1 / 44

CPA review BEC Module 41

CPA review BEC Module 41. Information Technology. Concept of Information Technology (IT). What do we mean by "IT"? Any tool for manipulating data, information - electronic: computer software and hardware - our focus

gezana
Télécharger la présentation

CPA review BEC Module 41

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CPA review BEC Module 41 Information Technology

  2. Concept of Information Technology (IT) • What do we mean by "IT"? • Any tool for manipulating data, information - electronic: computer software and hardware - our focus - paper: documents, filing techniques… still there, gradually transformed into electronic

  3. Organization of Module 41 • Information systems within a business • Characteristics of IT systems – general • Characteristics of IT systems – specific • Control objectives for information and related technology • Effect of IT on internal control • Flowcharting

  4. Importance of IT and Computer Networks to Accountants • To use, evaluate, and develop a modern AIS, accountants must be familiar with IT • Computers enable accountants to perform their duties more quickly, accurately, and consistently than by manual methods • Software such as electronic spreadsheets aid accountants in analyzing financial statements and in developing budgets

  5. Manual Exceptional/infrequent transactions Setting objectives and policy-making judgments New problems Supervising employees Social communications Making complex strategic decisions Computerized Collecting and processing large volumes of routine transactions Storing large quantities of data and information Monitoring and controlling continuous processes Answering specific inquiries based on stored data Preparing complex analyses and extensive reports Helping gather data and understanding the relationships between all types of decisions Manual vs Computer Systems

  6. Types of Network Architectures • Wide-Area Networks • Formed among computers and inter-connected devices that are geographically distant from one another • Local-Area Networks • A type of distributed network created when two or more linked computers are grouped within a limited geographical area

  7. Wide Area Networks • Concentrates all application processing at one geographical location • Consists essentially of one (or a cluster of) central mainframe computer(s) and one or more physically remote terminals • Typically all hardware, software, and data processing personnel are located at corporate headquarters • Advantages include: • the concentrated computing power of a large processor • low operating costs per transaction leading to economies of scale • can facilitate the use of a database approach • facilitate better security provisions • allow for greater standardization and professional planning and control of information-related activities

  8. Local Area Networks • A LAN may be connected to other LANs and/or WANs via hardware devices known as gateways or bridges • At the heart of a LAN is the workstation • Microcomputer-based workstation • Traditional workstation • Super workstation

  9. Data • A firm’s data resource involves four major functions: • Record & Repository Creation • Repository Maintenance through additions and updates • Data Retrieval • Data Archival and Removal

  10. File Classifications • Master files: These contain (semi) permanent data (records) pertaining to entities (people, places, and things).

  11. File-Oriented Approach to Data Storage • In the file-oriented approach to data storage computer applications maintain their own set of files • This traditional approach focuses on individual applications, each of which have a limited number of users, who view the data as being “owned” by them

  12. Deficiencies of the File-Oriented Approach • Files and data elements used in more than one application must be duplicated, which results in data redundancy • As a result of redundancy, the characteristics of data elements and their values are likely to be inconsistent • Outputs usually consist of preprogrammed reports instead of ad-hoc queries provided upon request. This results in inaccessibility of data • Changes to current file-oriented applications cannot be made easily, nor can new developments be quickly realized, which results in inflexibility • It is difficult to represent complex objects using file processing systems.

  13. The Database Approach to Data Storage • A database is a set of computer files that minimizes data redundancy and is accessed by one or more application programs for data processing • The database approach to data storage applies whenever a database is established to serve two or more applications, organizational units, or types of users • A database management system (DBMS) is a computer program that enables users to create, modify, and utilize database information efficiently

  14. Documenting Data in Data-Base Systems • The Conceptual Data Model is the logical grouping of data on entities • Two common Conceptual Data Modeling techniques are: • The Data Dictionary • Entity-Relationship Diagrams

  15. Data Dictionary • A data dictionary is a computer file that maintains descriptive information about the items in a database • Each computer record of the data dictionary contains information about a single data item used in an AIS

  16. Data Processing Methods • Batch data processing involves the processing of data in groups (or batches) of like transactions at periodic intervals. Used when transaction activity is low or periodic • Real-time processing consists of processing each transaction as it arises and is captured

  17. Online real-time (also referred to as direct access processing) • Transactions are processed in the order in which they occur, regardless of type.

