Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
181 Cards in this Set
- Front
- Back
integratebusiness processes and information fromall of an organization’s functional areas (marketing and sales, cash receipts,purchasing, cash disbursements, human resources, production and logistics, andbusiness and financial reporting)
|
Enterprise System |
|
isthe application of electronic networks (including the Internet) to undertakebusiness processes between individuals and organizations. |
E-Business |
|
isa process effected by the board of directors, management and other personnel toprovide reasonable assurance that organizational objectives will be achievedin: efficiency and effectiveness of operations, reliability of reporting, andcompliance with laws and regulations |
Internal Control |
|
Section 404 and PCAOB Auditing StandardNo. 5 |
Managementmust identify, document, and evaluate significant internal controls. Auditorsmust report on the effectiveness of the organization’s system of internalcontrols. |
|
Section 409 of SOX |
Requiresdisclosure to the public on a “rapid and current” basis of material changes inan organization’s financial condition |
|
Aset of interdependent elements that together accomplish specificobjectives. A system must haveorganization, interrelationships, integration, and central objectives |
System |
|
Apart of a system. Within limits, anysubsystem can be further divided into its component parts or subsystems |
Subsystem |
|
isa man-made system that generally consists of an integrated set ofcomputer-based and manual components established to collect, store, and managedata and to provide output information to users |
Information System or Management Information System |
|
isa specialized subsystem of the IS that collects, processes and reportsinformation related to the financial aspects of business events |
Accounting Information System |
|
portionof the overall IS related to a particular business process |
Information Process |
|
man-madesystem consisting of the people, equipment, organization, policies, andprocedures whose objective is to accomplish the work of the organization |
Operations Process |
|
man-madesystem consisting of the people, authority, organization, policies, andprocedures whose objective is to plan and control the operations of theorganization |
Management Process |
|
Datapresented in a form that is useful in a decision-making activity. It has value to the decision maker because itreduces uncertainty and increasesknowledge about a particular area of concern |
Information |
|
Factsor figures in raw form. Represents themeasurements of observations of objects and events. To be useful to a decision maker, it must betransformed into information |
Data |
|
Meetsthe needs of the information consumer who uses it for a specific task |
Effectiveness |
|
Relatesto the process of obtaining and using information so it aligns to the“information as a service” view. Information is easily obtained and used |
Efficiency |
|
Free of error and complete |
Integrity |
|
Regardedas true and credible. More subjective and related to perception, not justfactual |
Reliability |
|
Qualitygoals under accessibility and security |
Availability |
|
Correspondsto the restricted access information quality goal |
Confidentiality |
|
Mustconform to specifications and regulations |
Compliance |
|
Enablesusers to perceive significance and permits application by the user in adecision-making situation |
Understandability |
|
Capableof making a difference in a decision-making situation by reducing uncertaintyor increasing knowledge |
Relevance |
|
Availableto a decision maker before it loses relevance |
Timeliness |
|
Improvesthe decision maker’s capacity topredict, confirm or correct earlier expectations |
Predictive or feedback value |
|
Highdegree of consensus about the information among independent measurers using thesame measurement methods |
Verifiability |
|
Objective |
Neutrality or freedom from bias |
|
Enablesusers to identify similarities and differences between two pieces ofinformation |
Comparability |
|
Correspondenceor agreement between the information and the actual events or objects itrepresents |
Accuracy |
|
Degreeto which information includes data about every relevant object or eventnecessary to make a decision and includes that information only once |
Completeness |
|
relateto specific business events, such as one shipment, or to individual inventoryitems. This information is narrow inscope, detailed, accurate and comes largely from within the organization |
Horizontal Information Flows |
|
servicea multi-level management function from operations and transaction processingthrough tactical, operations, and strategic management |
Vertical Information Flows |
|
Thosefor which all three decision phases (intelligence, design, and choice) arerelatively routine or repetitive. Somedecisions are so routine that a computer can be programmed to make them |
Structured Decisions |
|
Thoseforwhich none of the decision phases (intelligence, design, or choice) are routineor repetitive |
