functions.
Managerial accounting differs from financial accounting in a number of ways that are briefly discussed below.
Reports to those outside the organisation: owners, Reports to those inside the organisation for
LO lenders, tax authorities and regulators. planning, directing and motivating, controlling and
6.3 performance evaluation.
Objectivity and verifiability of data are emphasised. Relevance of items relating to decision making is
emphasised.
Only summarised data for the entire organisation is Detailed segment reports about departments,
prepared. products, customers, and employees are prepared.
Must follow Generally Accepted Accounting Need not follow Generally Accepted Accounting
Principles (GAAP). Principles (GAAP).
Human Resources
Timekeeping Production
department department
Hours
Basic pay Work
worked
performed
Amount Amount
due to Payroll Costing chargeable
employee department department to
PAYG, NI product
etc
Information flows back to the Human Resources department so that employees can be considered for
promotion or disciplined if appropriate.
All the information may, in practice, be given first to payroll, who would then pass it on for costing analysis,
or vice versa. The main point is that both payroll and costing need the same information, but they analyse it
differently: payroll asks who, and costing asks what.
3.1 History
The notion of accounting as an information system emerged as a logical result of the industrial revolution.
When the factory system began to displace the domestic system, production fell under the direction of
entrepreneurs who paid wages, bought materials and supervised the process of producing goods for profit.
They had a motive for record keeping, therefore, which the family or the solitary producer had not.
In the 1820s, the printing industry was characterised by the need for information relating to labour and
LO capital investment. Labour groups resisted the introduction of the steam presses fearing job displacement.
6.4 Many newspaper publishers refused to make the capital outlays to acquire steam presses arguing that the
life of the machine would not produce sufficient output to yield a profit. Despite this early resistance to
technological innovation, the printing industry flourished as a result of increased demand for books,
newspapers, magazines, stationery and other printed material during the industrial revolution. By the 1870s,
relatively sophisticated cost accounting systems emerged to support managerial decision-making and
control.
Definition
A transaction processing system (TPS) is an information system that captures and processes data
generated during an organisation's day-to-day transactions. A transaction is a business activity such as a
deposit, payment, order or reservation.
Clerical staff typically perform the activities associated with transaction processing, which include the
following:
• Recording a business activity such as a student's registration, a customer's order, an employee's
timecard or a client's payment.
• Confirming an action or triggering a response, such as printing a student's schedule, sending a thank-
you note to a customer, generating an employee's pay or issuing a receipt to a client.
• Maintaining data, which involves adding new data, changing existing data, or removing unwanted data.
Labour
Customers
Materials
Cash
Finished goods
Cash
A financial transaction is an economic event that affects the assets and equity of the company, is reflected in
its accounts and is measured in monetary terms.
The most common financial transactions include the sale of goods or services, the purchase of inventory,
the discharge of financial obligations and the receipt of cash on account from customers.
Definition
A database is defined as a file of data, or files of inter-related data, that is structured and designed in such
a way that many different processing applications can use the same data and update it.
LO A database is a common file of data for many different users and for a range of different applications. For
6.4 example, a company can use the same database for its payroll system and its personnel records.
All communications between the different software applications and the database files are controlled by
special software called the database management system or DBMS. A DBMS can be defined as a set
of programs that manages the database. It deals with all aspects of access, maintenance and security of data.
A distinguishing feature of a database system is that, since there is a common set of shared files for all
applications, information to update the files is input just once (instead of several times, once for each
application system).
Invoicing Accounts
DATABASE
The DBMS has the effect of decoupling the data from the applications that use it. It can offer the
ability to:
• Add, amend and delete records
• Retrieve data for reference or processing
• Present data in different forms and combinations
• Control access to data on the files by means of passwords and other security procedures
• Allow the database to evolve without requiring modifications to application programs
• Record transactions.
Exam comments
Make sure you have grasped the 'duality' aspect of this system. It is an interesting subject and lends itself to
MCQs.
By identifying the Events (underlying transactions, past, present and future), the Agents (economic actors)
who participate in those Events, and the Resources that flow into and out of those Events, we can develop a
pattern or model for the underlying business enterprise.
Now the diagram shows that each sales transaction may be paid for in instalments and each customer
payment may be for more than one sale so total accounts receivable is the sum of all sales minus the sum of
all cash collections.
The cycle models of AIS as represented in a REA model would be shown as:
Although the REA data model was developed specifically for use in designing accounting information
systems, unfortunately many firms have not adopted it because it represents a major change from the
traditional double-entry approach.
Definition
Enterprise resource planning systems are modular software packages designed to integrate the key
processes in an organisation so that a single system can serve the information needs of all functional areas.
ERP systems primarily support business operations – those activities in an organisation that support the
selling process, including order processing, manufacturing, distribution, planning, customer service, human
resources, finance and purchasing. ERP systems are function-rich, and typically cover all of these activities –
the principal benefit being that the same data can easily be shared between different departments.
Operations
Controls inventory throughout the supply chain,
from procurement to distribution
This integration is accomplished with a database shared by all the application programs. For example,
when a customer service representative takes a sales order it is entered in the common database and it
automatically updates the manufacturing backlog, the price, the credit system and the shipping schedule.
ERP systems work in real-time, meaning that the exact status of everything is always available. Further,
many of these systems are global. Since they can be deployed at sites around the world, they can work in
multiple languages and currencies. When they are, you can immediately see, for example, exactly how much
of a particular part is on-hand at the warehouse in Japan and what its value is in yen or dollars.
Example: ERP
Say you are running a bicycle shop. Once you make a sale, you enter the order on the ERP system. The
system then updates the stock of bicycles in the shop, incorporates the sale into the financial ledgers, prints
out an invoice, and can prompt you to purchase more bikes to replace the ones that you have sold. The
ERP system can also handle repair orders and manage the spare parts stocks. It can also provide automated
tools to help you forecast future sales and to plan activities over the next few weeks. There may also be
data query tools present to enable sophisticated management reports and graphs to be generated. In
addition, the system may handle the return of defective items from unhappy customers, the sending out of
regular account statements to customers, and the management of payments to suppliers.
Definition
A batch is a group of similar transactions that are accumulated over time and then processed together.
This mode was formerly the major form of processing. It is still the most logical method of dealing with
large transaction volumes at a specific time.
Batch processing involves transactions being grouped and stored before being processed at regular
intervals, such as daily, weekly or monthly. Because data is not input as soon as it is received the system will
not always be up-to-date.
Keyboard
input
Transactions
grouped
in batches Sorted Old
transaction master
file file
Validate
and update
New
master
Error
file
reports
Reports
Error detection is simpler (facilitated by the nature of the The system is 'time-driven' and so is not geared to rapid
single processing run). action.
No special hardware/software is needed (all computer The system provides bulk information and so is not
systems should be able to adopt this). selective.
It contributes to large-scale economies due to bulk Preparing batches results in duplication of effort.
processing.
System design is simple.
If necessary, part may be processed now and the
remainder later.
Which box from the diagram above can all of the following procedures belong to?
Calculating Classifying Comparing
Merging Sorting Summarising
A internal sources of data
B data processing
C information generation
D data collection
(The answer is at the end of the chapter)
Process/
Enter update Master
directly master file
file
On-line systems are practically the norm in modern business. Examples include the following:
(a) As a sale is made in a department store or a supermarket, the item barcode is scanned on the point
of sale terminal and the stock records are updated immediately.
(b) In banking and credit card systems whereby customer details are often maintained in a real-time
environment. There can be immediate access to customer balances, credit position etc and
authorisation for withdrawals (or use of a credit card).
(c) Travel agents, airlines and theatre ticket agencies all use real-time systems. Once a hotel room,
plane seat or theatre seat is booked up everybody on the system must know about it immediately so
that they do not sell the same holiday or seat to two (or more) different customers.
Advantages Disadvantages
The user enters transactions into a device that is The system is relatively high-cost (in terms of
directly connected to the computer system. The hardware and software required, installation, and
transactions are usually processed immediately. essential storage).
A higher level of customer satisfaction is achieved A high level of security is required (e.g. bank cash
(e.g. the real-time banking system). dispenser).
Information needed is obtained by adopting very To avoid loss should the system fail, duplicate
simple procedures. processors and files are needed.
Prompt and early information assists in improving System failure could cause great organisational
and maintaining the quality of management decisions. problems.
The characteristic differences between batch and real-time processing are outlined in the table below:
Information time Lag exists between time when the economic Processing takes place when the
frame event occurs and when it is recorded. economic event occurs.
Resources Generally, fewer resources (e.g. hardware, More resources are required
programming and training). than for batch processing.
Have longer systems
development time.
Operational Certain records are processed after the event to All records applying to the
efficiency avoid operational delays. event are processed
immediately.
Organisations can increase efficiency by grouping
large numbers of transactions into batches rather
than processing each event separately.
Control Batch processing provides control over the
transaction process via control figures.
CUSTOMER
Customer Customer Customer Customer
ID Address Type Address
ORDER
Customer Order Order Shipment
ID ID Date Method
ORDER
Order Line Product Quantity Price
ID #
Source of data Operational data; OLTPs are the original Consolidation data; OLAP data comes from
source of the data. the various OLTP Databases.
Purpose of data To help with planning, problem solving, and
To control and run fundamental business tasks.
decision support.
What the data Reveals a snapshot of ongoing business Multi-dimensional views of various kinds of
shows processes. business activities.
Inserts and Short and fast inserts and updates initiated by Periodic long-running batch jobs refresh the
updates end users. data.
Queries Relatively standardised and simple queries
Often complex queries involving aggregations.
returning relatively few records.
Processing Typically very fast. Depends on the amount of data involved; batch
speed data refreshes and complex queries may take
many hours; query speed can be improved by
creating indexes.
Space Can be relatively small if historical data is Larger due to the existence of aggregation
requirements archived. structures and history data; requires more
indexes than OLTP.
Backup and Backup religiously; operational data is critical Instead of regular backups, some environments
Recovery to run the business, data loss is likely to entail may consider simply reloading the OLTP data
significant monetary loss and legal liability. as a recovery method.
April
May
Sales Sales
Amount Cost Sales
Profit
Qty
Measures Margin
Each dimension represents a different category such as product type, region, sales channel, and time. Each
cell within the multidimensional structure contains aggregated data relating elements along each of the
dimensions. For example, a single cell may contain the total sales for a given product in a region for a
specific sales channel in a single month. Multidimensional databases are a compact and easy to understand
vehicle for visualising and manipulating data elements that have many inter relationships.
OLAP database servers support common analytical operations including: consolidation, drill-down, and
'slicing and dicing'.
(a) Consolidation – involves the aggregation of data such as simple roll-ups or complex expressions
involving inter-related data. For example, sales offices can be rolled-up to districts and districts
rolled-up to regions.
(b) Drill-Down – OLAP data servers can also go in the reverse direction and automatically display
detail data which comprises consolidated data. This is called drill-downs. Consolidation and drill-
down are an inherent property of OLAP servers.
(c) 'Slicing and Dicing' – refers to the ability to look at the database from different viewpoints. One
slice of the sales database might show all sales of product type within regions. Another slice might
show all sales by sales channel within each product type. Slicing and dicing is often performed along a
time axis in order to analyse trends and find patterns.
Definition
A data warehouse consists of a database, containing data from various operational systems, and
reporting and query tools.
Definition
Data mining is an analytic process designed to explore data (usually large amounts of data – typically
business or market related) in search of consistent patterns and/or systematic relationships between
variables, and then to validate the findings by applying the detected patterns to new subsets of data.
The ultimate goal of data mining is prediction – and predictive data mining is the most common type of data
mining and one that has the most direct business applications.
Data mining means extracting data from multiple data sources by means of interactive and analytical
software tools that allow the miner to specify search parameters and are capable of identifying trends and
relationships within and between data sets. It involves the application by the software of a number of
different analytical approaches:
• Identifying clusters of useful and significant data in the midst of a useless or irrelevant mass.
• Summarising data to show overall patterns that may be hidden if data is viewed at the detailed level.
• Creating and learning classification rules that can make sense of patterns in data.
• Finding possible dependencies between apparently unrelated data sets, using correlation and
regression tools.
• Detecting anomalies in patterns of data that may signify events or occurrences that are important to
the decision-maker.
Data mining packages not only provide the analytical tools required for data analysis, but also 'learn' from
the process of mining and become more powerful the more they are used. Decision-makers find that data
mining packages turn them into 'experts', without having to learn how the analytical tools actually work.
Infrequent errors may occur - but often Easier to maintain than real time.
tolerated
Not practical to shut down whole system
More computer operators are required in
real time processing - operations not
centralised.
Other differences can be divided into the following categories: the number of sub processes, the
information time frame, resources and operational efficiency.
5.1 Introduction
Definition
Ethics can be defined as the principles of right and wrong that can be referenced by individuals in making a
personal decision or judgment. Often these references are made from a combination of sources.
Information systems have the ability to instantaneously affect individuals, companies, cultures and countries.
This heightens the need to take ethical issues into account.
5.3.1 Privacy
Privacy is the claim of individuals to be left alone, free from surveillance or interference from other
individuals or organisations including the state. Claims to privacy are also involved at the workplace. Millions
of employees are subject to electronic and other forms of high tech surveillance. Information technology
and systems threaten individual claims to privacy by making the invasion of privacy cheap, profitable and
effective.
People want to be in full control of what and how much information about themselves is available to others.
Should companies that are not related to you be allowed to buy and sell information about you without
your permission?
Some countries have a set of principles governing the collection and use of information about individuals.
The five fair information practices principles are:
(1) Individuals have rights of access, inspection, review and amendment to systems that contain
information about them.
(2) There must be no use of personal information for purposes other than those for which it was
gathered without prior consent.
(3) There should be no personal record systems whose existence is secret.
(4) Governments have the right to intervene in the information relationships among private parties.
(5) Managers of systems are responsible and can be held accountable and liable for the damage done by
systems.
There is a wide variation in what people regard as 'private' information concerning themselves. These
variations exist between one individual and another, between different sections of society and different
countries. Therefore, the important concern must be what the data is going to be used for.
Despite growing concerns about privacy, some would argue that it is often in a person's best interests to
reveal rather than withhold private information. For example, credit could not be provided if borrowers
were unwilling to release the relevant personal information to allow their credit worthiness to be assessed,
and fair decisions concerning personal taxation could not be made if lawful personal data was not provided
by the appropriate people. It should be remembered that there are aspects of privacy that have no
immediate connection with the handling of personal data through information systems, for example
intrusion into the home, powers of entry and search, and embarrassing publicity in the media and, on the
other hand, there are aspects of data protection, such as accuracy, that have no connection with privacy.
Whatever the privacy debate, privacy protection is very important, and is likely to become more so as
developments mean that new classes of data and actions must be considered to effectively ensure the
privacy of individuals. Hussain and Hussain (1992) describe two currently important privacy issues:
(a) Fair use: the concept of data privacy that would only allow data to be used in support of the
organisation's specific business mission. This would require an organisation to seek an individual's
Quality of life
??? ???