  18. Malicious Programs • Unexpected changes in, or losses of, data may be an indication of the existence of a virus on one’s computer. • E-mail attachments and public domain software(generally downloadable from the Internet at no cost to users) are notorious sources of viruses. • Virus—A program (or piece of code) that requests the computer operating system to perform certain activities not authorized by the computer user.  Viruses can be easily transmitted through use of files that contain macros that are sent as attachments to e-mail messages.   • Macro—A single computer instruction that results in a series of instructions in machine language; macros are used to reduce the number of keystrokes needed in a variety of situations. Most macros serve valid purposes, but those associated with viruses cause problems.

  19. Malicious Programs • Trojan horse—A malicious, security-breaking program that is disguised as something benign, such as a game, but actually is intended to cause IT damage • Worm—A program that propagates itself over a network, reproducing itself as it goes • Antivirus software—Is used to attempt to avoid the above types of problems.  But the rapid development of new forms of viruses, trojan horses, and worms result in a situation in which antivirus software developers are always behind the developers.

  20. Electronic Commerce • Electronic Commerce (EC) is where business transactions take place via telecommunications networks, especially the Internet. • Electronic commerce describes the buying and selling of products, services, and information via computer networks including the Internet. • The infrastructure for EC is a networked computing environment in business, home, and government. • E-Business describes the broadest definition of EC. It includes customer service and intrabusiness tasks. It is frequently used interchangeably with EC.

  21. Electronic Commerce • A global networked environment is known as the Internet • A counterpart within organizations, is called an intranet • An extranet extends intranets so that they can be accessed by business partners.

  22. Electronic Markets • A market is a network of interactions and relationships where information, products, services, and payments are exchanged. • The market handles all the necessary transactions. • An electronic market is a place where shoppers and sellers meet electronically. • In electronic markets, sellers and buyers negotiate, submit bids, agree on an order, and finish the execution on- or off-line.

  23. Interorganization Information Systems • An interorganizational information system (IOS) involves information flow among two or more organizations. • Its major objective is efficient routine transaction processing, such as transmitting orders, bills, and payments using EDI or extranets. • Scope: An IOS is a unified system encompassing two or several business partners. • A typical IOS includes a company and its suppliers and and/or customers.

  24. Types of Interorganizational Systems • Electronic data interchange (EDI) • Extranets • Electronic funds transfer (EFT) • Integrated messaging systems • Shared databases • Electronically-supported supply chain management

  25. The Limitations ofElectronic Commerce • Lack of sufficient system’s security, reliability, standards, and communication protocols • Insufficient telecommunication bandwidth • The software development tools are still evolving and changing rapidly • Difficulties in integrating the Internet and electronic commerce software with some existing applications and databases • Technical Limitations of Electronic Commerce

  26. The Limitations ofElectronic Commerce • The need for special Web servers and other infrastructures, in addition to the network servers (additional cost) • Possible problems of interoperability, meaning that some EC software does not fit with some hardware, or is incompatible with some operating systems or other components

  27. Security for Transaction Processing Systems • Every firm must define, identify, and isolate frequently occurring hazards that threaten its hardware, software, data, and human resources • Security measures provide day-to-day protection of computer facilities and other physical facilities, maintain the integrity and privacy of data files, and avoid serious damage or losses • Security measures include those that protect physical non-computer resources, computer hardware facilities, and data/information

  28. The COBIT 5 Framework COBIT- control objectives for information and related technology COBIT 5 helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use. COBIT 5 enables information and related technology to be governed and managed in a holistic manner for the entire enterprise, taking in the full end-to-end business and functional areas of responsibility, considering the IT-related interests of internal and external stakeholders.