Unstructured Decisions |
|
Applicationof accounting principles, auditing principles, IS techniques, and systemsdevelopment methods to design an AIS |
Designer |
|
Accountsperform various functions within organizations that use the AIS. As a user, the accountant should be involvedin the AIS design process |
User |
|
Provideaudit and assurance services |
Auditor |
|
Integratebusiness processes and information from all of an organization’s functionalareas Enablecoordinated operations of business functions and provide a central informationresource for the organization |
Enterprise Systems |
|
Softwarepackages that can be used for the core systems necessary to support enterprisesystems |
Enterprise Resource Planning (ERP)Systems |
|
How an enterprise might help purchase office equipment |
Providean electronic order form. Applybusiness rules. Routethe order for approvals. Sendthe order to a buyer. Connectto the vendor. Competethe business process by making data available for management and analysis ofthe events: Receive and route equipment to thepurchasing party. Project funding requirements. Analyze vendor performance. Compare purchaser’s budget and actualexpenditures. |
|
Buildsand maintains customer-related database |
Customer relationship management (CRM)software |
|
Allowscustomers to complete tasks without the help of an organization’s employees |
Customer self-service (CSS) software |
|
Automatessales tasks such as order processing and tracking |
Sales force automation (SFA) software |
|
Enablesthe steps in the supply chain including demand planning, inventory acquisition,manufacturing, distributing and selling |
Supply Chain Management (SCM) software |
|
Managesproduct data from design through manufacturing and ending in the disposal of aproduct |
Product Lifecycle Management (PLM)software |
|
Managesthe interactions with organizations that supply the goods and services to anenterprise; includes procurement and contract management |
Supplier Relationship Management (SRM)software |
|
isprovided by the application developer |
Application programming interface (API) |
|
combinesprocesses, software, standards, and hardware to link two or more systemstogether, allowing them to act as one |
Enterprise application integration (EAI) |
|
achain of activities performed by an organization that transform inputs intooutputs valued by the customer |
Value Chain |
|
isa basic unit of data |
Character |
|
(singlecell in a table) is a collection of related characters that comprise anattribute |
Field |
|
(arow in a table) is a collection of related data fields (attributes) thatbelongs to a particular entity or event |
Record |
|
(orfile) is a collection of related records (sometimes called entity/eventinstances) |
Table |
|
Major ERP Modules |
Sales and Distribution Materials Management Financial Accounting Controlling and Profit Analysis Human Resources |
|
Order to Cash Process |
Presales activities Sales order processing Pick and Pack Shipping Billing Payment |
|
Purchase to Pay Process |
Requirement determination Purchase order processing Goods receipt Invoice Verification Payment Processing |
|
Pros of enterprise systems |
Singledatabase Integratedsystem Processorientation (versus function orientation) Standardizationof business processes and data, easier to understand across the organization Fasterbusiness processes |
|
Pros of ERP Packages |
Onepackage across many functions “Bestpractices” Modularstructure (buy what you need) Nodevelopment needed (unless modifications are required) Configurable Reducederrors (e.g., business rules, enter data once) |
|
Cons of Enterprise Systems |
Centralizedcontrol versus decentralized empowerment Inabilityto support traditional business processes that may be best practices for thatorganization. |
|
Cons of ERP Packages |
Complexand inflexible Bestpractices are shared by all who buy Difficultto configure Longimplementation Bestof breed might be better (that single ERP package) Can’tmeet all needs (developed for many user types) |
|
Applicationof electronic networks (including the Internet) to exchange information andlink business processes among organizations and individuals |
Electronic Business (e-Business)
|
|
Relativelypermanent data, related to entities, and maintained over an extended period oftime. Two types of updates can be made |
Master Data |
|
includesdata processing functions related to economic events |
Information Processing |
|
includesactivities related to adding, deleting or replacing standingdata |
Data Maintenance |
|
relativelypermanent portions of master data. such as the credit limit on customer master data and the selling price. |
Standing Data |
|
Theaggregation of several business events over some period of time with thesubsequent processing of these data as a group by the information system |
Batch Processing |
|
Processingmode with delay between the various data processing steps. Heavily dependent onthe use of batch processing |
Periodic Mode |
|
Informationis recorded on a source document |
Business Event Occurs |