Identify and briefly explain the two moral dimensions that are missing from the diagram above.
(The answer is at the end of the chapter)
• Accounting information systems (AIS) combine the study and practice of accounting with the design,
implementation, and monitoring of information systems.
• The role of an AIS is to facilitate the processing of the company's transactions as well as improving
the management decision-making process, its internal control and the quality of the financial
reporting.
• An AIS fulfils three important business functions: it can collect and store data about organisational
activities, resources, and personnel, transform data into information that is useful for making
decisions and provide adequate controls to safeguard the organisation's assets, including its data, to
ensure the assets and data are available when needed and the data are accurate and reliable.
• The main types of accounting systems are financial, tax, cost and management systems.
• Cost accounting is concerned with the costs of business activities – products, services, departments
and resources. It is part of managerial accounting. The role of a cost accounting system is to provide
information useful for managing the activities that consume resources.
• The advantages of an AIS include: typically entering data only once, many human errors are
eliminated and more timely information. The disadvantages include: use of inappropriate and/or
incompatible software and hardware; need for reliable back-up procedures; lack of computer system
skills; computer viruses and hackers and fraud and embezzlement.
• Transaction processing systems were among the first computerised systems developed to process
business data – a function originally called data processing. They represent the lowest and most basic
use of information within an organisation, and are an integral part of the operation of the
organisation.
• Three transaction cycles process most of the company's economic activity: the revenue cycle, the
expenditure cycle and the conversion cycle.
• A distinguishing feature of a database system is that, since there is a common set of shared files for
all applications, information to update the files is input just once (instead of several times, once for
each application system).
• The REA (resources, events and agents) model (McCarthy 1982) is an accounting framework for
modelling an organisation's critical resources, events and agents and the relationship between them.
• The REA model provides guidance for database design by identifying what entities should be included
and by prescribing how to structure relationships among those entities.
• Enterprise resource planning systems are modular software packages designed to integrate the key
processes in an organisation so that a single system can serve the information needs of all functional
areas.
• Technology is rapidly changing the nature of the work of most accountants and auditors. Special
software packages greatly reduce the tedious work associated with data management and records
keeping but accountants need to be involved in the various stages of accounting information system
adoption and use.
• Three activities in an information system produce the information that organisations need for making
decisions, controlling operations, analysing problems and creating new products or services. These
activities are input, processing and output. Data processing converts the raw input into a more
meaningful form.
• OLAP database servers support common analytical operations including: consolidation, drill-down,
and 'slicing and dicing'.
• Data mining means extracting data from multiple data sources by means of interactive and analytical
software tools that allow the miner to specify search parameters.
• The differences between the various types of data processing techniques include the number of sub
processes, the information time frame, resources and operational efficiency.
• A review of the literature on ethical and social issues surrounding systems identifies five moral
dimensions of the information age: information rights and privacy, property rights, accountability and
control, system quality and quality of life.
1 An information system can be defined technically as a set of interrelated components that collect (or
retrieve), process, store and distribute information to support
A decision making and control in an organisation.
B communications and data flow.
C managers analysing the organisation's raw data.
D the creation of new products and services.
2 Which of the following accurately depicts the components of an accounting information system?
A people, forms, and reports
B people, procedures, and information technology
C people, procedures, and paper
D procedures, paper, and information technology
E people, paper, and information technology
3 Financial statements are prepared
A only for publicly owned business organisations.
B for corporations, but not for sole proprietorships or partnerships.
C in either monetary or non-monetary terms, depending upon the need of the decision maker.
D primarily for the benefit of persons outside of the business organisation.
4 The basic purpose of an accounting system is to
A develop financial statements in conformity with generally accepted accounting principles.
B provide as much useful information to decision makers as possible, regardless of cost.
C record changes in the financial position of an organisation by applying the concepts of double-
entry accounting.
D meet an organisation's need for accounting information as efficiently as possible.
5 Information is cost effective when
A the information aids management in controlling costs.
B the information is based upon historical costs, rather than upon estimated market values.
C the value of the information exceeds the cost of producing it.
D the information is generated by a computer-based accounting system.
6 For a bank the master records would consist of some identification data, historical transactions and
the current balance for all the accounts. What would the transactions file consist of?
7 Which of the following would be an activity associated with the human resources/payroll cycle?
A updating payroll records
B prepare employee and management reports
C discharge employees
D evaluate employee performance
E all of the above
8 On-line analytical processing involves several basic analytical operations. Drill-down in OLAP
involves
A aggregation of data.
B analysing data in the reverse direction to display detailed data that comprises consolidated
data.
C looking at the databases from different viewpoints.
D push reporting.
1 Typical reports
Financial and management accounting
• Annual statutory accounts.
• Budgets and forecasts.
• Sales and contribution analyses.
• Cash-management and working capital evaluation.
• Capital project appraisal.
• Standard cost and variance analysis reports.
• Returns to government departments.
2 TPS reports
The most obvious reports produced are as follows:
Sales – Monthly totals and cumulative to date analysed by:
• Product.
• Salesperson.
• Geographical location.
Purchases – Unfilled orders.
Stocks – Stock levels and products out of stock.
Accounts: list (aged) of overdue debtors' accounts.
list of payments due to suppliers.
payroll summaries (e.g. by department).
Management will also require a lot of additional information that is not so directly related to the
accounting functions. For example, reports on:
• Overall profitability and profitability by business segment.
• Resource requirements (e.g. cash, manpower, capital investment).
• Productivity (e.g. output per hour).
• Variance from budget.
• Labour turnover statistics.
• Daily requirements of raw materials etc.
3 REA model
Correct answer is D they are all correct.
4 REA calculation
Correct answer is B cost of goods sold.
Total sales would be the Sum of the Invoice Amount attribute in the Ship Product table for all items
shipped on or before the year-end closing date.
Accounts receivable would be Total sales minus the sum of the Receive Cash table's Amount
attribute for all remittances received on or before the year-end closing date.
Inventory would be the Quantity on Hand attribute multiplied by the Unit Cost attribute in the
Inventory table.
5 Mystery box
The correct answer is B data processing. They are all forms of processing – actions that can be taken
on raw data to give them meaning.
6 Corporate values
Correct answer is B, C and D
7 Moral dimensions
Topic list
183
Introduction
In this chapter we shall consider the importance of data quality to an organisation's information system and
the various controls that are required to maintain it. In particular we shall look at technical and procedural
controls and consider how they complement each other.
It is important for any investment an organisation makes in system controls to be cost-effective. We shall
see that an appropriate mix of preventive, detective and corrective controls should be selected.
The chapter continues by considering various security and privacy issues facing organisations which are
related to information systems – in particular, those connected with personal websites and electronic
communications.
We conclude by looking at some security risks involved in face-to-face and non face-to-face (electronic)
transactions, as well as the controls necessary to minimise them.
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
1 What does Juran mean by data quality? (Section 1.1)
2 What is a procedural control? (Section 2)
3 What is a technical control? (Section 3)
4 Which type of control is the most cost-effective? (Section 4.2)
5 Which Act protects the privacy of individuals in Australia? (Section 5.1)
6 What are the two main security risks to organisations when acting as the vendor
in Internet transactions? (Section 6.5)
When considering the role and purpose of information systems two terms are often mentioned – data
and information. Before continuing any further it is important to understand the difference between them.
We defined data and information in Chapter 2, and repeat these definitions below.
Definitions
Data are the raw material for data processing. Data consists of numbers, letters and symbols and relates to
facts, events, and transactions.
Information is data that has been processed in such a way as to be meaningful to the person who receives
it.
A simple way to appreciate the difference between data and information is to think of data as an
unintelligible code which has no meaning. Information on the other hand has meaning to the user and
therefore some value to them or their organisation. It is the role of an information system to turn data into
information by processing it into a form a user understands.
DQ category DQ dimensions
Intrinsic Accuracy, Objectivity, Believability, Reputation
Accessibility Accessibility, Access security
Contextual Relevancy, Value-added, Timeliness, Completeness, Amount of data
Representational Interpretability, Ease of understanding, Concise representation, Consistent representation
These principles are adopted by many organisations and bodies that provide guidance and
information on data quality. Each body applies the principles that are most important to them and some add
principles of their own. A common additional principle many organisations use is coherence.
The Australian Board of Statistics (ABS) developed a data quality framework containing a number of key
data quality principles which should be used in quality assessments and reporting.
LO
7.2 2 Procedural controls
Section overview
• Procedural controls include input, processing and output controls.
Definition
Procedural controls manage the human aspects of system activity and are usually placed on the day-to-
day running of the system.
Procedural controls are concerned with managing the human element of systems and are therefore
usually placed on the day-to-day running of the system. They can be divided into three sub-categories,
input controls, processing controls, and output controls.
Case study
In 2005 a pensioner in Manchester, UK was sent a speeding ticket for driving his Toyota Land Cruiser at
800 miles per hour in a 30 miles per hour zone – faster than the speed of sound.
On appeal, Greater Manchester Police cancelled the ticket and a spokeswoman said that information on the
ticket was input manually and the mistake was down to human error.
LO
7.2 3 Technical controls
Section overview
• Technical controls address security issues such as authorisation, documentation, backup
and recovery.
Definition
Technical controls are IT solutions to security concerns and often relate to the storage of, and access to
data, as well as to amending or deleting data files.
Once data has been collected, further controls are needed to ensure it is stored properly and that it
cannot be tampered with.
Technical controls are put in place so that an organisation's management is able to exert some control
over the activities of its employees and they are often required for corporate governance purposes.
Technical controls can be classified into four main types: authorisation, documentation, backup and
recovery. The following table provides an explanation and examples of each type of control.
LO Procedural and technical controls, if designed appropriately, should complement each other in
7.3 protecting the system and the data and information held within it by covering all possible causes of data loss
or damage. However this protection comes at a cost.
There is a trade-off between having limited controls and a relatively high number of security breaches
and having sophisticated and costly controls and few security breaches. Somewhere between the two
there will be an optimum level of risk and cost for any particular organisation.
The cost of security breaches falls with increasing levels of control because the chance of such breaches
is reduced and if they do occur then the cost impact caused by the breaches is reduced.
The cost of controls is initially high as many costs are paid for upfront, such as the purchase of security
software, but they will fall over time. This continues until the point where the cost of purchasing new
controls and managing existing ones becomes more expensive than the impacts they are intended to
prevent. At this point the organisation has reached its optimum level and investment in further controls
should cease.
Definitions
Preventive controls are designed to stop errors or damage before they occur.
Detective controls are designed to bring the error to the user's (or someone else's) attention after the
error has occurred.
Corrective controls are designed to rectify errors which have been detected. They require their own
preventive and detective controls to ensure the correction process is not defective.
Each type of control has an associated cost and level of effectiveness. In general terms, preventive
controls are more cost-effective than those which detect or correct problems because they reduce or
eliminate the problems occurring in the first place. By definition, detective and corrective controls allow
errors or damage to occur.
This does not mean organisations should only invest in preventive controls. No control is 100 per cent
foolproof and even the best preventive control may still allow errors or damage to occur. Additionally, it
is not always cost-effective to put a preventive control in place for every possible problem, especially where
the risk of the problem occurring is small.
Therefore, to cover the organisation for a range of eventualities, it is important for all three types of
control to be put in place. Controls should be selected on the following basis:
(a) The risk of what they are designed to prevent actually occurring.
(b) Their cost-effectiveness.
As preventive controls can stop the majority of problems occurring, they should form the foundation
of the control mix. However, as we saw above, there will be gaps in this protection. To cover these gaps
the organisation should take a view on the chance of errors getting through the initial screening provided by
the preventive controls and make a decision on investing in detection and corrective controls accordingly.
LOs
7.4
7.5
5 Privacy and security issues
Section overview
• Privacy and security issues are of key importance to individuals and organisations. Threats to
them can be caused by the use of personal (social networking) websites and electronic
messaging services.
We have covered controls needed to protect specific data and information which are held within an
organisation's system, so we now turn to other wider privacy and security issues.
Exam comments
The syllabus and the exam focus on the security and privacy issues associated with the use of personal web
pages and electronic communication methods by employees.
5.1 Privacy
Definition
Privacy is the right of the individual to control the use of information about him or her, including
information on financial status, health and lifestyle.
5.2 Security
Definition
Security can be defined as 'The protection of data from accidental or deliberate threats which might cause
unauthorised modification, disclosure or destruction of data, and the protection of the information system
from the degradation or non availability of services'. (Lane: Security of computer based information systems)
Information systems with links to other systems such as the Internet are exposed to security risks.
Some of the main risks are explained below.
Risk Explanation
Viruses A virus is a small piece of software which performs unauthorised actions and which replicates
itself. Viruses may cause damage to files or attempt to destroy files and damage hard disks. When
transmitted over a network, such as the Internet, into a 'clean' system, the virus reproduces,
therefore infecting that system.
Types of virus include:
• E-mail viruses spread using e-mail messages and replicate by mailing themselves to addresses
held in the user's contacts book.
• Worms copy themselves from machine to machine on a network.
• Trojans or Trojan horses are hidden inside a 'valid' program but perform an unexpected act.
Trojans therefore act like a virus, but they aren't classified as a virus as they don't replicate
themselves.
• Trap doors are undocumented access points to a system allowing controls to be bypassed.
• Logic bombs are triggered by the occurrence of a certain event.
• Time bombs are triggered by a certain date.
Risk Explanation
Hackers and Hackers attempt to gain unauthorised access to information systems. They may attempt to
eavesdroppers damage a system or steal information. Hackers use tools like electronic number generators and
software which enables rapid password attempts.
Data that is transmitted across telecommunications links is exposed to the risk of being
intercepted or examined during transmission (eavesdropping).
Hoaxes An associated problem is that of hoax virus warnings. There are a vast number of common
hoaxes, most of which circulate via e-mail. Many are a variation of one of the most 'popular' early
hoaxes – the Good Times hoax. This hoax takes the form of a warning about viruses contained in
an e-mail. People pass along the warning because they are trying to be helpful, but they are in fact
wasting the time of all concerned.
Denial of A fairly new threat, relating to Internet websites is the 'denial of service attack'. This involves an
service attack organised campaign to bombard an Internet site with excessive volumes of traffic at a given time,
with the aim of overloading the site.
5.4.4 Legal risks related to blogs – disclosure and trade secrets issues
A blog, or weblog, is a website in which statements can be posted by one or several administrators and are
displayed in reverse chronological order. There are several types of blogs, including news blogs,
photography blogs, video blogs, and music blogs. Most often, however, blogs take the form of an online
diary, where a person might post anything from what she had for lunch that day to how her son is enjoying
college. Employee blogs have become a popular way for employees to share their everyday experiences at
work with co-workers, friends, and strangers. Since blogging is a relatively recent phenomenon, companies
Case studies
In the UK in 2009, a 16-year-old female was sacked as an administrator for making disrespectful comments
about her job on Facebook and inviting other members of staff to read them. Her employer stated that the
same result would have occurred if the employee had posted the comments on a staff noticeboard and that
her comments undermined their relationship and made her job untenable.
