Exam 2 03 04 2013 Chapter 5 Database Management Systems Applications approach Has consequence of data redundancy Also known as flat tire approach Each application collects manages its own data Data needed by multiple applications functional processes isn t shared Data redundancy causes increased labor and storage costs Data redundancy can lead to inconsistent data across different o User presentation tier what you see when you turn on applications Two tier architecture computer o Application database tier o Centralized database approach Data is stored in relational databases solving problems of data redundancy and improving efficiency and data integrity More ERP systems today use relational databases Data is decoupled from application data independence Three tier architecture o User or presentation tier o Application tier o Database tier Data can be accessed by reports and queries Database Management Systems Set of integrated programs designed to simplify the tasks of creating accessing and managing a centralized database Default language is SQL Coordinates activities of many functional areas Integrates collection of files that are independent of application program Database Models Network Hierarchal now obsolete records were organized in pyramid o Parent can have many children children only 1 parent o Parent can have many child records child records can have o Sale to customer can have parent of customer and many parent records salesperson o Interrupted by development of relational database model Relational all data within system is shared by all users to facilitate integration o Data is logically organized in 2 D tables o Used by most organizations today o Can handle complex queries o Requires more complex memory and processing time o Allows only text and numerical information to be stored Object oriented itunes o Stores simple and complex objects text graphics audio video o Objects store attributes and instructions for actions Data Warehousing wide data Collection organization integration and long term storage of entity Purpose is to provide users with easy access to large quantities of varied data from organization to improve decision making Typically created by copying data periodically Other external data can be included to improve decision making Data Mining Aggregation exploration analysis of large quantities of data Exam 2 03 04 2013 Chapter 7 Controlling Information Systems Enterprise risk management a process Effected by an entity s board of directors management other personnel Applied in strategy settings and across enterprise Designed to identify potential events that may affect the entity Manage risk to be within risk appetite To provide reasonable assurance regarding the achievement of entity objectives ERM framework Strategic high level goals aligned with and supporting its mission Operations effective and efficient use of its resources Reporting reliability of reporting Compliance compliance with applicable laws and regulations Risk assessment Risk response Fraud Risks are analyzed likelihood and impact are determined Avoiding accepting reducing sharing Deliberate act or untruth intended to obtain unfair or unlawful gain Manipulating information for criminal purposes Titles of SOX Title I Public Company Accounting Oversight Board PCAOB o Established an independent board to oversee public company o Assigns oversight and enforcement authority over the board audits to the SEC Title II Auditor Independence o Prohibition of providing financial information systems design and implementation services to audit clients o Requires audit partner rotation Title III Corporate Responsibility o Requires CEO and CFO to certify quarterly and annual reports Title IV Enhanced Financial Disclosures o Requires each annual report filed with the SEC to include an internal control report Title V Analysts Conflicts of Interests o Require financial analysts to properly disclose in research reports any conflicts of interest they might hold with the companies they recommend Title VI Commission Resources and Authority o Authorizes SEC to censure or deny any person the privilege of appearing or practicing before the SEC if that person is deemed to be unqualified acted unethically violated law Title VII Studies and Reports o Authorizes Government Accountability Office GAO to study the consolidation of public accounting firms since 1989 and offer solutions to any recognized problems Title VIII Corporate and Criminal Fraud Accountability Title IX White Collar Crime Penalty Enhancements o Criminal penalties up to 5 million and up to 20 years in prison if they knowingly or willfully falsely certify o Requires CEOs and CFOs to certify information contained in periodic reports is fairly represented Title X Corporate Tax Returns CEO Title XI Corporate Fraud and Accountability o Corporate federal income tax returns must be signed by the o Provides fines and imprisonment for up to 20 years for those who corruptly alter destroy or conceal documents with the intent to impair the document s integrity or availability Internal control Process effected by an entity s board of directors management and other personnel designed to provide REASONABLE assurance regarding the achievement of objectives in the following categories o Effectiveness and efficiency of operations o Reliability or reporting o Compliance with applicable laws and regulations Types of Malware Salami slicing unauthorized instructions are inserted into a program to systematically steal very small amounts Trojan horse a module of unauthorized computer code is covertly placed in a seemingly harmless program Back door the programmer may insert a special code or password that enables him her to bypass the security features of the program Logic bomb code secretly inserted into a program is designed to execute explode when a specific date or event occurs Worm a type of computer virus that replicates itself on disks in memory and across networks shuts down the system Zombie secretly takes over another internet attached computer and then uses that computer to launch attacks that can t be traced to the zombie s creator Control Goals Effectiveness of operations o Measure of success in meeting one or more goals for the operations process o Strives to ensure that a given operational process is fulfilling the purpose for which it was intended Efficient employment of resources o Measure of productivity of the resources applied to achieve a set of goals o
View Full Document