|
Abatch of source documents is entered in a computerized format |
Record business event data |
|
Thecomputer processes the entered information and updates the master data |
Update Master Data |
|
Afterthe update, periodic outputs (i.e. reports) are generated for management |
Generate Outputs |
|
Communication Networks |
Client/servertechnology Localarea networks (LANs) Widearea networks (WANs) Internet Webbrowsers Intranet Extranet |
|
Non-standardizedmessages between individuals linked via a communications network. Weakform for e-business because of non-standardized format |
Electronic Mail (e-mail) |
|
Capture,storage, management, and control of document images |
Electronic Document Management (EDM) |
|
Computer-to-computerexchange of business data in structured formats that allow direct processing ofthose electronic documents by the receiving computer system |
Electronic Data Interchange (EDI) |
|
Computer-to-computerexchange of business event data in structured or semi-structured formats viaInternet communication that allows the initiation and consummation of businessevents |
Internet Commerce |
|
Serviceprovided for a fee to vendors to provide limited assurance to users of thevendor’s Web site that the site is in fact reliable and event data security isreasonable. Examples include CPA WebTrust |
Internet Assurance |
|
Theuse of the Internet to provide scalable services, such as software, andresources, hardware and data storage, to users. Examples include Gmail |
Cloud Computing |
|
Providean Internet base for companies to put products up for bid or for buyers to putproposed purchases up for bid. |
Internet Auction Market |
|
Bringstogether a variety of suppliers in a given industry with one or more buyers inthe same industry to provide Internet commerce through organized markets |
Internet Market Exchanges |
|
Agraphical representation of a system. Depictsthe systems components; the data flows among the components; and the sources,destinations, and storage of data.¡ Usesa limited number of symbols. |
Data Flow Diagram |
|
depicts an entity or a process within which incoming data flows are transformed into outgoing data flows |
Bubble symbol ( Circle)
|
|
represents a pathway for data |
data flow symbol (arrow) |
|
portrays a source or a destination of data outside the system |
External Entity Symbol (Square) |
|
represents a place where data is stored |
Data Store Symbol (Parallel Lines) |
|
Top-level,or least a detailed, diagram of a system depicting the system and all itsactivities as a single bubble and showing the data flows into and out of thesystem and into and out of the external entities |
Context Diagram |
|
Thoseentities (i.e., persons, places, or things) outside the system that send datato, or receive data from, the system |
External Entities |
|
Content of a Context Diagram |
Customer (square) Payment (arrow) Cash Receipts Process (Circle) Deposit (Arrow) Bank (Square) |
|
Graphical representation of a systemshowing the system’s internal and external entities, and the flows of data intoand out of these entities |
Physical Data Flow Diagram |
|
Anentity within the system that transforms data |
Internal Entity |
|
Graphical representation of a system showing the system’s processes (asbubbles), data stores, and the flows of data into and out of the processes anddata stores |
Logical data flow diagram (DFD) |
|
When are DFDs balanced? |
DFDsare balanced whenthe external data flows of the DFDs are equivalent |
|
A graphical representation of a businessprocess, including information processes as well as the related operationsprocesses |
Systems flowchart |
|
an action being performed by an internal or external entity |
Activity |
|
handlerequired actions for out-of-the-ordinary (exceptional) or erroneous events data |
Exception Routines or Error Routines |
|
adata flow assigned the label “Reject” that leaves a bubble but does not go toany other bubble or data store. Shownonly in lower-level diagrams |
Reject Stub |
|
cancause inconsistencies among the same data in different files. Increases storage and labor costs and datamay not be shareable |
Data Redundancy |
|
Aset of integrated programs designed to simplify the tasks of creating,accessing, and managing a centralized database |
Database Management Systems
|
|
Datais decoupled from the system applications to make it independent of theapplication or other users |
Data Independence |
|
Systemsthat use this decoupled approach are referred to as having what? |
Three-tier Architecture |
|
Pros of the Centralized Database Approach |
Eliminatingdata redundancy Easeof maintenance Reducedlabor and storage costs Dataintegrity Dataindependence Privacy |
|
Cons of the Centralized Database Approach |
Expensiveto implement and maintain. Ifthe DBMS fails, all the organization’s information processing halts. Increasedpotential for damage should unauthorized access to the database occur. Databaserecovery and contingency planning aremore important than in the applications approach. |
|