In July 2009, cricketer Philip Hughes stated on Twitter that he had been dropped from the latest Ashes
squad before the team was announced. This breached the Australian cricket team's right to privacy and may
have handed their opponents, England, an advantage in the forthcoming match.
Case studies
In March 2010, a military operation by the Israeli Defence Force had to be cancelled after one of the
soldiers due to take part posted the day and location that the attack was due to occur on Facebook.
Vodafone UK was forced to issue a public apology when an employee posted a homophobic tweet on the
company's twitter account which was sent to its 8 500 followers. The employee gained access to the
account through an unattended keyboard.
Case study
In 2010 thousands of fake emails were sent by scammers purporting to be from the UK's tax authority.
Recipients were told that they were due a tax refund and to provide the sender with their bank or credit
card details to facilitate the transfer. The tax authority issued a warning about these phishing attacks and
stated that it only informed customers about tax refunds by post.
LO
An important part of modern business is e-commerce, transactions made between buyers and sellers using
7.9 the Internet or other electronic methods. We saw in the previous section that security is a major concern
when using such methods so we shall now consider the controls which are necessary to minimise security
risks.
The risks of non face-to-face transactions are actually a greater problem for the vendor than the
customer. This is because unless they are 100 per cent happy that the transaction is safe and that they can
trust the vendor, it is unlikely that a customer will order from them.
Therefore, it is up to the vendor to gain the customer's trust, to do this vendor websites should:
(a) Be secure. The site should provide customers with an HTTPS: connection which provides security
against eavesdroppers or hackers gaining access to their personal information when it is sent over
the Internet.
(b) Protect payments. The availability of additional card protection features such as those offered by
MasterCard and Visa, while mainly protecting the vendor, show the customer that their security is
important too.
(c) Provide information. Trusted websites supply customers with full information about what to
expect during the purchasing process.
(d) Provide reassurance. Customers should be reassured that even though the website exists
intangibly on the Internet, the organisation behind it is solid and contactable. The availability of a
customer service telephone number to deal with queries is ideal as customers may not trust that
emails will be dealt with swiftly.
Purchasing using a mobile device
Many of the controls used when purchasing from a mobile phone or similar device benefit customers as
well as vendors. By ensuring customers are who they claim to be, they are protected from identity theft
and being charged for transactions they know nothing about.
Passwords are widely used, particularly if the customer has an account with the vendor. This is the normal
method if the product is a game, an application, or music which is downloaded to the device.
Authentication may also be based on the phone's unique SIM (Subscriber Identity Module) card, though this
does not apply to, say, a PDA (Personal Digital Assistant) communicating via WiFi.
If the device has a reasonable display, the purchaser may be presented with a few letters in strange format
which are easy for a person to recognise, but almost impossible for a computer. This is to block large scale
automatic attempts at impersonation and theft. This technique may also be used for non-mobile on-line
purchasing.
Vendors may also use sophisticated behavioural profile models to detect, say, unusually heavy purchasing
which may follow the theft of a mobile device.
• Data is used to create information and it is important to control and maintain it in order to obtain
the best possible information from a system. To this end organisations should apply data quality
principles and introduce technical and procedural controls over their systems.
• Procedural controls include input, processing and output controls.
• Technical controls address security issues such as authorisation, documentation, backup and
recovery.
• Controls can be classified as preventive, detective and corrective. Organisations should employ a mix
of them to be cost-effective.
• Privacy and security issues are of key importance to individuals and organisations. Threats to them
can be caused by the use of blogs, cookies, web beacons and personal (social networking) websites
and electronic messaging services. They are also at the heart of productivity and network security
issues.
• Business transactions often occur face-to-face, such as in a shop, but increasingly business is being
conducted electronically via the Internet or telephone. There are different security implications for
each type of transaction and therefore different security precautions that should be taken.
1 Which principle of data quality relates to whether the data can be used in conjunction with other
data or if it can be used over periods of time?
A relevance
B coherence
C accuracy
D interpretability
2 Which of the following is an example of a validation test?
A header tables to ensure correct identification of files
B range tests to ensure values within records are within an acceptable range
C trailer labels to ensure the entire document is read
D arithmetic tests to ensure totals within a record are correct
3 Which of the following are categories of technical controls?
I recovery
II documentation
III authorisation
A I and II only
B I and III only
C II and III only
D I, II and III
4 Which of the following describes the optimum point of investment in control systems?
A where the cost of investing in new systems is minimised
B where the benefit from control systems is maximised
C where the cost of controls is the same as the benefits new systems create
D where the risk of security breaches is eliminated
5 Which type of system security risk does not replicate itself?
A Trojan Horse
B worm
C Internet virus
D email virus
6 How can a vendor provide reassurance to customers that transactions on their website are secure?
I provide a customer service telephone number
II provide an 'HTTPS:' address
III join a card scheme such as 'MasterCard SecureCode' or 'Verified by Visa'
A I and II only
B I and III only
C II and III only
D I, II and III
1 B Coherence relates to whether the data can be used in conjunction with other data or if it
can be used over periods of time.
2 B Validation tests are designed to check that the data is processed correctly. The other
options are file checks which are designed to ensure the integrity of the file structure is
maintained.
4 C Controls can only reduce the risk of security breaches, they can never eliminate them. The
optimum level of investment is the most cost-effective – investments should be made until the
cost of systems are the same as the benefits new systems bring. Investments should not go
ahead if the costs outweigh the benefits.
5 A Trojan horses are hidden in legitimate looking software. They do not replicate themselves
and so are not classed as viruses.
6 D They are all practical steps a vendor can take to give customers confidence in the
security of transactions on its website.
1 A Input controls regulate the accuracy and completeness of data as it enters the system and
therefore has the greatest effect on data quality. Processing and output controls are
concerned with the conversion of data into information and are not usually related to the
quality of data itself.
Business processes
Learning objectives Reference
Information controls and processes LO7
Construct an overview diagram of business processes LO7.6
Produce an effective summary of business processes and systems LO7.7
Explain the interrelationships between business processes and accounting LO7.8
information systems
Identify and explain the steps involved in changing business processes LO7.10
Topic list
207
Introduction
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
1 Who should you speak to when gathering information about a business process? (Section 1)
2 What are the main symbols used in a process map flowchart? (Section 2)
3 What does the term 'business process re-engineering' mean? (Section 3)
4 Give one example of how an accounting information system may impact business (Section 4)
processes.
Section overview
• Business processes are easier to understand, and therefore easier to change, if they are accurately
documented.
• Processes are usually documented using a combination of a written summary that describes the
process and a diagram or process map that illustrates it.
Definition
A business process is a collection of co-ordinated activities or tasks performed to accomplish a specific
goal or output.
Gathering information
You should interview the people who do the work associated with the process. Identify the person or
people who really know the process, this usually means experienced employees. These people should walk
and talk you through their part of the process and answer any questions.
One approach to this would be to interview all of the people you have identified at a group meeting or
workshop. A risk associated with this approach is that when people are away from their place of work
they tend to focus on the value-added steps they perform but overlook other steps they perform. These
steps may best be documented by observing behaviour in the workplace. So, in some situations the
best approach is to physically follow the process yourself, interviewing and recording your findings as you
go.
What information should you record?
Identify and record the data and information used in business processes and what is done with it.
This is the substance of a process. Record how data is held, for example in documents, forms, reports,
email messages, digital files and so on and how these are moved and changed. Move through the process
from one workstation to the next, collecting copies of source documents and screen prints – anything that
will help subsequent production of a process map.
Make sure that employees understand what you are doing and why they are involved. Use observation
whenever possible – a realistic demonstration provides the best example.
LOs
7.6
7.7
2 Mapping business processes
Section overview
• Business processes are usually easier to understand if they are illustrated or mapped.
• There are a range of process mapping techniques including flowcharts and data flow diagrams.
Definition
A process map identifies and represents the steps and decisions involved in a process, in diagrammatic
form.
Flowcharting symbols
Start/End
Action or
process
A box can represent a single step (‘add two cups of flour’), or an entire sub-process
(‘make bread’) within a larger process.
Document
A prin ted document or report.This symbol is not always used – it depends upon the
level of detail required in the model.
Decision
This arrow indicates the sequence of steps and the direction of flow.
Step 1 Organise the sequence out by working down rather than across.
Step 2 Having thought through the main 'steps' of the process, flowchart them in the sequence
they are performed.
Step 3 Use rectangles for 'tasks' and diamonds for 'decisions'. Use connecting arrows between
boxes to represent the direction of the sequence.
Step 4 Concisely describe each task or decision in its own box. Boxes may be numbered and a
key provided where the activity is described in more detail.
Step 5 If the process includes decision points, this will normally imply some 'return-routing'
causing some boxes to have more than one input. 'Return routing' or 'loops' often
indicate an inefficiency or waste.
Step 6 Decisions usually (but not always) pose questions answerable by 'Yes' or 'No'. Structure
questions so that the preferred answer is 'Yes'.
Step 7 Conventions include drawing the 'Yes' route out of the bottom of the diamond (i.e.
normal flow downward through the chart) and the 'No' route as a line to the side of
the box.
START
Inform No
production OK?
manager
Yes
Check order
Send order
Fulfil order
to supplier
No
END
It may be useful to also use the D symbol to indicate any delays in the process, particularly at the
boundaries between agencies or sections.
Exam comments
Exam questions could present you with a process map or process map extract and test your understanding
of it.
3.3.1 Pace
The more gradual the change, the more time is available for questions to be asked, reassurances to be
given and retraining (where necessary) embarked upon. People can get used to the idea of new methods
and become acclimatised at each stage.
3.3.2 Manner
The manner in which a change is communicated is important. The need for change must made clear,
fears soothed, and if possible the individuals concerned positively motivated to embrace the change.
3.3.3 Scope
The scope or extent of the change is important. Total transformation will create greater insecurity, but
also provides the opportunity for greater excitement, than moderate innovation.
There may be hidden changes to take into account. For example, a change in technology may necessitate
changes in work methods and processes which may in turn result in the breaking up of work groups.
Definition
Business process re-engineering is the fundamental rethinking and radical redesign of business
processes to achieve dramatic improvements in critical contemporary measures of performance, such as
cost, quality, service and speed. Hammer and Champy (2004)
As the definition states, business process re-engineering involves fundamental changes in the way an
organisation operates. For example, processes which were developed in a paper-intensive processing
environment may not be suitable for an environment which is underpinned by IT.
Other key words from the definition are 'radical', 'dramatic' and 'process'.
(a) Fundamental and radical indicate that BPR assumes nothing: it starts by asking basic questions
such as 'why do we do what we do', without making any assumptions or looking back to what has
always been done in the past.
(b) Dramatic means that BPR should achieve 'quantum leaps in performance', not just marginal,
incremental improvements.
(c) A process is a collection of activities that takes one or more kinds of input and creates an output.
For example, order fulfilment is a process that takes an order as its input and results in the delivery
of the ordered goods.
3.5.1 Davenport and Short - five step approach to changing business processes
Davenport and Short (1990) prescribe a five-step approach to the redesign or changing of business
processes.
Step 1 Develop the business vision and process objectives. Process redesign is driven by a
business vision which implies specific business objectives such as cost reduction, time
reduction and output quality improvement.
Step 2 Identify the processes to be redesigned. Some firms use the 'high impact' approach,
which focuses on the most important processes or those that conflict most with the business
vision. Lesser number of firms use the 'Exhaustive' approach that attempts to identify all the
processes within an organisation and then prioritise them in order of redesign urgency.
Step 3 Understand and measure the existing processes. This step is necessary to ensure
previous mistakes are not repeated and to provide a baseline for future improvements.
Step 4 Identify Information Technology levers. An awareness of IT capabilities could prove
useful when designing processes.
Step 5 Design and build a prototype of the new process. The amended design should not be
viewed as the end of the redesign process – it should be viewed as a prototype with
successive alterations. The use of a prototype enables the people involved in the process to
test it and improve it.
Step 1 Answer the questions in the first column. These summarise the
Present method present process method, asking: what; how; when; where; and
who.
Step 2 Challenge each of your answers by asking "why?"
Challenge the current method
Step 3 Use column three to help you generate a range of improvement
Identify possible improvements options.
Step 4 Decide on the best option.
Best option
Case study
Example of BPR
A company employs 25 staff to perform the standard accounting task of matching goods received notes
with orders and then with invoices. A process review established that 50 per cent of employee time was
spent trying to match the 20 per cent of document sets that do not agree.
One way of improving the situation would be to computerise the existing process to facilitate matching.
This would help, but BPR would go further.
A BPR approach may question why any incorrect orders are accepted? To enable incorrect orders to be
identified before being accepted, all orders could first be entered in a computerised database. When goods
arrive, they either agree to goods that have been ordered (as recorded in the database) or they don't.
Goods that agree to an order are accepted and paid for. Goods that are not agreed are sent back to the
supplier. Time is not wasted trying to sort out unmatched documents.
Gains would include staff time saved, quicker payment for suppliers, lower stocks, and lower investment in
working capital.
Section overview
• Information technology and information systems, including accounting information systems, often
enable or facilitate the changing of business processes.
• One of the most direct ways in which an accounting information system impacts upon business
processes is the workflow management capability of Enterprise Resource Management (ERM)
systems.
(b) Expert systems may allow non-specialists to do work that previously required an expert.
(c) Telecommunications networks mean that businesses can simultaneously reap the rewards of
centralisation and decentralisation.
(d) Decision support tools allow decisions to be made by a larger number of staff.
(e) Wireless communication technology allows staff 'in the field' to send and receive information
wherever they are.
(f) Interactive websites allow personalised contact with many customers (or at least the appearance
of personalised contact).
(g) Automatic identification and tracking technology allows the whereabouts of objects or people to
be monitored.
(h) High performance computing allows instant revision of plans rather than periodic updates.
(i) Workflow management systems enable the system to drive business processes.
Definition
An Accounting Information System (AIS) is a collection of data and processing procedures that
records and creates accounting related information.
Based on our definition of an Accounting Information System, many parts of an organisation's information
infrastructure could be considered as part of their AIS. For example, the transaction processing elements
of a website with e-commerce capability 'records and creates accounting related information'.
Case study
Workflow systems / process re-engineering
Work design, whether it is related to work in the factory or at the desk, is a process of arriving at the most
efficient way of completing tasks and activities that minimises effort and reduces the possibility of mistakes.
It is involved in increasing productivity and efficiency whilst maintaining or improving quality standards.
A workflow system is a system that organises work and allocates it to particular workstations for the
attention of the person operating the workstation. Workflow systems operate in three main ways; the
casework basis, the flowline basis and the ad hoc basis.