  29. COBIT 5 Principles

  30. COBIT 5 Enablers

  31. Governance and Management Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives. Managementplans, builds, runs and monitors activities in alignment with the direction set by the governance body

  32. Governance of Enterprise IT Evolution of scope IT Governance Management Control Audit COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT 5 1996 1998 2000 2005/7 COBIT evolution Val IT 2.0 (2008) Risk IT (2009) 2012

  33. Five COBIT 5 Principles • Meeting Stakeholder Needs • Covering the Enterprise End-to-end • Applying a Single Integrated Framework • Enabling a Holistic Approach • Separating Governance From Management

  34. 1. Meeting Stakeholder Needs Enterprises exist to create value for their stakeholders. 34

  35. 1. Meeting Stakeholder Needs • Enterprises have many stakeholders, and ‘creating value’ means different—and sometimes conflicting—things to each of them. • Governance is about negotiating and deciding amongst different stakeholders’ value interests. • The governance system should consider all stakeholders when making benefit, resource and risk assessment decisions. • For each decision, the following can and should be asked: • Who receives the benefits? • Who bears the risk? • What resources are required? 35

  36. 2. Covering the Enterprise End-to-End • COBIT 5 addresses the governance and management of information and related technology from an enterprise wide, end-to-end perspective. • This means that COBIT 5: • Integrates governance of enterprise IT into enterprise governance, i.e., the governance system for enterprise IT proposed by COBIT 5 integrates seamlessly in any governance system because COBIT 5 aligns with the latest views on governance. • Covers all functions and processes within the enterprise; COBIT 5 does not focus only on the ‘IT function’, but treats information and related technologies as assets that need to be dealt with just like any other asset by everyone in the enterprise.

  37. 2. Covering the Enterprise End-to-End Key components of a governance system

  38. 3. Applying a Single Integrated Framework • COBIT 5 aligns with the latest relevant other standards and frameworks used by enterprises: • Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000 • IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, PMBOK/PRINCE2, CMMI • COBIT 5 acts as the overarching governance and management framework integrator. • ISACA plans a capability to facilitate COBIT user mapping of practices and activities to third-party references.

  39. 4. Enabling a Holistic Approach COBIT 5 enablers are: • Factors that, individually and collectively, influence whether something will work—in the case of COBIT, governance and management over enterprise IT • Driven by the goals cascade, i.e., higher-level IT-related goals define what the different enablers should achieve • Described by the COBIT 5 framework in seven categories

  40. 4. Enabling a Holistic Approach • Processes—Describe an organised set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals • Organisational structures—Are the key decision-making entities in an organisation • Culture, ethics and behaviour—Of individuals and of the organisation; very often underestimated as a success factor in governance and management activities • Principles, policies and frameworks—Are the vehicles to translate the desired behaviour into practical guidance for day-to-day management • Information—Is pervasive throughout any organisation, i.e., deals with all information produced and used by the enterprise. Information is required for keeping the organisation running and well governed, but at the operational level, information is very often the key product of the enterprise itself. • Services, infrastructure and applications—Include the infrastructure, technology and applications that provide the enterprise with information technology processing and services • People, skills and competencies—Are linked to people and are required for successful completion of all activities and for making correct decisions and taking corrective actions

  41. 5. Separating Governance From Management • The COBIT 5 framework makes a clear distinction between governance and management. • These two disciplines: • Encompass different types of activities • Require different organisational structures • Serve different purposes • Governance—In most enterprises, governance is the responsibility of the board of directors under the leadership of the chairperson. • Management—In most enterprises, management is the responsibility of the executive management under the leadership of the CEO.

  42. 5. Separating Governance From Management COBIT 5 is not prescriptive, but it advocates that organizations implement governance and management processes such that the key areas are covered, as shown.

  43. The Effect of Information Technology on Internal Control

  44. Flowcharting Symbols

More Related