Recordsthat are included in a record one level above them (a parent record) |
Child Record |
|
Includethe lower-level child records |
Parent Records |
|
includea relational DBMS framework with the capability to store complex data types |
Object-relational databases |
|
A place to store data |
Table |
|
Toolsthat allow users to access the data stored in various tables and to transformdata into information |
Queries |
|
Onscreenpresentations that allow users to view data in tables or collected by queriesfrom one or more tables and input new data |
Forms |
|
Printed lists and summaries of data stored intables or collected by queries from one or more tables |
Reports |
|
The unique identifier for each row of a table (or record within a file) that serves as the address for that row |
Primary Key |
|
Theprocess of grouping or categorizing data according to common attributes |
Classifying |
|
Thecreation of substitute values, or codes, to represent classification categorieslong labels |
Coding |
|
assignsnumbers to objects in chronological sequence. Provides limited flexibility andtells nothing about the object’s attributes. Limitations with adding anddeleting exist |
Sequential (serial) coding |
|
dedicatesgroups of numbers to particular object characteristics. Numbers within each block are generallyassigned sequentially. This leads tosome of the same adding and deleting limitations as sequential coding |
Block Coding |
|
assignsmeanings to specific digits |
Significant Digit Coding |
|
ordersitems in descending order where each successive rank order is a subset of therank above it. Specific meaning isattached to particular positions |
Hierarchical Coding |
|
includesletters as some or all of the code which is done to help humans remember them |
Mnemonic Coding |
|
acode that includes an extra digit that can be used to check the accuracy of thecode |
Check Digit |
|
what does anomalies mean? |
errors |
|
Containsrepeating attributes (fields) within each row (or record) |
Unnormalized Table |
|
If a table doesn’t contain repeating groups then |
It is in First normal form
|
|
Problemsarise because an attribute is dependant ona portion of the primary key |
partial dependencies |
|
A table that is in 1NF and has no partial dependencies is said to be in |
Second Normal Form |
|
Anattribute that is not part of the primary key. |
Non-key Attributes |
|
A table that is in 2NF and has no transitive dependencies is said to be in |
Third Normal Form |
|
existswhen a non-key attribute is functionally dependent on another non-keyattribute |
Transitive Dependency |
|
Depictsuser requirements for data stored in a database |
Data Model |
|
Designeridentifies the important things (entities)about which information will be stored and how the things are related to eachother (relationships) |
Entity-relationship modeling |
|
Adiagram of the relational model |
Entity-relationship model |
|
reflectsthe system’s key entities and the relationships among those entities |
Entity Relationship Diagram (E-R Diagram) |
|
Thedegree to which each entity participates in the relationship. Can have a valueof “one” (“1) or “many” (“N” or “M”) |
Cardinality |
|
Measureof the highest level of participation that one entity can have in anotherentity |
Maximum Cardinality |
|
Informationtools that can help decision makers. |
Decision Aids |
|
Informationsystems that assist managers with unstructured decisions by retrieving andanalyzing data and generating information |
Decision Support Systems |
|
Can imitate human decision making |
Artificial Intelligence |
|
Combineinformation from the organization and the environment, organize and analyze theinformation, and present the information to the manager in a form that assistsin decision making |
Executive information systems (EIS) (alsocalled executive support systems |
|
Computer-basedsystems that support collaborative intellectual work such as: ideageneration, elaboration, analysis,synthesis, information sharing, and decision making |
Group support systems (GSS),also known as Group Decision Support Systems (GDSS) |
|
amethod for freely and creatively generating as many ideas as possible withoutundue regard for their practicality or realism |
Brainstorming |
|
Decisionsupport systems for complex decisions, where consistency is desirable and thedecision maker wants to minimize time and maximize quality. Emulates theproblem solving techniques of human experts |
Expert Systems |
|
Computerhardware and software systems that mimic the human brain’s ability to recognizepatterns or predict outcomes using less-than complete information |
Neutral Networks |
|
Softwareprogram that may be integrated into DSS or other software tools (such as wordprocessing, spreadsheet, or database packages) |
Intelligence Agent |
|
Useof information systems facilities to focus on the collection, organization,integration, and long-term storage of entity-wide data |
Data Warehousing |
|
Exploration,aggregation, and analysis of data in data warehouses using analytical tools andexploratory techniques |
Data Mining |
|