The casework basis functions by knowing the individual caseload of staff and directs existing cases to the
appropriate caseworker and new cases or customers are allocated on the basis of equalising caseload.
The flowline approach allocates a small number of tasks to each operator and the case flows along the line
from screen to screen.
The ad hoc system works on the basis of equalising workload, regardless of who may have dealt with the
case previously. The choice depends on the particular circumstances of the business and the approach taken
to customer service.
The advantages and benefits of workflow systems come mainly from improvements in productivity and
efficiency and better or speedier services to customers.
A list of possible benefits would be:
• More efficient office procedures
• Providing workflow management
• Equalising of workloads
• Monitoring of operator performance
• Ensuring work gets done when it should get done
Possible disadvantages include employee specialisation in a small number of tasks before passing the work
on to the next person's screen, almost like a production line. This de-skilling can increase boredom and
lead to high staff turnover. It also reduces social contact.
Adapted from: 'Computer talk' – Workflow systems Trevor Bentley – Chartered Institute of Management
Accountants Articles database.
• Business processes are easier to understand, and therefore easier to change, if they are accurately
documented.
• Processes are usually documented using a combination of a written summary that describes the
process and a diagram or process map that illustrates it.
• Business processes are usually easier to understand if they are illustrated or mapped.
• There are a range of process mapping techniques including flowcharts and data flow diagrams.
• Change, in a business context, should ideally be planned - although this isn't always possible as the
business environment is volatile.
• To change or re-engineer a business process requires an understanding of the current process and
the desired process.
1 The first step when documenting business processes is to ask 'Why are things done this way?'.
Is the statement above true or false?
A true
B false
3 List the three important factors we identified as important for managers to consider when
introducing change.
1 The statement is False. The fist step is to gather information that will enable the production of a
process map that accurately reflects the current process. ‘Why?’ is a question for later.
3 Three important factors for managers to consider when introducing change are pace, manner and
scope.
1 Some of the main reasons why business process re-engineering (BPR) can be important within the
organisation described are explained below.
Potential for cost savings
Often, the changed process will result in cost savings, such as those often experienced when
transaction processing is automated. It is likely that this organisation has experienced such savings
from the automation of transaction processing and administrative functions.
Keep up with competitors
If competitors improve their processes they are likely to be in a stronger position, which may
threaten the very existence of a competing organisation. For example, a competitor could innovate
leading to reduced costs, and may then be in a position to undercut prices. Improving processes in
line with competitors may be necessary simply to survive.
Competitive advantage
Competitors may not be in a position to copy the innovated processes (e.g. they may not have the
funds required to invest in IT). For example, the organisation may invest funds developing a website
that allows it to sell books direct to consumers. If the organisation's competitors lack the will or
funds to provide a similar service, this will provide a competitive advantage.
Driven by technology
Some BPR might become necessary when technological change means existing processes have
become archaic. For example, it is likely that 30 years ago the organisation operated a manual paper-
based transaction processing system.
Better decision making
Better quality internal systems and processes should result in the capture and availability of better
quality information. This should lead to better quality decision making. For example, a database of
historical sales information may allow better sales forecasting, allowing more effective production
planning.
Topic list
227
Introduction
Accounting scandals in several countries have prompted governments to enforce accounting standards, and
to try to ensure that companies disclose enough information so that their true financial position cannot be
concealed. The Sarbanes-Oxley Act (2002) in the United States and the Corporations Act 2001 in
Australia provide the framework to do this.
While some countries, notably the United States, rely on their own accounting standards, many are
adopting the International Financial Reporting Standards (IFRS) set by the International
Accounting Standards Board (IASB), though with some local variation.
In addition new methods of reporting financial data, suitable for distribution on the Internet, are making it
possible for investors and scrutineers to examine the workings of companies in great detail. At the
forefront of these methods is XBRL, a language for reporting financial data in such a way that the values
can be picked up by other programs. International standardisation of much of XBRL allows such programs
to access the data in the same way for all companies, and compare the data for different companies. XBRL
can also be extended to meet the local needs of countries and companies. Many governments have, or are
about to, insist that companies supply their financial returns in XBRL format.
If you have studied these topics before, you may wonder whether you need to study this chapter in full. If
this is the case, please attempt the questions below, which cover some of the key subjects in the area.
If you answer all these questions successfully, you probably have a reasonably detailed knowledge of the
subject matter, but you should still skim through the chapter to ensure that you are familiar with everything
covered.
There are references in brackets indicating where in the chapter you can find the information, and you will
also find a commentary at the back of the Study Manual.
1 List six of the stakeholders that would normally have an interest in the well (Section 2)
being of an organisation.
2 Describe two ways in which companies can reduce the risk of fraud. (Section 3.1)
3 When can accounting data be said to be reliable? (Section 3.1)
4 What is the meaning of Substance over Form? (Section 3.1)
5 What are the benefits of transparency to a company? (Section 3.2)
6 The XBRL data file containing the actual accounting data is called: (Section 5.1)
A an instance
B a validation file
C a taxonomy
D a mapping file
7 What are the two organisations that set and enforce Australian accounting (Section 7.1)
standards?
8 What are the two Acts that ended most restrictive practices in Australia, (Sections 7.2 and 8.2.1)
and enforced the use of accounting standards?
is better than:
Beer drinkers
65%
Others
2%
Wine drinkers
33%
200
100
0
20X1 20X2 20X3 Year
Definition
Stakeholders are individuals or groups of people whose interests are affected by the activities of the
business.
LO The distinction between 'internal' and 'external' stakeholders is not distinct. Shareholders as owners of
8.2 the company could certainly be internal, but as members of the public who may have invested in several
companies they are external. Banks are external if the company has borrowed from them, but internal if
they happen to be shareholders. Unions are internal since they are groups of employees, but external in
that they may be nationwide organisations with members in many companies. The deciding factor used in
the list below is that internal stakeholders are or have a close link with the employees or owners.
Directors
Employees
Managers Customers
Shop floor
Suppliers Direct customers
End users
Manufacturers Retailers
Distributers ORGANISATION
Contractors Debt
holders
Unpredictable Low
Few Minimal Keep
but power
problems effort informed
manageable
This indicates where the effort should be put for the most effect.
• Employees are powerful in most cases. Exceptions would be if the workforce was unskilled, not
unionised, and easily replaced; or if there was a large proportion of contract workers. Just employee
morale can have the power to determine success or failure. Interest is high.
When attempting to influence any of the stakeholder groups, the most powerful individuals or sub-
groups must be identified. For individual employees, the position in the management hierarchy is
usually sufficient, though skilled workers who are difficult to replace will have more power than their
Oppose Support
High
Antagonists Allies
power
Question 1: Stakeholders
Three companies intend to bring down costs by reducing wages and making employees work more flexible
shifts:
(1) A local public library
(2) A contract cleaning company
(3) An accountancy training company
How much power will the employees have in each case, and what effect might this have on the strategy
adopted by the companies?
(The answer is at the end of the chapter)
LO Reliable data is at the heart of an accounting information system. If the data is not reliable, nothing else is of
8.3 any consequence. Reliable data is truthful, accurate, complete, and capable of being verified.
Transparency is the ethical basis. It is not sufficient that data is reliable, it must be seen to be reliable.
Transparency works at two levels:
• Data about the company, its capitalisation, its profitability, its liabilities must be accessible to
interested parties and in a form suitable for assessment and comparison.
• The reliability of that data must be demonstrated by available supporting data and by proof of
independent auditing.
3.1 Reliability
Reliable accounting data is produced by systems and companies that adhere to the guidelines known as
Accounting Standards or Generally Accepted Accounting Principles (GAAP). The United States
relies on its own GAAP, but elsewhere the normally accepted standards are based on the International
Financial Reporting Standards (IFRS) set by the International Accounting Standards Board
(IASB). In Australia the Australian Accounting Standards Board (AASB) has issued 'Australian
equivalents to IFRS', which are the IFRS standards along with some 'domestic' standards and interpretations,
but these generally just slightly strengthen the IASB rules with regard to disclosures.
The IFRS and US GAAP rules are broadly similar. IFRS rules require financial statements to show:
(a) Understandability: users are assumed to have a reasonable knowledge of business and accounting,
and information about complex matters should not be excluded on the grounds it is too difficult for
them to understand.
(b) Prudence: uncertainties that affect the reliability of information should be disclosed, and a degree of
caution exercised when making judgments.
(c) Reliability: information should be accurate and free from bias; prudence and disclosure should be
exercised when assigning a usable value to any 'soft' accounting data.
3.2 Transparency
Openness and acceptance of responsibility for bad decisions or performance as well as good, is the basis of
business integrity.
Definition
Transparency is the open and clear disclosure of relevant information to shareholders and other
stakeholders, and not concealing information that may affect decisions.
Transparency in the financial statements goes beyond the figures and notes to include voluntary disclosures,
above the minimum required by law, of liabilities, problems, and forecasts. At the basic level it is the duty of
managers, who (presumably) know what is going on, to transmit that knowledge to the owners. In the
wider context, a company with a reputation for openness will gain more trust among shareholders and
potential investors.
There are situations in which transparency is not appropriate:
• Decisions on future strategy, knowledge of which could benefit competitors.
• Discussions leading to decisions which are to be made public.
• 'Trade secrets' which do not affect decisions made by stakeholders.
• Confidential data concerning individuals.
Transparency also requires that the data be accessible to whoever has an interest in it. This is now normally
achieved by publication on the Internet. A new set of standards and formats (mainly XBRL, described later)
will make it possible for all companies to be inspected, and in the same way.
5 XBRL
Section overview
• The eXtensible Business Reporting Language (XBRL) is a method of recording business data
in a file where each of the data items is stored with a tag which can be used to retrieve that data.
Definition
eXtensible Business Reporting Language (XBRL) is an open standard for the electronic
communication of business and financial data that supports information modelling and the expression of
semantic meaning. The language has been built and promoted by XBRL International, a worldwide
consortium of approximately 550 companies and agencies.
XBRL is based on another language called XML (eXtensible Markup Language) which also has tags, and
is widely used. In both languages the data and its tag are written as:
<price>1200</price>
This construction is called an element in XML, and either an element or a concept in XBRL.
Tags can include attributes which describe more about the data:
<price currency="AUSD">1200</price>
Attributes can also be used to link to other elements and to define relationships and actions, and even to
indicate how the data should be displayed.
If for some reason there is no data, the element may be contracted to
<nodatawiththis />
but it can still contain attributes.
Definitions
An attribute is an XML element property used to describe name-value pairs.
A taxonomy is an electronic dictionary of business reporting elements used to report business data.
XML is the basis for several other languages, including the Hypertext Markup Language (HTML) used
for web pages. This system of angle brackets and tags and attributes is so widely used that there is a great
deal of software already written and readily available which will extract the data for a given tag, or create a
table from a series of tags, or deal with attributes, or do a great many other things.
The rules about what tags and attributes can be or must be used are called the taxonomy.
Each set of XBRL data, say a company's tax returns for a particular year, is called an instance or an
instance document (the word document in this case means file).
Definitions
An instance is an XBRL business report containing tagged business facts together with the context in
which they appear and any further attributes needed to describe them.
An element in XBRL is a business reporting concept defined in a taxonomy and quantified in an XBRL
instance document.
Validation is the process of checking that an instance document meets the syntactical and semantic rules
provided in its associated taxonomy. Validation also confirms that XBRL reports and taxonomies conform
to the XBRL specification.
An extension taxonomy is one that is created on top of a public taxonomy to further define necessary
reporting concepts that have not been previously defined.
Software based on the taxonomy will write the actual elements, and get the data from existing accounting
files if possible, though initially at least some of the data may have to be entered manually. Validation
software will check that the rules have been followed. The taxonomies themselves are written in the XML
language.
Because XBRL is extensible, countries and the larger companies each have additional extension
taxonomies to allow for their particular requirements. But many national and international groups have
been working for several years to make the public XBRL taxonomy encompass as much as possible, and
ensure that the basic elements of turnover, expenditure, capitalisation and so on are present and the same
for all companies.
If the mapping for an item cannot be done because there is no suitable tag in the taxonomy, then a
new tag must be created in the company's extension taxonomy.
Mapping is often difficult, and some items in a company's accounting system may be associated with
different tags depending on the circumstances. When creating the XBRL instance, manual
intervention may be needed to select the correct tag, until such time as software is written to do the
selection automatically.
On the other hand, for some accounting systems there are already programs to do the mapping and
the whole production of the XBRL instances is easy.
Create an extension taxonomy covering any remaining data that should be available for the final
reports. This includes specifying how the data may be displayed.
Tagging to create
the instance file
consists of getting
this data and this tag
and transferring them
to the file
Tag and amount
transferred to the
XBRL instance file
...
<CostGoodsSoldOverhead>123456
</CostGoodsSoldOverhead>
Tagging is the production of the final XBRL instance file. Apart from this, the term tagging is not well
defined. It may refer just to the manual entry of those items which fail to be done automatically. Sometimes
it is used to include the mapping, particularly if software exists to use the mapping directly to generate the
XBRL instance.
Existing company
accounting system
STATEMENT OF COSTS
... First, create a report using the existing system
Cost of goods sold …123 456
Tagging
...
<CostGoodsSoldOverhead>123456
</CostGoodsSoldOverhead>
- if there is no
match, the item will
Print go into the There are standard
company's programs to assist in
extension this, using the list of
STATEMENT OF COSTS matching items from
... taxonomy
the mapping
Cost of goods sold …123 456
(b) The XBRL files are generated by running the appropriate software and keying in data where
necessary. For manual data entry, the data has to be matched with the correct tag. The attributes
may have to be adjusted, or the data entered in a format dictated by preset attributes.
Tagging is assisted by standard programs which use the list of matching items from the mapping, and
the taxonomies (including the company's extension taxonomy).
As software is written to transfer the data directly from the company's accounting system to the
XBRL instance, the manual tagging operations become redundant.
(c) The XBRL instance files are checked using validation programs.
Question 3: Taxonomies
Who defines the various parts of a typical XBRL taxonomy?
(The answer is at the end of the chapter)
Wrong label
Display
Wrong position
Missing data
The more frequent errors are shown with the greater number of stars.
Question 4: Notes
Why are notes a difficulty for XBRL?
(The answer is at the end of the chapter)
The role of a corporate regulator is to enforce and regulate laws governing company and financial services,
in order to protect consumers, investors and creditors.
What a particular regulator is able to do varies greatly from country to country, depending on the powers
that have been granted, usually by an Act of Parliament.
Corporate regulators may also be expected to give advance warnings of economic problems for companies
or countries, which often arise because good accounting and reporting practices are not being followed.
7.3.1 China
Chinese accounting standards originated in a socialist period in which the state was the sole owner of
industry. Therefore they are less a tool of profit and loss, but an inventory of assets available to a company.
However, in recent years, the Finance Department of the Chinese Government has issued new accounting
standards which are some 90% compliant with the IFRS.
