Chapter 5- Database Management SystemsApplications approach:Has consequence of data redundancyAlso known as flat tire approachEach application collects/manages its own dataData needed by multiple applications/functional processes isn’t sharedData redundancy causes increased labor and storage costsData redundancy can lead to inconsistent data across different applicationsTwo tier architectureUser/presentation tier- what you see when you turn on computerApplication/database tierCentralized database approach:Data is stored in relational databases, solving problems of data redundancy and improving efficiency and data integrityMore ERP systems today use relational databasesData is decoupled from application (data independence)Three tier architecture:User or presentation tierApplication tierDatabase tierData can be accessed by reports and queriesDatabase Management Systems:Set of integrated programs designed to simplify the tasks of creating, accessing and managing a centralized databaseDefault language is SQLCoordinates activities of many functional areasIntegrates collection of files that are independent of application programDatabase Models:Hierarchal: now obsolete, records were organized in pyramidParent can have many children, children only 1 parentNetwork:Parent can have many child records, child records can have many parent recordsSale to customer can have parent of customer and salespersonInterrupted by development of relational database modelRelational: all data within system is shared by all users to facilitate integrationData is logically organized in 2-D tablesUsed by most organizations todayCan handle complex queriesRequires more complex memory and processing timeAllows only text and numerical information to be storedObject: oriented: (itunes)Stores simple and complex objects (text, graphics, audio, video)Objects store attributes and instructions for actionsData WarehousingCollection, organization, integration and long-term storage of entity-wide dataPurpose is to provide users with easy access to large quantities of varied data from organization to improve decision-makingTypically created by copying data periodicallyOther external data can be included to improve decision makingData MiningAggregation, exploration, analysis of large quantities of dataChapter 7- Controlling Information SystemsEnterprise risk management: a processEffected by an entity’s board of directors ,management, other personnelApplied in strategy settings and across enterpriseDesigned to identify potential events that may affect the entityManage risk to be within risk appetiteTo provide reasonable assurance regarding the achievement of entity objectivesERM framework:Strategic- high level goals aligned with and supporting its missionOperations- effective and efficient use of its resourcesReporting- reliability of reportingCompliance- compliance with applicable laws and regulationsRisk assessment:Risks are analyzed, likelihood and impact are determinedRisk response:Avoiding, accepting, reducing, sharingFraud:Deliberate act or untruth intended to obtain unfair or unlawful gainManipulating information for criminal purposesTitles of SOX:Title I- Public Company Accounting Oversight Board (PCAOB)Established an independent board to oversee public company auditsAssigns oversight and enforcement authority over the board to the SECTitle II- Auditor IndependenceProhibition of providing financial information systems design and implementation services to audit clientsRequires audit partner rotationTitle III- Corporate ResponsibilityRequires CEO and CFO to certify quarterly and annual reportsTitle IV- Enhanced Financial DisclosuresRequires each annual report filed with the SEC to include an internal control reportTitle V- Analysts’ Conflicts of InterestsRequire financial analysts to properly disclose in research reports any conflicts of interest they might hold with the companies they recommendTitle VI- Commission Resources and AuthorityAuthorizes SEC to censure or deny any person the privilege of appearing or practicing before the SEC if that person is deemed to be unqualified (acted unethically, violated law)Title VII- Studies and ReportsAuthorizes Government Accountability Office (GAO) to study the consolidation of public accounting firms since 1989 and offer solutions to any recognized problemsTitle VIII- Corporate and Criminal Fraud AccountabilityTitle IX- White-Collar Crime Penalty EnhancementsCriminal penalties up to $5 million and up to 20 years in prison if they knowingly or willfully falsely certifyRequires CEOs and CFOs to certify information contained in periodic reports is fairly representedTitle X- Corporate Tax ReturnsCorporate federal income tax returns must be signed by the CEOTitle XI- Corporate Fraud and AccountabilityProvides fines and imprisonment for up to 20 years for those who corruptly alter, destroy, or conceal documents with the intent to impair the document’s integrity or availabilityInternal control:Process effected by an entity’s board of directors, management, and other personnel-designed to provide REASONABLE assurance regarding the achievement of objectives in the following categories:Effectiveness and efficiency of operationsReliability or reportingCompliance with applicable laws and regulationsTypes of Malware:Salami slicing- unauthorized instructions are inserted into a program to systematically steal very small amountsTrojan horse- a module of unauthorized computer code is covertly placed in a seemingly harmless programBack door- the programmer may insert a special code or password that enables him/her to bypass the security features of the programLogic bomb- code, secretly inserted into a program, is designed to execute (explode) when a specific date or event occursWorm- a type of computer virus that replicates itself on disks, in memory, and across networks, shuts down the systemZombie- secretly takes over another internet-attached computer and then uses that computer to launch attacks that can’t be traced to the zombie’s creatorControl Goals:Effectiveness of operationsMeasure of success in meeting one or more goals for the operations processStrives to ensure that a given operational process is fulfilling the purpose for which it was intendedEfficient employment of resourcesMeasure of productivity of the resources applied to achieve a set of goalsCan only be evaluated in a relative senseCost and benefits must be determinedSecurity of resourcesProtecting an