ASSIGNMENT

SUBMITTED TO: SIR RASHID QUTUB

FROM:MANSOOR KHAN 22006

z
IS AUDIT AND
MANAGEMENT
z
Q1: Why should an organization use an ERP system?
discuss with relevant examples.

 Enterprise Resource Planning (ERP) is software that integrates

all departments and functions across a business into a single
system while still serving each departments' specific needs. It is
designed to help businesses make smarter decisions, serve
their customers better, and work more efficiently overall by
automating processes and workflows.
z
Continued….

 ERP software is important because it can facilitate the following:

 Increase effective communication between departments

 Allow employees to access information they need from

anywhere

 Streamline processes across various department

 Provide a birds eye view of a business' overall operations

 Better manage a company's finances

z
Continued..

 These benefits lead to higher productivity, more efficient

operations, and reduced errors.

 ERP can be beneficial from a marketing standpoint because it

helps you see how your business is doing as a whole, revealing
areas of opportunity where improvements can be made. ERP
provides valuable data and analytics that will help you
understand your customers better and will give you insight that
you can use to tailor your marketing strategy. It also makes it
easier to communicate effectively with your customers and
provide better customer service.
z
example

 Specific industries benefit from ERP solutions designed to

support industry-specific needs. Examples include Encompix for
engineer-to-order manufacturing; Axis for metals, wire and
cable; Cimnet for printed circuit board manufacturing; DTR for
plastics manufacturing; and Relevant for Department of Defense
contractors
z
Q1: Shortly explain the importance of information
system-how does it helps an organization?give
industry example.

 Many organizations work with large amounts of data. Data are

basic values or facts and are organized in a database. Many
people think of data as synonymous with information; however,
information actually consists of data that has been organized to
help answers questions and to solve problems. An information
system is defined as the software that helps organize and
analyze data. So, the purpose of an information system is to turn
raw data into useful information that can be used for decision
making in an organization.
z
Continued….

 There are some general types of information systems. For

example, a database management system (DBMS) is a
combination of software and data that makes it possible to
organize and analyze data. DBMS software is typically not
designed to work with a specific organization or a specific type
of analysis. Rather, it is a general-purpose information system.
Another example is an electronic spreadsheet. This is a tool
for basic data analysis based on formulas that define
relationships among the data. For example, you can use a
spreadsheet to calculate averages for a set of values or to plot
the trend of a value over time.
z
Continued..

 In contrast, there are a number of specialized information systems

that have been specifically designed to support a particular process
within an organization or to carry out very specific analysis tasks.
For example, enterprise resource planning (ERP) is an
information system used to integrate the management of all internal
and external information across an entire organization. Another
example is a geographic information system (GIS), which is used
to manage and analyze all types of geographical data. Expert
systems are another example of information systems. An experts
system is designed to solve complex problems by following the
reasoning of an expert.
z
Continued..

 Information systems typically include a combination of software,

hardware and telecommunication networks. For example, an
organization may use customer relationship management
systems to gain a better understanding of its target audience,
acquire new customers and retain existing clients. This
technology allows companies to gather and analyze sales
activity data, define the exact target group of a marketing
campaign and measure customer satisfaction.
z
Example..

 According to Air Transport Action Group, the global aviation industry

currently employs 62.7 million people worldwide, including 11.2
million “indirect jobs” which include information technology
professionals. Overall employment growth is expected to reach
99.1 million in the next 20 years, with indirect job growth keeping
pace.

 According to Air Transport Action Group, the global aviation industry

currently employs 62.7 million people worldwide, including 11.2
million “indirect jobs” which include information technology
professionals. Overall employment growth is expected to reach
99.1 million in the next 20 years, with indirect job growth keeping
pace.
z
Q3: What is meant by an Audit? Explain the purpose of
internal and external audit and it’s main characteristics-
quote industry example.

 Audit is the examination or inspection of various books of

accounts by an auditor followed by physical checking of
inventory to make sure that all departments are following
documented system of recording transactions. It is done to
ascertain the accuracy of financial statements provided by the
organisation.
z
Purpose of internal and external audits:

 There are multiple differences between the internal audit and external audit functions, which are as
follows:

 Internal auditors are company employees, while external auditors work for an outside audit firm.

 Internal auditors are hired by the company, while external auditors are appointed by a shareholder
vote.

 Internal auditors do not have to be CPAs, while a CPA must direct the activities of the external
auditors.

 Internal auditors are responsible to management, while external auditors are responsible to the
shareholders.

 Internal auditors can issue their findings in any type of report format, while external auditors must
use specific formats for their audit opinion and management letters.

 Internal audit reports are used by management, while external audit reports are used by
stakeholders, such as investors, creditors, and lenders.
z
Continued..

 Internal auditors can be used to provide advice and other consulting

assistance to employees, while external auditors are constrained
from supporting an audit client too closely.

 Internal auditors will examine issues related to company business

practices and risks, while external auditors examine the financial
records and issue an opinion regarding the financial statements of
the company.