The China Securities Regulatory Commission (CSRC):
• sets regulations governing the markets;
• regulates listed companies, auditors, securities and investment funds;
• oversees stock and bond issues;
• issues penalties.
7.3.2 India
Accounting practice in India largely follows that in the United Kingdom. No regulatory body is specifically
responsible for the establishment of accounting principles, though in several accounting areas, mandatory
requirements for accounting practices are included in the Companies Act.
All listed companies should be IFRS compliant by 2014.
Pressure for visibility and standardisation increased greatly when, in 2009, the chairman and founder of
Satyam Computer Services Limited, a company with over 40,000 employees, admitted that the company’s
accounts had been greatly falsified to keep the share price high. This has been compared to the Enron
scandal in the US (see below).
7.3.3 Japan
The Accounting Standards Board of Japan has agreed to resolve all inconsistencies between the
current JP-GAAP standards and IFRS by 2011. All companies should be IFRS compliant by 2016.
7.3.4 Malaysia
Accounting standards are issued by the Malaysian Accounting Standards Board (MASB), which is
overseen by the Financial Reporting Foundation. MASB expects Malaysia to be in full convergence with
IFRS by 2012.
The Securities Commission of Malaysia is a combined regulator with the role of protecting the
investor, and encouraging and promoting the development of the securities and futures markets.
The Audit Oversight Board (AOB) assists the SC in overseeing the auditors of public interest entities.
It also protects the interests of investors by promoting confidence in the quality and reliability of audited
financial statements.
7.3.5 Singapore
Singapore’s accounting standards are closely aligned with the IFRS.
The Monetary Authority of Singapore (MAS) is the central bank and the financial regulatory authority
for Singapore.
8.1.1 Bubbles
The rapid expansion of trade during the 17th and 18th centuries meant that companies, incorporated or not,
often had or required large amounts of capital, and they grew larger and had many passive investors. Usually
shares in unincorporated companies were freely transferable, and the market in these shares was often
volatile. There was much fraudulent trading based on vague promises and inflated estimates. Prices might
rise dramatically (‘bubbles’) and fall even faster.
• Following the Trial Balance, management reports summarise, check budgets, and further analyse the
accounting data.
• Stakeholders are individuals or groups of people whose interests are affected by the activities of
the business.
• Stakeholders include employees, suppliers, customers, the government, shareholders, debt
holders, and various pressure groups.
• Reliable accounting data results from the application of accounting standards.
• The International Financial Reporting Standards (IFRS) are issued by the International
Accounting Standards Board (IASB).
• The Australian Accounting Standards Board (AASB) defines the accounting standards for
Australia. These are the IFRS with some extensions.
• Transparency is the open and clear disclosure of relevant information. It is a prime objective of the
accounting standards.
• Hard data has definite values. Soft data results from value judgments.
• Extensible Business Reporting Language (XBRL) is a method that can make accounting data
accessible to a wide range of interested parties.
• International standards for XBRL are set by XBRL International, a consortium of several hundred
companies and agencies.
• Each country and the larger companies extend XBRL to suit their own needs.
• XBRL is based on XML (eXtensible Markup Language).
• XBRL tags each data item so it can be retrieved by software.
• Each tag can have a number of attributes.
• Mapping is the process of matching items in the company's existing accounting system with the
corresponding items in the XBRL GL taxonomy plus the national extension. The list of matching
items is then used in the tagging operation, and to write software to produce the XBRL instance
automatically.
• Tagging is taking accounting data from the existing accounting system and matching each item with
the corresponding tag in the taxonomy before tag and item are put into the XBRL instance.
• XBRL trials were held in several countries. The trials consisted of companies making voluntary XBRL
returns in addition to the returns normally required by the government.
• The Australian Securities and Investments Commission (ASIC) enforces the accounting
standards set by the AASB.
• The Trade Practices Act 1974 put an end to many restrictive practices in Australia.
• The Corporations Act 2001 enforced accounting standards in Australia.
• The Sarbanes-Oxley Act 2002 enforced stricter reporting standards in the USA, following several
accounting scandals.
1 Employees are stakeholders in an organisation. What other stakeholders are associated with the
employees?
2 What is a taxonomy, and what is the XBRL taxonomy?
3 Who sets the accounting standards?
4 Who sets the XBRL standards?
5 In the XBRL trials, the most frequent error was the omission or misplacement of values on the final
display. What reduces the importance of this problem?
6 In order of preference, data being reported to management within a company should, if possible, be
displayed as
A bar or pie chart, table, graph
B graph, bar or pie chart, table
C bar or pie chart, graph, table
D table, bar or pie chart, graph
7 What is the difference between mapping and tagging?
8 What does the GL in XBRL-GL stand for?
A General Legends
B Global Ledger
C Generic Ledger
D General Ledger
1 The employees’ families depend on the salaries paid by the organisation, and are therefore
stakeholders.
Previous employees who are receiving or expect to receive a pension from the company’s pension
fund.
Trade unions, employee associations, professional bodies.
2 A taxonomy is an electronic dictionary of business reporting elements used to report business
data.
The XBRL taxonomy is the rules about what tags and attributes can be or must be used in an XBRL
instance.
3 Some countries, such as the United States, set their own standards based on their Generally
Accepted Accounting Principles (GAAP). Most countries follow the International Financial
Reporting Standards (IFRS) set by the International Accounting Standards Board (IASB),
and amend or extend the rules slightly. In Australia the Australian Accounting Standards Board
(AASB) defines the enforced standard, based on the IFRS.
4 XBRL International, a consortium of several hundred companies and agencies, defines and
promotes the common international XBRL tags and rules. Each country adds its own extensions, as
do the larger companies.
5 The definition of how data is displayed does not affect how the data itself is accessed by software
packages. The data may not display correctly, but still be correct and correctly tagged, and could be
picked up by whatever software is used. That software may not display the item at all, or may do its
own display without requiring the default display rules in the taxonomy.
Testing the default display parts of the taxonomy is time consuming and often given low priority.
6 C – bar or pie chart, graph, table
7 Mapping is the process of matching items in the company’s existing accounting system with the
corresponding items in the XBRL GL taxonomy plus the national extension.
Mapping is done once only.
Tagging is taking accounting data from the existing accounting system and allocating each item with
the corresponding tag in the taxonomy before tag and item are put into the XBRL instance.
Tagging is repeated each time an XBRL instance is created.
8 Global Ledger. The XBRL-GL taxonomy allows access to the detailed data. Summary data, as in
financial statements, is in the taxonomy XBRL-FR (FR for Financial Report).
259
260 IT and Business Processes
Chapter 1
1 Which of the following are reasons an organisation would collect and store data and information?
I to help decision-making
II for planning purposes
III to record transactions
IV to measure performance
A I and III only
B II and IV only
C I, III and IV only
D I, II, III and IV
2 Which one of the following correctly represents the elements of the PEST framework?
A Policy, Economic, Social, Technological
B Political/legal, Economic, Social, Taxation
C Parliament, Economic, Social, Technological
D Political/legal, Economic, Social, Technological
3 Which one of the following could be used as a key field in an employee database of approximately
five thousand employees?
A surname
B department
C date of birth
D employee number
4 What name is given to the software that extracts or selects items from within a database?
A record pointer
B query language
C data administrator
D data activity monitor
5 Which one of the following is not a database storage model?
A SQL
B network
C relational
D hierarchical
6 In an Entity Life History diagram, what symbol is placed in the top right corner of a box to indicate
alternatives (selection)?
D cross
A circle
C triangle
B asterisk
7 Which of the following should be planned for when implementing a new database?
I training requirements
II hardware needs
III database security
IV DBMS selection
A I and III only
B II and IV only
C I, III and IV only
D I, II, III, and IV
2 Which one of the following represents a likely potential barrier to the successful implementation of
an internal knowledge management initiative?
A privacy issues
B competitor activity
C the need for confidentiality
D staff reluctance to provide knowledge
1 In which stage of the systems development life cycle (SDLC) would new software be written?
A system design
B system analysis
C system investigation
D system implementation
2 A potential system's feasibility would be judged against which of the following criteria?
I technical feasibility
II economic feasibility
III social feasibility
A I and II only
B I and III only
C II and III only
D I, II and III
3 Which method of system investigation is best suited to a situation where a limited amount of specific
information is required from a large number of individuals?
A interviews
B observation
C questionnaires
D user workshops
4 Entity relationship models contain which of the following elements?
I entities
II attributes
III processes
A I and II only
B I and III only
C II and III only
D I, II and III
5 New systems should be designed to meet an agreed requirements specification. Which parties are
involved in determining such a specification?
I users
II developers
III management
A I and II only
B I and III only
C II and III only
D I, II and III
6 Which type of system testing tests one function or part of a program to ensure that it operates as
intended?
A unit testing
B logic testing
C program testing
D user acceptance testing
Labour
Materials Customers
Cash
A B C
Subsystems: Subsystems: Subsystems:
Purchasing/Accounts payable Production planning and Sales order
Payroll control processing
Fixed assets Cost accounting Cash receipts
Finished goods
Cash
A .....................
B .....................
C .....................
1 Which of the following are principles of data quality as identified by Wang and Strong?
I timeliness
II believability
III availability
A I and II only
B I and III only
C II and III only
D I, II and III
2 Which of the following are procedural controls?
I numbering documents
II backup
III file size checks
A I and II only
B I and III only
C II and III only
D I, II and III
3 Which of the following are technical controls?
I limiting data access to secure locations
II allocating passwords and system privileges to certain employees
III requiring amendments to data to be documented
A I and II only
B I and III only
C II and III only
D I, II and III
4 Anti-virus software installed onto an infected computer is an example of which type of control?
A preventive
B procedural
C detective
D corrective
5 Which method of system security disables part of the system's telecoms technology to prevent
unauthorised intrusions?
A firewalls
B encryption
C authentication
D anti-virus software
6 Which of the following is the main risk for customers in face-to-face transactions?
A receiving defective goods
B failure to receive their goods
C cloning of their debit or credit card
D personal details such as name and address being stolen
1 Which one of the following techniques is likely to produce the most reliable record of how a
business process is performed?
A a group meeting
B an individual interview
C workplace observation of staff
D a group workshop with role play
3 Which of the following are steps recommended by Tucker when changing business processes?
I summarise the present method.
II challenge the current method.
III identify possible improvements.
IV decide on the best option.
A I and IV only
B II and III only
C I, III and IV only
D I, II, III and IV
4 Which one of the following is not one of the three main ways in which workflow systems operate?
A ad hoc
B flowline
C relational
D casework
273
274 IT and Business Processes
Chapter 1
1 C Data management is not considered part of the IT platform, although it is part of the IT
infrastructure.
2 C Software is the name given to the program or sets of programs that instruct and manage
computers.
3 D A legacy system is an old system that continues to be used due to the high cost or
inconvenience involved replacing it.
5 D Data theft, fraud, radiation and tapping are all risks associated with transmitting data
over network communications lines.
1 D All four are reasons why an organisation may collect or store data and information.
3 D A unique employee number would be allocated to each employee and used as the key
field. The other options could all have duplicate values, for example if two employees were
born on the same day.
6 B In an Entity Life History, if events are alternatives (selection) a small circle is placed in the
top right hand corner.
7 D Training requirements, hardware needs, database security and DBMS selection should all be
considered when implementing a new database (as should many other factors as covered in
section 7 of Chapter 2).
8 D Accounting Information Systems (AIS) often utilise database technology and are sometimes
used to support the production of management, marketing and other types of information.
9 A Profiling involves the use of a database to identify individuals who share certain
characteristics.
1 A ERP systems eliminate the need for separate systems and separate data silos. They also aim to
eliminate data duplication (data redundancy) through using a central database that holds data
that is utilised by all system modules.
2 D Staff reluctance is the most likely potential barrier. The motivation to share hard-won
experience is sometimes low as the individual feels they are 'giving away' their value.
4 D A digital dashboard is unlikely to include the relatively lengthy text required for detailed
financial commentary.
5 B Data mining software is used to search and analyse large pools of data with the aims of
predicting trends and behaviours and looking for hidden, previously unknown patterns and
relationships.
1 D Software can only be written once the system has been designed and so this would occur in
the implementation phase.
3 C Questionnaires are best suited to situations where a limited amount of specific information
is required from a large number of individuals as they are quick and relatively cheap to
conduct.
6 A Unit testing tests one function or part of a program to ensure that it operates as intended.
7 B System reviews should ideally be performed between one month and one year after
system implementation. Option A is too early and options C and D are too late.
6 C As customers collect goods from the shop there is little or no risk of receiving defective
goods or of receiving no goods at all. Most transactions do not require customers to share
their personal details. The main risk is of card cloning.
1 C Observing how staff perform the process in the workplace is likely to produce the most
accurate record of the process. Even this is not completely reliable though, as the fact that
staff are being observed may influence their behaviour.
4 C Workflow systems operate in three main ways; the casework basis, the flowline basis and
the ad hoc basis.
1 C
2 D Mapping is associating tags from the taxonomy with existing data fields.
Tagging is associating data values with tags and putting both in the XBRL instance.
3 D
4 B The Trade Practices Act 1974.
The Corporations Act 2001 established accounting standards (and a great many other things);
The Australian Industries Preservation Act 1906 was largely ineffective;
The Australian Securities Commission Act 1989 set up the ASC, which became the ASIC.
5 D ASIC, The Australian Securities & Investments Commission
The Australian Prudential Regulation Authority (APRA) regulates the financial sector;
The Australian Accounting Standards Board (AASB) defines the standards, but does not
enforce them;
The Australian Competition and Consumer Commission (ACCC) promotes competition and
fair trade.
6 B
7 B It is in fact a requirement of AASB rules that directors' remuneration and loans are disclosed.
It is also possible that the production manager's salary must be disclosed, since, in addition to
the directors, disclosure applies to the five executives with the greatest authority for strategic
direction and management.
8 C The International Accounting Standards Board (IASB).
International Financial Reporting Standards (IFRS) are the international standards themselves.
The Australian Accounting Standards Board (AASB) sets the Australian standards (based on
the IFRS).
The Australian Securities & Investments Commission (ASIC) enforce the Australian standards.
283
284 IT and Business Processes
Chapter 1
2 IT components are sometimes referred to as the IT platform. This includes hardware, software,
networking and communications components.
3 The correct answer is B. Work stations are powerful computers, usually for technical or scientific
applications, such as complex graphics or complex calculations.
4 A DSS is a Decision Support System. Decision Support Systems combine data and analytical
models or data analysis tools to support semi-structured and unstructured decision making.
6 Two from bus, ring, star or tree. Refer to Section 4.1 to check your diagrams.
7 In a client-server network, server computers hold and provide resources to client computers. In a
peer-to-peer network, each computer has equivalent capabilities and responsibilities – devices
communicate direct with each other.
