BMGT326 Exam 2 Review Ch 5 7 8 9 o o o o o o o o o o o o o Chapter 5 Four types of DBMS Models Applications approach flat file approach approach to business event processing in which each application collects and manages its own data data is needed by multiple applications functional processes not shared Consequence is data redundancy causes increased labor storage costs inconsistent data across multiple applications reduces data integrity Uses a two tiered architecture user presentation tier application database tier Centralized database approach one collection of relational tables is shared across the company stored in relational databases can be accessed by other interfaces reports queries application and data exist separately data independence improves data redundancy integrity overcomes limitations of applications approach used by most ERP systems today Three tiered architecture user presentation tier application tier database tier Database management systems DBMS set of integrated problems design to simplify the tasks of a centralized database collection of files independent of application programs coordinate activities of functional areas Advantages eliminates redundancy reduces labor storage costs increases data integrity reduces redundancy and independence ease of maintenance increases privacy Disadvantages expensive to implement more powerful hardware failure stops all data processing increased potential consequences of unauthorized access possible contention concurrency problems territorial disputes over data requires continuous data protection contingency planning Hierarchical records organized in a pyramid structure parent records may have multiple child records but child records only have one parent record worked well for simple situations now obsolete Network parent records may have multiple child records and child records may have multiple parent records sale to customer may have parent of customer and parent of salesperson mass move to network DMBS interrupted by development of relational database model Relational data logically organized into two dimensional tables can handle complex queries all data within system is shared by all users to facilitate integration used by most modern organizations today but requires more computer memory processing time and only allows text numerical information to be stored Elements tables place to store data queries access data stored in tables and transform it into information forms on screen presentations used to input view data in tables reports printed lists summaries of data stored in tables Object oriented stores both simple and complex objects ie audio graphics geographic information objects store attributes instructions for actions Data warehouse collection organization integration long term storage of entity wide data provides users with easy access to improve decision making capabilities may also use other external data created by copying data periodically Data mining exploration aggregation analysis of large quantities of data from across the organization requires training and expertise Chapter 7 Enterprise risk management ERM process affected by an entity s personnel that is applied in strategy settings across the enterprise designed to identify potential events that may affect the entity manages risk to be within risk appetite provides reasonable assurance of achieving entity objectives Four categories of ERM framework Strategic high level goals aligned with supporting its mission Operations effective efficient use of resources Reporting reliability of reporting Compliance compliance with applicable laws regulations Risk assessment risks are analyzed to determine likelihood and impact Risk response avoiding accepting reducing and sharing risk Fraud a deliberate act or untruth intended to obtain unfair unlawful gain manipulating information for criminal purposes Examples of fraud risks increasing professional skepticism using unpredictable audit test patterns detecting management override of internal controls emphasized in SAS No 99 o SOX Titles o o o o o o o o o o o Title I establishes the PCAOB independent board oversees public company audits Title 2 auditor independence partner rotation no non audit services controller independent for year Title 3 corporate responsibility CEO CFO review reports must be fair accurate Title 4 enhanced financial disclosures internal control reports Title 5 analysts conflicts of interest financial analysts disclose conflicts research reports Title 6 commission resources and authority must be qualified in eyes of SEC Title 7 studies and reports GAO may study consolidation of public accounting firms Title 8 corporate and criminal fraud accountability 25 year felony sentence whistleblower protection Title 9 white collar crime penalty enhancements 5 million 20 year penalty for fraud by CEO CFO Title 10 corporate tax returns must be signed by CEO Title 11 corporate fraud and accountability fines up to 20 years for fraud if sentenced can never serve as director officer again Internal control process affected by an entity s personnel designed to provide reasonable assurance regarding the achievement of objectives in effectiveness efficiency of operations reliability reporting and compliance with applicable laws regulations definition developed by the COSO Malware malicious software software specifically designed to damage disrupt a computer system Salami slicing unauthorized instructions inserted into program to systematically steal very small amounts Trojan horse module of unauthorized computer code covertly placed in a seemingly harmless program Back door programmer inserts special code password enabling them to bypass security features of program Logic bomb code secretly inserted into the program that will explode when a specific date event occurs o o o o o Worm type of computer virus that replicates itself on disks memory networks uses resources to the point that it shuts down the system Zombie secretly takes over another internet attached computer and uses it to launch attacks that can t be traced to the zombie s creator Control goals Control Matrix Table 7 1 Control goals of operation processes Effectiveness of operations meeting goals fulfilling operational purposes Efficient employment of resources measure productivity of resources in relative sense costs benefits Security of resources physical and non physical resource protection Control goals of information processes Input