 Internal audits are conducted throughout the year, while external

auditors conduct a single annual audit. If a client is publicly-held,
external auditors will also provide review services three times per
year.
z
Example…

 Product recalls still occur fairly often in the automotive industry, despite
increasingly stringent quality assurance requirements in both vehicle and
parts production. That is one of the reasons that manufacturers need a
good data management system to provide end-to-end proof of adherence
to quality standards. Harmonised quality standards and processes help
maintain competitiveness in the automotive industry and gain the trust of
customers. High vehicle quality translates to high reliability, and that can be
a decisive criterion when deciding which vehicle to buy. People need to be
able to depend on their vehicles and they have come to expect certain
standards. The level of quality on offer is a significant factor when
competing for customers. That is why vehicle manufacturers continually
look for ways to optimise processes and im-prove quality throughout the
entire supply chain. From parts supply, through every stage of vehicle
manufacture, all the way to customer aftercare.
z
What are the diferent types of threats and risks to any
information sytem of an organization. Explain the
threats related to intranet and internet-quote industry
example
 Introduction

 As use of internet and related telecommunications technologies and systems

has become pervasive ,use of these networks now creates a new vulnerability
for organizations or companies .These networks can be infiltrated or subverted a
number of ways .As a result ,organizations or companies will faced threats that
affect and vulnerable to information system security . Threats to information
system can come from a variety of places inside and external to an
organizations or companies .In order to secure system and information ,each
company or organization should analyze the types of threats that will be faced
and how the threats affect information system security .Examples of threats such
as unauthorized access (hacker and cracker ) ,computer viruses ,theft ,sabotage
,vandalism and accidents
z
Continued..

 Unauthorized Access (Hacker and Cracker)

 One of the most common security risks in relation to

computerized information systems is the danger of unauthorized
access to confidential data .The main concern comes from
unwanted intruders, or hackers, who use the latest technology
and their skills to break into supposedly secure computers or to
disable them .A person who gains access to information system
for malicious reason is often termed of cracker rather than a
hacker.
z
Continued..

 Computer Viruses (Ran Weber ,1999)

 Computer virus is a kind of nasty software written deliberately to

enter a computer without the user’s permission or knowledge
,with an ability to duplicate itself ,thus continuing to spread
.Some viruses do little but duplicate others can cause severe
harm or adversely affect program and performance of the
system .Virus program may still cause crashes and data loss .In
many cases ,the damages caused by computer virus might be
accidental ,arising merely as the result of poor programming
.Type of viruses ,for example ,worms and Trojan horses .
z
Continued..

 Theft

 The loss of important hardware, software or data can have significant

effects on an organization’s effectiveness .Theft can be divided into three
basic categories: physical theft, data theft, and identity theft.

 Accidents

 Major of damage caused to information systems or corporate data arises as

a result of human error .Accidental misuse or damage will be affected over
time by the attitude and disposition of the staff in addition to the
environment .Human errors have a greater impact on information system
security than do manmade threats caused by purposeful attacks .But most
accidents that are serious threats to the security of information systems can
be mitigated.
z
Threats related to intranet:

 Poor passwords

 One of the most common and yet completely avoidable threats

to the security of your intranet and everything contained within it
comes down to the password choice of each of your end users.
If just one person in your company is using an easily guessable
or very weak password, the entire stability and security of your
wider intranet will be compromised!
z
Continued..

 Unsecured data

 It is all too easy for private or sensitive data to be made

available to unauthorised users due to a lack of the appropriate
encryption software on your individual devices or your intranet
as a whole. Use SSL certificates and firewalls to secure your
intranet from data breaches and security threats, and make sure
that your team knows not to ignore any warnings on expired
certificates or potential phishing attempts!
z
Threats related to internet

 Spam

 The fact that most of our emails accounts come with a ‘Spam’ or ‘Junk’ folder insinuates that spam emails are a huge
issue, with more than 50% of emails being syphoned into these folders. Aside from being an annoyance, spam emails
are not a direct threat. However, many can contain malware.

 Adware

 Adware is a type of malware software that displays unwanted ads when a user is surfing the internet. The ads often
redirect your searches to advertising websites and collect marketing-type data about you, behind your back, which is
considered malicious.

 Adware is often included in many shareware or freeware downloads as a legitimate way of generating advertising
revenues that help fund development. However, some websites are infected with malicious adware that us
automatically downloaded to your computer. When this has been completed, Trojans can be used.

 Trojan

 Trojans leave your computer completely unprotected, which can mean that hackers can steal any data from your
system. Trojans often present themselves as harmless computer programmes so that hackers can penetrate your
computer without being detected.
z
Continued..

 Virus

 One of the most talked about internet threats is a virus. Viruses usually attach themselves covertly
to downloads as they are designed to spread at an alarming rate. Viruses are often attached to files
for download, shared via CDs, DVDs, and USB sticks, or loaded on to computers by opening
infected email attachments.

 Worms

 Worms usually make their way on to a computer via a malicious email attachment or USB stick.
Once your computer has been infected by a worm, it will likely send itself to every email address
logged in your system. To the receiver, your email will appear harmless, until they open it and are
infected by the same worm.

 Phishing

 In its simplest terms, phishing is a form of fraudulent activity. More often than not, official-looking
emails are sent impersonating a well-known provider, such as a bank. These emails are sent to
acquire people’s passwords and credit card details.
z
example:

 The term "virus" has been used as a catchall phrase for many
threats. Essentially, a virus is a computer program that, like a
medical virus, has the ability to replicate and infect other
computers. Viruses are transmitted over networks or via USB
drives and other portable media.