8 A table held in memory that contains a list of all the networks that a router is connected to.
9 Generally, centralised networks are easier to control as data is held in a single location and
communication channels are more easily monitored and controlled. Although distributed networks
are more difficult to control, they offer greater flexibility.
1 Some of the main reasons organisations collect and store data are to:
• Record transactions
• Facilitate planning
• Identify that control action is needed
• Measure performance
• Facilitate informed decision making
3 A database record contains the data fields relating to one entity, for example one employee in a
payroll file.
4 The term 'database system' is used to describe a wide range of systems that utilise a central pool
of data.
6 An Entity Relationship Model (ERM) shows what data a system requires (the logical data
requirements) independently of the system's organisation and processes. The ERM provides a static
view of data requirements.
Step 1 Define the scope of the project and the proposed database
Step 5 Training
8 An AIS collects, records, stores, and manipulates financial data, and then converts this data into
meaningful information for financial reporting and management decision making. Accounting
Information Systems utilise databases in a number of ways. For example, the accounts receivable
ledger stores customer data, the accounts payable ledger stores information about suppliers, and
payroll holds information about employees.
9 Encryption helps maintain confidentiality by encoding data in such a way that only authorised users,
who have the correct 'key', can read the data. Encryption therefore renders data unreadable to
unauthorised users.
10 Electronic databases enable organisations to capture and store vast amounts of data about individuals
and other organisations. They often contain sensitive data, for example credit card numbers or
medical records. Risks include unauthorised data linking and sharing and the existence and
propagation of errors.
2 Productivity software refers to general office application software such as Microsoft Office –
including word processing (Word), spreadsheet (Excel), scheduling (Outlook), presentation
(PowerPoint) and other types of software used by individuals to improve their productivity.
3 An intranet is an internal network used to share information. Intranets utilise Internet technology
and protocols. The firewall surrounding an intranet fends off unauthorised access. An extranet is an
intranet that is accessible to authorised outsiders.
4 Digital dashboards are software tools that provide a high level, summarised view of the
performance of an enterprise. Sometimes called an executive dashboard, an enterprise dashboard or
a management cockpit, they provide rapid access to timely information and direct access to
management reports. Information is presented in a clear, user friendly format, usually including
graphics.
5 Data mining software analyses data with the aim of discovering previously unknown,
potentially useful relationships. Data mining uses statistical analysis tools as well as fuzzy logic
and other intelligent techniques.
4 A DFD is a Data Flow Diagram. Data flow diagrams are often produced during systems analysis to
provide a diagrammatic representation of how the system works.
5 Logical design involves describing the purpose of a system, i.e. what the system will do. Logical
design does not include any specific hardware or software requirements as it is more concerned
with the processes to be performed.
6 Unit integration testing involves testing two or more software units to ensure they work
together as intended. This would usually be carried out after unit testing has established that
individual units or parts of a program operate as intended.
7 Metrics are quantified measurements relating to system performance. They should be carefully
thought out, objective and stated clearly. Examples of metrics include system response time, the
number of transactions that can be processed per minute, the number of bugs per hundred lines of
code and the number of system crashes per week.
8 Adaptive maintenance is carried out to take account of anticipated changes in the processing
environment. For example, new taxation legislation might require changes to be made to payroll
software.
1 Juran describes data as having good quality if they are 'fit for their intended uses in operations,
decision making and planning'.
2 Procedural controls manage the human aspects of system activity and are usually placed on the
day-to-day running of the system. They can be divided into three sub-categories, input controls,
processing controls, and output controls.
3 Technical controls address security issues such as authorisation, documentation, backup and
recovery.
4 In general terms, preventive controls are more cost-effective than those which detect or correct
problems because they reduce or eliminate the problems occurring in the first place. By definition,
detective and corrective controls allow errors or damage to occur.
5 The Privacy Amendment (Private Sector) Act 2000 aims to protect the privacy of individuals.
6 The two main security risks to organisations (when acting as the vendor) in Internet
transactions are:
• The customer is using fake bank or credit card details and so they will not be paid
• Goods are not received by the customer so replacements have to be sent
1 You should speak with the people who do the work associated with the process. Identify the
person or people who really know the process, this usually means experienced employees. These
people should walk and talk you through their part of the process and answer any questions.
2 Below are examples of commonly used flowcharting symbols. Remember though that different
people and organisations may use different symbols.
Flowcharting symbols
Start/End
Action or
process
A box can represent a single step (‘add two cups of flour’), or an entire sub-process
(‘make bread’) within a larger process.
Document
A printed document or report. This symbol is not always used – it depends upon the
level of detail required in the model.
Decision
3 Business process re-engineering is the fundamental rethinking and radical redesign of business
processes to achieve dramatic improvements in critical contemporary measures of performance,
such as cost, quality, service and speed. Hammer and Champy (2004).
4 An Accounting Information System (AIS) is a collection of data and processing procedures that
records and creates accounting related information. An Enterprise Resource Planning (ERP) system
is one type of AIS. ERP systems use software to control workflow management, directly
impacting upon business processes.
1 For example: Employees, shareholders, suppliers, customers, government, banks – but others are
possible.
2 Regular auditing by an outside firm.
Rotation of duties – but other answers are possible.
3 Reliable accounting data is produced by systems and companies that adhere to the national
guidelines known as Accounting Standards or Generally Accepted Accounting Principles
(GAAP).
There should be regular auditing by an outside firm.
There must be adequate internal controls to prevent records being falsified.
4 Financial statements must show the financial reality (the substance) rather than the legal form of the
transactions and events that underlie them.
5 Transparency:
Builds trust and reputation
Lenders prefer companies that do not conceal problems
Many investors may select only companies that give the fullest disclosure
If the company’s performance is good, making evidence of that more widely available will attract
more investors.
6 A - An instance
7 AASB, The Australian Accounting Standards Board
ASIC, The Australian Securities & Investments Commission
8 Trade Practices Act 1974
Corporations Act 2001
295
Accounting information system (AIS). The system that collects, records, stores and processes data to
keep and maintain a company’s accounting system. This includes the purchase, sales, and other financial
processes of the business.
Ad networks. Use web bugs to create a personal profile of the sites a person is visiting. This information
is stored in a database belonging to the ad network and in turn determines what banner ads the user is
shown.
Architecture. The structure of a system or IT service, including the relationships of components to each
other and to the environment they are in. Architecture also includes the standards and guidelines for the
design and evolution of the system.
Attribute. An XML element property used to describe name-value pairs.
Australian Accounting Standards Board (AASB). Produces and promotes accounting standards. It
does not enforce standards or check that individual companies are adhering to the standards – that is the
duty of the ASIC. It was set up under the Australian Securities and Investments Commission Act 2001.
Australian Competition and Consumer Commission (ACCC). Promotes competition and fair trade
in the market place. It was formed in 1994 with the amalgamation of the Australian Trade Practices
Commission and the Prices Surveillance Authority to administer mainly the Trade Practices Act (1974).
Among other things, this Act legislates against companies gaining market dominance (usually through
mergers) and so lessening competition. The ACCC acts as a corporate watchdog to monitor and enforce
this.
Australian Prudential Regulation Authority (APRA). The financial sector is regulated by APRA,
which was set up as a result of the Financial System Inquiry (better known as the Wallis Inquiry) in 1996 to
examine the results of the deregulation of the Australian financial system. It also resulted in ASIC becoming
the consumer regulator in the financial system.
Australian Securities & Investments Commission (ASIC). Australia's corporate regulator. It is an
independent government body that enforces and regulates company and financial services laws in the
interests of Australian consumers, investors and creditors. ASIC was originally the Australian Securities
Commission (ASC). The ASC came into being as a result of the ASC Act 1989 and replaced the National
Companies and Securities Commission and the Corporate Affairs offices of the states and territories, and
unified corporate regulation throughout Australia.
In 1998 the ASC was also made responsible for consumer protection in superannuation, insurance, deposit
taking and (from 2002) credit, and became the ASIC.
The ASIC is often referred to as Australia's corporate watchdog. It monitors the stock market for unusual
trading activity and investigates company collapses as well as checking that accounting standards are
maintained.
Australian Taxation Office (ATO). Manages Australia's revenue and collects income tax, Goods &
Services Tax (GST), superannuation and excise. It also administers some benefits. All businesses must
submit a Business Activity Statement to the ATO to report their taxation obligations.
Balanced scorecard. Allows an organisation to divide a vision, or overall objective into the smaller pieces
or necessary steps that will allow it to occur. For example, goals and measures of performance can be set
in a number of dimensions such as Financial, Customer, Internal, and Innovation.
Batch processing. Involves transactions being grouped and stored before being processed at regular
intervals, such as daily, weekly or monthly. Because data is not input as soon as it is received the system will
not always be up-to-date.
Bit. The smallest item of computer storage is referred to as a bit.
Blog. A website containing descriptions of events and personal experiences, or comments or reviews.
Bluetooth. Connects mobile devices wirelessly to each other or to desktop PCs.
Bridge. Joins two networks together, so as far as data packets are concerned it looks like one large
network.
Glossary 297
Corporations Act 2001. The principal legislation regulating companies in Australia. The Act was
successfully challenged in the High Court by New South Wales, but a subsequent co-operative scheme led
to the Act being adopted by all states.
Corrective controls. Designed to rectify errors which have been detected. They require their own
preventive and detective controls to ensure the correction process is not defective.
Cost accounting. Includes product costing and activity-based costing and focuses on activities involved in
production, the service process and the departmental units within an organisation as well as other
resources.
Customer relationship management (CRM) system. An enterprise wide business strategy designed
to optimise profitability, revenue and customer satisfaction by organising the enterprise around customer
segments, fostering customer-satisfying behaviours and linking processes from customers through suppliers.
CRM is an information industry term for methodologies, software, and usually Internet capabilities that help
an enterprise manage customer relationships in an organised way.
Data. The raw material for data processing. Data consists of numbers, letters and symbols and relates to
facts, events, and transactions.
Data cube. At the core of OLAP tools lays a multidimensional data model. The best and most typical way
to visualise this is in the form of a data cube. In general, each cube is defined by two entities, measurements
and metric. A metric is basically the dimensions in which data in an organisation is kept. Time (in years,
quarters or months) or region (north, south, east west), would be examples of metrics. Measurement, on
the other hand, represents values of the data that is being stored. Think of measurements as quantities in
which we want to analyse relationships between metrics. Measurements are typically numeric in nature.
While time (in years, quarters or months) is an example of a metric in the example given above, yearly sales
or average quarter-to-quarter growth are examples of measurements.
Data field. Several characters combine to form a data field, for example an account balance. Other names
for a data field are 'attribute,' 'column,' or simply 'field'.
Data flow. Represents the movement or transfer of data from one point in the system to another.
Data flow diagrams. Show the ways in which data is processed, and may be used to help map a process.
Data governance. Refers to the overall management of the availability, usability, integrity, and security of
the data employed in an enterprise.
Data management. Comprises all the disciplines related to managing data as a valuable resource.
Data mart. Similar to a data warehouse but the mart holds data relating to a specific department, function
or area of the business.
Data mining. An analytic process designed to explore data (usually large amounts of data and typically
business or market related) in search of consistent patterns and/or systematic relationships between
variables, and then to validate the findings by applying the detected patterns to new subsets of data. The
ultimate goal of data mining is prediction – and predictive data mining is the most common type of data
mining and one that has the most direct business applications.
Data processes. Data being used or altered. The processes could be manual, mechanised or
computerised.
Data store. A point which receives a data flow and holds data.
Data warehouse. Consists of a database, containing data from various operational systems, and reporting
and query tools, which enable data to be analysed outside of operational systems.
Database. A collection of logically-related records and files organised to service many applications. A
database consolidates many records previously stored in separate files, so that a common pool of data
records serves many applications. An organisation's database can contain facts and information on
customers, employees, inventory, competitors' sales, on-line purchases and much more. It provides
convenient access to data for a wide variety of users and user needs.
Database integrity. Data accuracy and consistency within the database.
E-commerce. Transactions made between buyers and sellers using the Internet or other electronic
methods.
Element. An element in XBRL is a business reporting concept defined in a taxonomy and quantified in an
XBRL instance document.
Email (electronic mail). An electronic document (usually a message) sent to a person or group on the
Internet. When used as a verb, ‘email’ refers to the act of sending the document.
Email attachment. A data package sent via email, for example a Word document from a colleague, or a
photo from a friend.
Encryption. A way of scrambling information so that data can stay secure. It aims to protect confidentiality
by rendering data unreadable to unauthorised users.
End user. The person who is executing applications on the workstation.
Enterprise collaboration systems. Information systems that use a variety of information technologies to
help people work together to collaborate and communicate ideas, share resources and co-ordinate co-
operative work between teams.
Enterprise Information Portals (EIP). Serve as a gateway to an organisation's information and
knowledge. They deliver personalised business data and content directly to employees, business partners
and customers. The portal often is often similar to a website and extranet combined.
Enterprise Resource Management (ERM) systems. See Enterprise Resource Planning (ERP)
systems.
Enterprise Resource Planning (ERP) systems. Modular software packages designed to integrate the
key processes in an organisation so that a single system can serve the information needs of all functional
areas.
Glossary 299
Entity. Something in a system that has a distinct, separate existence. It is usually a low level object, that the
system treats as a single unit. It may also be a source or destination of data which is considered external to
the system (not necessarily external to the organisation), for instance people or groups who provide data
or input information or who receive data or output information.
Entity Life History (ELH). A diagram that shows the processes that happen to an entity, from its
creation to the time it is discarded.
Entity Relationship Model (ERM). Also known as an entity model or a logical data structure. Provides
an understanding of the logical data requirements of a system independently of the system's organisation
and processes.
Ethernet. A network connected by coaxial or twisted-pair wires for fast file transfer. Standard Ethernet
has a data transfer rate of 10 million bps (bits per second).
Ethics. Concerned with what is right and what is wrong. To act ethically generally means to 'do the right
and fair thing' in the eyes of society as a whole. Information systems raise new ethical questions for both
individuals and societies because they create opportunities for intense social change, and thus threaten
existing distributions of power, money, rights, and obligations.
Executive Information Systems (EIS). A generalised computing and communication environment to
senior managers to support strategic decisions. The emphasis is on graphical displays and ease of use.
Executive Support Systems (ESS). See Executive Information Systems (EIS).
Expansion slot. An area in a computer that accepts additional input/output boards to increase the
capability of the computer.
eXtensible Business Reporting Language (XBRL). An open standard for the electronic
communication of business and financial data that supports information modelling and the expression of
semantic meaning. The language has been built and promoted by XBRL International, a worldwide
consortium of approximately 550 companies and agencies.
Extension taxonomy. Created on top of a public taxonomy to define necessary reporting concepts that
have not been previously defined.
External stakeholders. Not part of a business but have a keen interest in what it does, and influence its
decision-making. Normally stakeholders are from within the company and could include internal clients,
customers, suppliers, lenders, management, employees, administrators, etc. However, a project may have
external stakeholders, including suppliers, investors, community groups and government organisations or
the wider society, which influence and are influenced by an organisation but are not in its 'internal part'.