Theprocess of capturing, storing, retrieving, and distributing the knowledge ofthe individuals in an organization for use by others in the organization toimprove the quality and efficiency of decision making across the firm |
Knowledge Management |
|
Refersto information that has been formatted and distributed in accordance with anorganization’s routines, processes, practices and norms |
Knowledge |
|
Theprocess by which organizations select objectives, establish processes toachieve objectives, and monitor performance |
Organizational Governance |
|
Aprocess, effected by an entity’s board of directors, management, and otherpersonnel, applied in strategy settings and across the enterprise, designed toidentify potential events that may affect the entity, and manage risk to bewithin its risk appetite, to provide reasonable assurance regarding theachievement of entity objectives |
Enterprise Risk Management (ERM) |
|
afunction of initial expected gross risk, reduced risk exposure due to controlsand the cost of controls |
Residual Expected Risk |
|
Sarbanes-Oxley Act of 2002 |
Createdpublic company accounting oversight board (PCAOB). Strengthenedauditor independence rules. Increasedaccountability of company officers and directors. Mandatedupper management to take responsibility for the company’s internal controlstructure. Enhancedthe quality of financial reporting. Increasedwhite collar crime penalties. |
|
5 interrelated components of Internal Control |
Control Environment Risk Assessment Control Activities Information and Communication Monitoring |
|
isa process—effected by an entity’s board of directors, management and otherpersonnel—designed to provide reasonable assurance regarding the achievement ofobjectives |
Internal Control |
|
aseries of actions or operations leading to a particular and usually desirableresult |
Process |
|
Adeliberate act or untruth intended to obtain unfair or unlawful gain |
Fraud |
|
includescrime in which the computer is the target of the crime or the means used tocommit the crime |
Computer Crime |
|
is software designed specifically to damage or disrupt a computer system |
Malware |
|
isa program code that can attach itself to other programs thereby “infecting”those programs and macros |
Computer Virus |
|
Instructionsinserted in programs to steal very small amounts of money |
Salami slicing |
|
Specialcode that allows a programmer to bypass its security features and can be usedto attack the program |
Back door |
|
Moduleof unauthorized code that performs a damaging, unauthorized act. Often used in phishing e-mails |
Trojan Horse
|
|
Codesecretly inserted in a program that is designed to execute or explode at aspecific date or event |
Logic Bomb |
|
Computervirus that replicates itself on disks, in memory and across networks |
Worm |
|
Programthat secretly takes over another Internet-attached computer and uses that computer to launch untraceableattacks |
Zombie |
|
reflectsthe organization’s (primarily the board of directors’ and management’s) generalawareness of and commitment to the importance of control throughout theorganization |
Control Environment |
|
Atool designed to assist in evaluating the potential effectiveness of controlsin a business process by matching control goals with relevant control plans |
Control Matrix |
|
Businessprocess objectives that an internal control system is designed to achieve |
Control Goals |
|
Reflectinformation-processing policies and procedures that assist in accomplishingcontrol goals |
Control Plans |
|
relateto a multitude of goals and processes, They are broad in scope and applyequally to all business processes |
Pervasive control plans |
|
areappliedto all IT service activities |
General Controls aka IT General Controls |
|
areapplied to a particular business process, such as billing or cash receipts |
Business Process Control Plans |
|
areautomated business process controls contained within IT application systems(i.e., computer programs) |
Application Controls |
|
stops problems from occurring |
preventive control plans |
|
discover that problems have occurred
|
Detective Control Plans
|
|
rectify problems that have occurred |
Corrective Control Plans |
|
separates the four basis functions of event processing |
Segregation of Duties
|
|
The four basic functions of event processing |
Authorizing Events Executing Events Recording Events Safeguarding Resources |
|
aplan or process put in place to guide actions and achieve goals |
Policy |
|
Jobcandidates should be carefully screened, selected and hired |
Selection and Hiring control plans |
|
Companiesshould provide create and challenging work opportunities as well as channelsfor advancement whenever possible |
Retention control plans |
|
Trainingmust occur regularly and be a top priority. Performance reviews should assess strengths and weaknesses and identifyopportunities for promotion, training and personal growth. |
personnel development control plans |
|
Definesprocedures when an employee leaves an organization |
personnel termination control plans |
|
this class... |
Sucks |