Extranet. A private network that uses Internet technology and the public telecommunication system to
securely share part of a business's information or operations with suppliers, vendors, partners, customers,
or other businesses. An extranet can be viewed as part of a company's intranet that is extended to users
outside the company.
Fast Ethernet. A new Ethernet standard that supports 100 Mbps using category 5 twisted pair or fibre
optic cable.
Feasibility study. Involves a review of the existing system and the identification of a range of possible
alternative solutions. A feasible (technical, operational, economic, social) solution will be selected – or a
decision made not to proceed.
Feedback. In information systems, feedback is information from the system that is used to make changes
to input or processing activities.
Fibre optic cable. A cable, consisting of a centre glass core surrounded by layers of plastic, that transmits
data using light rather than electricity. It has the ability to carry more information over much longer
distances.
Field. See Data field.
File sharing. Swapping music, movies, games, and other media online with other users on a local network
or a peer-to-peer (P2P) program.
Gate keeping. The restricted access to services, privileges, benefits or opportunities on the basis of
certain data values.
Gateway. Converts the data passing between dissimilar networks so that each side can communicate with
the other i.e. it converts data into the correct network protocol.
General Packet Radio Service (GPRS). An extension to GSM which organises data into packets,
resulting in higher data transmission speeds. Among other things, this allows continuous Internet access and
more advanced messaging.
Gigabyte (GB). One billion bytes of information or one thousand megabytes.
Global Ledger Taxonomy (or XBRL-GL). Allows the representation of anything that is found in a chart
of accounts, journal entries or historical transactions, financial and non-financial. This defines the underlying
data elements in AIS, and is available from the XBRL International web site www.xbrl.org/GLFiles/.
Global System for Mobile Communications (GSM). By far the most widely used mobile telephone
system in the world. Control signals and speech are both transmitted digitally.
Graphical Robotics Applications Simulation Package (GRASP). A 3-D graphical simulation system
used by engineering companies for evaluating and programming industrial robots.
Groupware. Software that provides functions for the use of collaborative work groups.
Hard data. Data that can be verified objectively, satisfies audit criteria, and is considered reliable. The rules
for generating the data are inflexible with little scope for guesswork or human feeling for a situation. Hard
data is characterised by clear objectives, and a clearly defined problem which can be solved by standard
techniques, and it is obvious when a solution, a particular value, has been achieved.
Hardware. The various physical components that comprise a computer system, which are used to
perform input, processing and output activities. Hardware resources include the computer, its peripherals,
and consumables such as stationery.
Hub. The network hub allows computers to share data packets within a network.
Information. Data that have been processed in such a way as to be meaningful to the recipient. Data are
subjected to a 'value-added' process (data processing or information processing) where their form is
aggregated, manipulated and organised or their content is analysed and evaluated and is placed in a proper
context for a human user.
Information infrastructure. Includes all of the people, processes, procedures, tools, facilities, and
technology which support the creation, use, transport, storage, and destruction of information.
Glossary 301
Information superhighway. A 1990s concept for a high-speed computing and communications network
that would deliver ubiquitous voice, telephony, data, video and other communications. The Internet itself
was originally cited only as a model for the information superhighway, though the popularity of the Web
made it the default successor to the concept.
Information system (IS). Uses the resources of people, hardware, software, data, and networks to
perform input, processing, output, storage and control activities.
Information technology (IT). The common term for the entire spectrum of technologies for information
processing, including software, hardware, communications technologies and related services. In general, IT
does not include embedded technologies that do not generate data for enterprise use. Information
Technology is often used to support Business Processes through IT Services.
Information technology (IT) infrastructure. All the hardware, software, databases,
telecommunications, people and procedures that are configured to collect, manipulate, store and process
data resources into information products.
Input controls. Regulate the input of data to ensure it is accurate and free from error as possible. Such
controls are important where, for example, an employee is required to type or copy data into the system
from another source.
Instance. An XBRL business report containing tagged business facts together with the context in which
they appear and any further attributes needed to describe them.
Integrated services digital network (ISDN). A high-speed networking infrastructure that operates
over standard copper telephone wires or other media. ISDN connections are used to provide a variety of
digital services to customers, including digital voice telephone, fax, e-mail, digital video, and access to the
Internet. A wide range of data transfer rates are available, with speeds up to about 128 kilobits per second
(kbps). ISDN is faster than an ordinary dial-up connection (at about 56 kbps), but much slower than cable
modem or Digital Subscriber Line (DSL) connections (which typically exceed one megabit per second).
Internal stakeholders. All employees (from directors down) and their families, their unions and
associations and professional organisations, and previous employees who rely on the company pension fund
as well as shareholders.
Internet. A global network linking computers so they can communicate. The Internet was developed in
1969 for the U.S. military and gradually grew to include educational and research institutions. Use of the
Internet has mushroomed, primarily due to the popularity of the Web – the graphical form of the Internet
that most people use – and email.
Internet Protocol (IP). The basic underlying protocol of the Internet. Used in conjunction with
Transmission Control Protocol (TCP), it provides a common address system and communications protocol
to track the addresses of network nodes, route outgoing messages and recognise incoming ones. Today, its
use has spread beyond the Internet to become a de facto standard used in enterprise networking. See
Internet, TCP and TCP/IP.
Internet Protocol (IP) address. The Internet protocol (IP) address is the address of a computer on a
TCP/IP (transmission control protocol/Internet protocol) network. IP addresses are written as four groups
of up to three digits (e.g., 169.237.104.18).
Internet Service Provider (ISP). An organisation that provides access to the Internet, sometimes for a
fee.
Intranet. A network internal to an enterprise that uses Internet technology and protocols. It is meant for
the exclusive use of the organisation and is protected from unauthorised access with security systems such
as firewalls. Intranets are often used by companies for informational purposes, such as distributing internal
announcements or displaying job postings, internal directories and organisational charts.
Intrusion detection. A security measure that collects and analyses information on a computer or
network to determine if/when an attack has occurred.
IT environment. See IT platform.
IT platform. Refers to the hardware architecture and software framework (including application
frameworks), that allows software to run. (The terms 'platform' and 'environment' are used
interchangeably.)
Logical design. Describing the purpose of a system, i.e. what the system will do. Logical design does not
include any specific hardware or software requirements as it is more concerned with the processes to be
performed.
Netiquette. Short for 'Internet etiquette’, netiquette refers to standards of courtesy in electronic
communications.
Network. Any computing system that includes connected computers. It is a set of conjoined computers
that can share storage devices, peripherals, and applications. Networks may be connected directly by cable,
or indirectly by telephone lines or satellites, and can be part of a small-office system, or of a global web of
numerous other networks.
Glossary 303
Network Access Ports. On-campus stations (desks or booths) designated for connecting laptops to the
Internet via the organisation’s network.
Network Security. Measures taken to protect a set of computers from threats posed by hackers, thieves,
viruses, and other destructive forces. See also computer security.
Newsgroup. A virtual forum focusing on a specific subject. The collected email entries (known as news
articles) can be perused by all Internet users.
Object-oriented databases. Emerged in the mid-1980s, but relational databases remain the most
popular. The main difference with an object-oriented database is that database 'records' are treated as
properties of an object rather than as a group of related fields. Links can be established between different
objects and their associated properties and classes. Objects may hold other objects, allowing them to
inherit properties.
Office Automation Systems (OAS). Support general office work for handling and managing documents
and facilitating communication. They are designed to increase the productivity of data and information
workers.
On-line Analytical Processing (OLAP). Involves on-line transactions that include large amounts of data
used for extensive analysis. OLAP applications support management-critical tasks through analysis of data in
the data warehouses.
On-line Transaction Processing (OLTP). Events relating to current activities of the business. OLTP
applications support mission-critical tasks.
Operations support systems. The role of an organisation's operations support systems is to effectively
process business transactions, control industrial processes, support enterprise communications and
collaboration and update corporate databases.
Operating system (OS). Software that controls the basic operation of the machine. The operating
system performs such tasks as recognising keyboard input, sending output to the monitor, keeping track of
files and directories on the disk, and controlling other connected devices such as printers.
Output controls. Designed to ensure that the output of data is authorised and as accurate and complete
as possible.
Parallel running. The old and new systems are run in parallel for a period of time, both processing
current data and enabling cross checking to be done.
Password. A common security measure, a password is generally a string of letters, numbers and symbols
used by individuals to access protected computers or computing systems.
Patches. See Software Patches.
Payroll accounting. This accounting system is the only operation in a business that is almost completely
governed by various federal, state, and local laws and regulations. Rules establish who is an employee, what
is time worked, when overtime is to be paid, what deductions are made, when to pay an employee, and
when taxes are paid. Lack of compliance with these laws and regulations can result in both fines and back-
pay awards. With each new year, payroll administrators must keep abreast of the changes in legislation that
affect their firms' payroll record keeping.
Peer-to-peer network. Each computer has equivalent capabilities and responsibilities – devices
communicate directly with each other.
Pharming. A scam in which malicious code is installed on a personal computer or server, misdirecting
users to fraudulent Web sites without their consent.
Phishing. A form of fraud. Phishers send email messages that appear to come from a reputable business
(often a financial institution) in an attempt to gain personal or account information. The message typically
includes a link to a fake Web site that resembles a legitimate page. The fake page collects the information
and then uses it for fraud.
Query language. A formalised method of constructing queries in a database system. A query language
provides the ways in which you ask a database for data. Some query languages can be used to change the
contents of a database. SQL, short for Structured Query Language, is a popular language.
Record. Data fields combine to form a complete record. A database record stores all the information
about one file entity, for example one employee in a payroll file.
Relational database. A computer database in which all the data is stored in relations which (to the user)
are tables with rows and columns. Each table is composed of records (called tuples) and each record is
identified by a field (attribute) containing a unique value. Every table shares at least one field with another
table in 'one to one,' 'one to many,' or 'many to many' relationships. These relationships allow the database
user to access the data in almost an unlimited number of ways, and to combine the tables as building blocks
to create complex and very large databases.
Glossary 305
Reliability. Reliable data is at the heart of an accounting information system. If the data is not reliable,
nothing else is of any consequence. Reliable data is truthful, accurate, complete, and capable of being
verified.
Repeater. A device used in a network to strengthen a signal as it is passed along the network cable.
Resources, Events and Agents system (REA). This model (McCarthy 1982) is an accounting
framework for modelling an organisation's critical resources, events and agents and the relationship
between them. Unlike some traditional accounting systems, REA permits both accounting and non-
accounting data to be identified, captured and stored in a centralised database.
Ring network. Every device has exactly two neighbours for communication purposes. All messages travel
through a ring in the same direction (either 'clockwise' or 'counter clockwise').
Router. A device that connects different networks. It can select the best path to route a message, as well
as translate information from one network to another. It should also be used to block unauthorised or
undesired traffic between networks.
Routing table. A table in memory that contains a list of all the networks a router is connected to, along
with the latest information on how busy each path in the network is at that moment.
Secure sockets layer (SSL). A protocol allowing secure transmission of confidential material via the
Internet.
Server. Any machine that provides a service for other users on the network.
Service Desk. The point in service management where people, process and technology blend to deliver a
business service. It provides the essential daily contact between customers, users, IT service and any
relevant third-party support organisation.
Simple mail transfer protocol (SMTP). A protocol for transferring email messages from one server to
another.
Slicing and Dicing. Refers to the ability to look at the database from different viewpoints. A slice is a
subset of a multi-dimensional array corresponding to a single value for one or more members of the
dimensions not in the subset. The dice operation is a slice on more than two dimensions of a data cube (or
more than two consecutive slices). One slice of the sales database might show all sales of product type
within regions. Another slice might show all sales by sales channel within each product type. Slicing and
dicing is often performed along a time axis in order to analyse trends and find patterns.
Soft data. Consists of estimates or relies on value judgements. It is the product of systems and methods
which do not give a rigid answer, but may produce a range of results or assign probabilities, or just be based
on what people think the answer should be. It may not be clear what the objective is, for the item to be
measured may be difficult to define and standard methods of solution will not apply. Examples of soft data
are employee morale and customer satisfaction.
Soft Systems Methodology (SSM). Checkland's SSM is a way of analysing situations. It provides an
organised approach (seven stages) which can be used to tackle unstructured and poorly defined problems.
The seven stages include first identifying and then analysing the problem. Then a set of 'root definitions' is
developed for anything thought to be relevant to the problem. Conceptual models of the root definitions
are built and compared with the real world. Possible changes are defined before a change is made, and
the resultant problems are considered.
Software. Sets of instructions or data that tell a computer what to do. Software is often divided into two
categories: system software, which includes the operating system (e.g., Windows Vista, MacOSX) and all
utilities that enable the computer to function; and application software, which includes programs that
perform specific tasks (e.g., word processors, spreadsheets, and databases).
Software patches. Updates that fix a flaw in a computer program.
Source code. Computer programs or operating systems are originally written by a person in a
programming language. This is the software's source code. To use it, the computer has to translate the
program from the source code into the machine language that the computer understands and can execute.
This translation process is referred to as compiling.
Tag. A mechanism used in markup languages, such as XML, to describe and locate data. XBRL tags are
generally a word or words enclosed in angle brackets to denote an opening tag, and the same but with a
forward slash for an ending tag.
Tax accounting. Is principally based on Australian Tax Office (ATO) regulations. Its objective is to ensure
that the organisation is paying what is due or what it owes to the Government in the form of taxes. Tax
accounting systems include taxation as it applies to individuals, partnerships and corporations, estate and
trusts, international taxation and special tax issues and topics.
Taxonomy. An electronic dictionary of business reporting elements used to report business data.
Technical controls. IT solutions to security concerns and often relate to the storage of, and access to
data, as well as to amending or deleting data files.
Telecommunications. The electronic transmission of signals for communications, which enables
organisations to carry out their processes and tasks through effective computer networks.
Glossary 307
Terminator. A device that provides electrical resistance at the end of a transmission line. Its function is to
absorb signals on the line, thereby keeping them from bouncing back and being received again by the
network.
Third generation (3G). Global system for mobile communications (GSM) and general packet radio
service (GPRS) data services – data networking services for mobile phones.
Token. A special packet that contains data and acts as a messenger or carrier between each computer and
device on a ring topology. Each computer must wait for the messenger to stop at its node before it can
send data over the network.
Token ring. A network protocol developed by IBM in which computers access the network through
token-passing.
Topology. Refers to how a computer network is physically arranged.
Trade Practices Act 1974. The first attempt to regulate and promote fair competition was the
Australian Industries Preservation Act in 1906. It attempted to prohibit combinations and
monopolies, but key sections were declared unconstitutional by the high court, and it was finally repealed in
1965, having been largely ineffective.
From 1911 to 1973 there were several attempts to introduce nation-wide regulation of industry and
commerce, but all failed, though some quite narrowly. As a result there arose a host of anti-competitive
trade practices: cartels and monopolies, price fixing, and restrictions to market entry.
The Trade Practices Act (1974) was a landmark piece of legislation because it changed the Australian
trade landscape from one of restrictive practice to one of competition.
Transaction Processing Systems (TPS). Process the data generated by business transactions (sales,
purchases, inventory changes). TPS also produce a variety of information products for internal or external
use (customer statements, sales receipts and payslips).
Transmission control protocol (TCP). Together with Internet protocol (IP), TCP is one of the core
protocols underlying the Internet. The two protocols are usually referred to as a group, by the term
TCP/IP. TCP enables two computers to establish a connection and exchange information. It guarantees
delivery of data, and also guarantees that information packets will be delivered in the same order in which
they were sent.
Transparency. The open and clear disclosure of relevant information to shareholders and other
stakeholders, and not concealing information that may affect decisions.
Tree network. A local area network (LAN) topology similar to linear bus topology, except that tree
networks can contain branches with multiple nodes. In its simplest form, only hub devices connect directly
to the tree bus and each hub functions as the 'root' of a tree of devices.
Twisted pair. Network cabling consists of four pairs of wires that are manufactured with the wires
twisted to certain specifications. They are available in shielded and unshielded versions.
Ubiquity. Refers to the attribute of being available at any location at any given time. A mobile terminal in
the form of a smart phone or a PDA offers ubiquity.
Unshielded Twisted Pair (UTP). Is the most common kind of copper telephone wiring. Twisted pair is
the ordinary copper wire that connects home and many business computers to the telephone company. To
reduce crosstalk or electromagnetic induction between pairs of wires, two insulated copper wires are
twisted around each other. Each signal on twisted pair requires both wires. Since some telephone sets or
desktop locations require multiple connections, twisted pair is sometimes installed in two or more pairs, all
within a single cable. For some business locations, twisted pair is enclosed in a shield that functions as a
ground. This is known as shielded twisted pair (STP).
Glossary 309
310 IT and Business Processes
Index
311
312 IT and Business Processes
3G technologies, 36 BPR problems, 219
Bridge, 38
A Broad reach, 33
Bubble Act, 250
Acceptance, 108, 215 Bubbles, 250
Access control, 24 Budget, 111
Accountability and control, 171 Bugs, 126
Accountancy & Actuarial Discipline Board, 251 Bus topology, 18
Accounting cycle, 147 Business intelligence, 94
Accounting information system (AIS), 72, Business intelligence management, 11
141, 160, 220 Business Intelligence Systems, 15
Accounting records, 57 Business intelligence tools, 94, 96
Accounting Regulatory Committee (ARC), 251 Business process, 210
Accounting software, 142 Business process re-engineering (BPR), 216
Accounting Standards, 236 Business processes, 210, 215, 217, 218, 220
Accounting Standards Board of Japan, 249 Business processes and IT, 220
Active resistance, 215 Business process summary, 210
Ad networks, 173 Byte, 59
Adaptation, 215
Analysis stage, 109 C
Anti-virus software, 193, 194
Association for Project Management Book Campus Area Network (CAN), 25
of Knowledge (APM BoK), 113 Cardinalities, 156
Associations, 97, 98 Cash, 147
Attribute, 240 Categories, 116
Audit Oversight Board, 249 Centralised architecture, 19
Australian Accounting Standards Board (AASB), Centralised network architecture, 19
236, 248 Change
Australian Competition and Consumer Pace, Manner, Scope, 216
Commission (ACCC), 248 Change control, 114
Australian Industries Preservation Act, 251 Changeover, 123
Australian Institute for Project Management Changing business processes, 215, 217, 218
(AIPM), 113 Check digits, 73
Australian National Competency Standards for Checkland's SSM, 238
Project Management (ANCSPM), 113 Checkpoint, 113, 135
Australian Prudential Regulation Authority China, 249
(APRA), 248 China Securities Regulatory Commission, 249
Australian Securities & Investments Commission Classification, 98
(ASIC), 248 Client applications, 27
Australian Taxation Office (ATO), 145, 248 Clients, 27
Authentication, 24, 194 Client-server networks, 25, 27
Cloud computing, 21
B Clustering, 98
Communications media, 12
Backbone network, 19 Computer Aided Design (CAD) systems, 15, 21,
Backup and Recovery, 166 88
Balanced Matrix Organisation, 112 Computer crime, 175
Balanced Scorecard, 230 Computer ethics, 171
Bar chart, 231 Computer fraud, 143
Batch, 161 Computer-based information system (CBIS), 12
Batch processing, 161 Confidentiality, 24
Batch processing systems, 168, 169 Consistency, 62
Batch systems, 170 Consolidation, 142, 167
Benefits Consultancies, 58
intangible, 116 Control investment, 190
Bit, 59 Control systems, 190
Blog (Weblog), 195 Control totals, 73
Blogs, 89 Controlling, 56, 128
Boochholdt J, 141 Controls, 193
Index 313
Conversion cycle, 152 Database implementation, 70
Cookies, 173, 194 Database integrity, 72
Copyright law, 173 Database management, 11
Corporate applications, 27 Database Management System (DBMS), 15, 60,
Corporate network, 25, 46 61, 153
Corporate network components, 26 Database security, 72
Corporations Act, 248 Database system, 60, 61, 62
Cost, 128 Database user privileges, 73
Cost accounting, 145, 148 Database user rights, 73
Cost-benefit analysis, 115 Databases, 11, 72
Costs Dataflow Diagrams (DFDs), 109, 110
categories of, 116 Davenport and Short, 217
Creativity, 215 Decentralised network architecture, 20
Cryptography, 193 Decision making, 56
Customers, 234 Decision Support System (DSS), 8, 15, 16, 17, 50
Decision support tools, 220
D Decision tables, 120
Decision-makers, 168
Data, 11, 56, 57, 186 Denial of Service (DoS), 175
Data analysis, 94, 96 Denial of service attack, 43, 193
Database, 60, 62 Dependence, 175
Data capture, 63 Deployment, 108
Data collection, 163 Deployment flowchart, 214
Data collision, 40 Design stage, 109
Data compression, 40 Desktop computers, 10
Data corruption, 151 Development costs, 116
Data design, 67 Development stage, 109
Data dictionary, 74 Dial-back security, 194
Data flow, 118 Dialogue generation and management system
Data flow diagrams, 118, 214 (DGMS), 15
Data governance, 11 Digital dashboards, 94
Data independence, 62 Digital Subscriber Line (DSL), 24
Data integrity, 24 Direct productivity loss, 194
Data management, 5, 11 Distributed architectures, 20
Data mining, 96, 97, 101, 165, 168, 230 Document, record and content management, 11
Data modelling, 67 Documentation, 126
Data mosaic, 64 Documentation files, 110
Data packets, 39 Double entry bookkeeping, 156
Data privacy, 172 Drill down, 167, 230
Data processes, 118 Duality, 155
Data processing, 161, 163 Duplicate copies of data, 151
Data quality, 186
Data quality management, 11 E
Data quality principles, 186, 187
Data redundancy, 62 EasyMiner, 97
Data security management, 11 E-commerce analytics, 96
Data sources, 57 Economic agents, 155
Data storage, 63 Economic resources, 155
Data storage models, 65 Electronic communication, 197
Data store, 118 Electronic Data Interchange (EDI), 58
Data warehouse, 92, 93, 167, 168 Electronic signatures, 193, 194
Data warehouse systems, 168 Element, 240
Data warehousing, 92 Employment, 175
Data warehousing, 11, 97 Empowerment, 175
Database, 60, 153, 220 Encryption, 73 193, 194
Database Activity Monitoring (DAM), 74 End users, 9
Database administrator (DBA), 74 Enterprise collaboration systems, 8, 50
Database availability, 74 Enterprise information portals, 96
Database controls, 72
Index 315
Information technology (IT) infrastructure, 5 Malaysia, 249
Information time frame, 169 Malaysian Accounting Standards Board (MASB),
InfoSphere Warehouse, 97 249
Input controls, 73, 188 Malicious software, 175
Input devices, 9 Malware, 195
Installation, 108, 121 Management accounting, 145, 149
Installation costs, 116 Management Information Systems (MIS), 8, 13,
Instance, 240 14, 50
Instant Messaging (IM), 29 Management support systems (MSS), 8, 50
Integration, 108, 158 Managerial accounting, 145, 149
Intelligent agents, 88 Manner, 216
Internal information, 57 Manual processing, 151
International Accounting Standards Board (IASB), Many-to-many, 68
236 Many-to-one, 68
International Financial Reporting Standards Mapping, 242, 247
(IFRS), 236, 249 Masquerading, 143
Internet, 12, 19, 58 Master, 60
Internet Protocol, 23 Master file, 161
Intranet, 12, 31, 88 M-business, 35
Investment workstation, 88, 89 M-commerce, 35
IT platform, 5 Measuring performance, 125
IT services, 5 Mesh topology, 19
Iteration, 69 Metadata management, 12
Iterative Development, 109 Metropolitan Area Network (MAN), 25
Microcomputers, 9
J Milestones, 127, 128, 129, 131
Mobile commerce (m-commerce), 35
Jamming, 175 Mobile technology, 33
Japan, 249 Mobility, 33
Model-based management system (MBMS), 15
K Monetary Authority of Singapore (MAS), 249
Monitoring, 128
Kermit, 40 Multidimensional data model, 166
Key, 59, 193 Multidimensional database, 95, 165
Knowledge, 86 Multidimensionality, 95
Knowledge Areas, 112
Knowledge bases, 11
N
Knowledge creation, 87
Knowledge management, 86, 87 National Companies and Securities Commission
Knowledge Work Systems (KWS), 15, 17, 89 (NCSC), 252
Knowledge Workers, 15 NetTracker, 97
Kotter and Schlesinger, 215 Network, 12, 17
Network database, 65
L Network devices, 26
Network model, 66
Labour costs, 149 Network protocol, 39
Laptop, 10 Network Service Providers (NSPs), 23
Liability, 174 Network support, 12
Libraries, 58 Network topologies, 18
Limit checks, 73 Network topology, 18
Local applications, 27 Neural networks, 88
Local Area Network (LAN), 22 Notebook computers, 10
Logic bomb, 192 Notes, 246
Logical design, 121
Logical view, 62
O
M Object-oriented database, 65, 67
Object-relational database, 67
Maintenance, 108 Office Automation System (OAS), 16, 17, 88
Pace, 216 R
Packet sniffing, 43
Partial mesh topology, 19 Range checks, 73
Passive resistance, 215 Rapid Application Development, 108
Passwords, 44 Rapid Prototyping, 108
Payroll accounting, 146 REA (resources, events and agents) system, 155
Payroll system, 149 REA model, 155, 156
Peer-to-peer, 30 REA system, 156
Peer-to-peer networks, 25, 28, 29, 44 Reactions to proposed change, 215
Performance measurement, 56 Real-time systems, 168
Personal Computers, 9 Record, 59
Personal Digital Assistants (PDAs), 10 Recording transactions, 56
Personnel costs, 116 Reference and master data management, 11
Personnel records, 57 Reference works, 58
Physical view, 61 Relational database, 65
Pie chart, 231 Relational Database Management System
Piggybacking, 143 (RDBMS), 61
Planning, 56, 109 Relational model, 66
Planning stage, 109 Reliability, 236
Political issues, 174 Repeater, 37
Porter, M, 144 Requirements changes, 126
Ports, 45 Requirements definition, 108
Post implementation review, 125 Requirements specification, 120
Power failure, 142 Resistance to change, 215
PRINCE2, 113 Resources, 170
Principles of BPR, 216 Revenue cycle, 152
Primary, 59 Ring topology, 18
Privacy, 63, 172, 198 Risk assessment, 130
Procedural controls, 187
Procedures, 6 S
Process control systems (PCS), 8, 50
Process flowchart, 213 Sarbanes Oxley Act, 142, 252, 253
Process mapping, 211, 212, 213 Satyam Computer Services Limited, 249
Process maps, 211 Savings, 116
Processing controls, 73, 188 Scheduling, 128
Index 317
Scope, 111, 216 Tag, 239
Securities Commission of Malaysia, 249 Tagging, 247
Securities Exchange Act, 252 Tax accounting, 145, 147
Securities Exchange Commission (SEC), 245, 252, Taxonomy, 240
253 TCP (Transmission Control Protocol), 40
Security, 193, 198 TCP/IP, 44
Selection, 69 TCP/IP protocol stack, 40
Sequences, 98 TCP/IP protocols, 31
Sequential patterns, 97 Technical controls, 189
Servers, 9, 41 Telecommunications, 12
Service Desk, 5 Telecommunications networks, 12, 220
Seven-layer Open Systems Interconnection (OSI) Testing, 108, 121
model, 40 Time, 127
Signatures, 193 Time bomb, 192
Singapore, 249 Timesheets, 57
Slates, 10 Topology, 18
Slicing and dicing, 167 Torrington and Weightman, 215
Sniffing, 43, 175 Tracking technology, 220
Social issues, 174 Trade Practices Act, 251
Social Networking, 29 Training, 122
Soft data, 238 Transaction, 60
Soft Systems Methodology (SSM), 238 Transaction cycles, 152
Software, 6 Transaction Processing System (TPS) , 8,
Software developers, 9 16, 50, 151
Software framework, 5 Transparency, 237
South Sea Bubble, 250 Trap door, 192
Spam, 195 Tree topology, 19
Spiral model, 108 Trial balance, 230
Spoofing, 44, 175 Trojan horse, 192
Spyware, 43, 173 Tucker, 218
Stakeholders, 232 Types of change, 215
Static, 67
Storage Area Network, 25
Strategic level information system, 13
U
Strong Matrix Organisation, 112 Ubiquity, 33
Structured query language (SQL) , 62, 65, 67, 156 UMTS (Universal Mobile Telephone System ), 36
Sub processes, 169 Unauthorised access, 43
Suppliers, 234 Unauthorised data linking, 64
Switches, 39 Unauthorised data sharing, 64
System analysis, 109, 118 User, 73
System analysts, 9 User Datagram Protocol (UDP), 45
System Area Network, 25 User passwords, 73
System design, 110, 120
System development, 110
V
System implementation, 110, 121
System investigation, 117 Validation, 240, 247
System maintenance, 126 Value chain, 144
System operation, 110, 127 Vandalism, 43
System operators, 9 Virtual Private Network (VPN), 24
System quality, 174 Virtual Reality, 88
System review, 125 Virtual reality systems, 90
Systems analysis, 108, 118 Viruses, 142, 192
Systems design, 108 Viruses and worms, 43
Systems development lifecycle (SDLC), 109, 131 Voluntary Filing Program (VFP), 245
T W
Table, 60 WAP phones, 35
Tacit knowledge, 86 Watchdogs, 250, 251
Index 319
320 IT and Business Processes