Information Systems and Communication
Computerized Processing of Accounting Information Data Entry/data capture Master file update System Output
*Data entry/data capture* -- When a transaction occurs, the data may be manually recorded on a physical source document and then keyed into the system, or the data may be captured electronically using automated data capture equipment such as bar code readers. 1. The transaction data is recorded in a transaction file: a. Transaction files -- In a computerized environment, they are equivalent to journals in a manual environment. b. Transaction files are temporary files -- Data in the transaction files is periodically purged from the system to improve system performance. *Master file update* -- Data from the transaction files is used to update account balances in the master files. For example, the data from recording a utilities bill payment would be used to increase the balance of the utilities expense account and decrease the balance of the cash account in the general ledger master file. 1. Master files are used to maintain transaction totals by account: a. Master files -- In a computerized environment, they are equivalent to ledgers in a manual environment. b. The general ledger and the subsidiary ledgers are all examples of master files. c. Master files are permanent files. The individual account balances change as transactions are processed but the accounts and master files themselves are never deleted. C. System output -- The master file account balances are used to produce most reports. 1. The general ledger master file is used to produce the financial statements.
Symmetric encryption (Single Key or Private Key Network)
1. Fast, simple, easy and less secure than asymmetric encryption. 2. More often used in data stores (i.e., data at rest) since only one party then needs the single algorithm and key. 3. Also called single-key encryption, symmetric encryption uses a single algorithm to encrypt and decrypt. 4. The sender uses the encryption algorithm to create the ciphertext and sends the encrypted text to the recipient. 5. The sender informs the recipient of the algorithm. 6. Recipient reverses the algorithm to decrypt.
1. Input and origination controls 2. Processing and file controls 3. Ouput Controls
1. Input and origination controls -- Control over data entry and data origination process 2. Processing and file controls -- Controls over processing and files, including the master file update process 3. Output controls -- Control over the production of reports
Important input controls Missing Data Check Field Check Limit Test
1. Missing data check -- The simplest type of test available: checks only to see that something has been entered into the field. 2. Field check (data type/data format check) -- Verifies that the data entered is of an acceptable type - alphabetic, numeric, a certain number of characters, etc. 3. Limit test -- Checks to see that a numeric field does not exceed a specified value; for example, the number of hours worked per week is not greater than 60. There are several variations of limit tests:
Databases
A set of logically related files -- Most business data is highly inter-related, and consequently, most business data is stored in databases. Database management system -- 1. A system for creating and managing a well-structured database. A "middle-ware" program that interacts with the database application and the operating system to define the database, enter transactions into the database, and extract information from the database; the DBMS uses three special languages to accomplish these objectives: a. Data definition language (DDL) -- Allows the definition of tables and fields and relationships among tables. b. Data manipulation language (DML) -- Allows the user to add new records, delete old records, and to update existing records. c. Data query language (DQL) -- Allows the user to extract information from the database; most relational databases use structured query language (SQL) to extract the data; some systems provide a graphic interface that essentially allows the user to "drag and drop" fields into a query grid to create a query; these products are usually called query-by-example (QBE). *Database management software is considered both software and middleware*
Electronic Funds Transfer (EFT)
A technology for transferring money from one bank account directly to another without the use of paper money or checks; EFT substantially reduces the time and expense required to process checks and credit transactions.
Types of Files Master Files Standing Data Transaction files System control parameter files
A. Accounting systems typically include the following four file types: 1. Master files are updated by postings to transaction files. 2. Standing data is a subcategory of master file that consists of infrequently changing master files (e.g., fixed assets, supplier names and addresses) 3. Transaction files are the basis for updating master files. 4. System control parameter files determine the workings, including error characteristics and bounds, of system runs. B. A primary goal of data control is to ensure that access, change, or destruction of data and storage media is authorized.
Computer and System Attack Methods
A. Back door or trap door -- A software program that allows an unauthorized user to gain access to the system by sidestepping the normal logon procedures. Historically, programmers used back doors to facilitate quick access to systems under development. If left in a system, or installed by a hacker, they enable unauthorized access. B. Botnets (or zombie computers) -- A collection of computers under the control of a perpetrator that are used to perpetrate DoS, adware, spyware and spam attacks. C. Denial of service (DoS) attack -- Rather than attempting to gain unauthorized access to IT resources, some attackers threaten the system by preventing legitimate users from accessing the system. Perpetrators instigate these attacks, using one or many computers, to flood a server with access requests that cannot be completed. D. Eavesdropping -- Eavesdropping is the unauthorized interception of a private communication, such as a phone call, email, or instant message transmission. E. Email bombing or spamming -- Attacking a computer by sending thousands or millions of identical emails to the address. F. Logic bomb -- An unauthorized program planted in the system; the logic bomb lies dormant until the occurrence of a specified event or time (e.g., a specific date, the elimination of an employee from active employee status). G. Malicious software (malware) -- Programs that exploit system and user vulnerabilities to gain access to the computer; there are many types of malware. H. Man-in-the-middle attack -- A perpetrator establishes a connection between two devices and then pretends to be each party, thereby intercepting and interfering with messages between the parties, e.g., to steal passwords or credit card information.
Important input controls Closed loop verification Batch control totals
9. Closed loop verification -- Helps ensure that a valid and correct account code has been entered; after the code is entered, this system looks up and displays additional information about the selected code. For example, the operator enters a customer code, and the system displays the customer's name and address. Available only in online real-time systems. 10. Batch control totals -- Manually calculated totals of various fields of the documents in a batch. Batch totals are compared to computer-calculated totals and are used to ensure the accuracy and completeness of data entry. Batch control totals are available, of course, only for batch processing systems or applications. -Financial Totals -Hash Totals -Record counts
Common types of computers
1. Supercomputers -- Computers at the leading edge of processing capacity; their definition is constantly changing as the supercomputer of today often becomes the personal computer of tomorrow; generally used for calculation-intensive scientific applications, for example, weather forecasting and climate research. 2. Mainframe computers -- Powerful computers used by commercial organizations to support mission-critical tasks such as sales and order processing, inventory management, and e-commerce applications. Unlike supercomputers, which tend to support processor-intensive activities (i.e., a small number of highly complex calculations), mainframe computers tend to be input and output (I/O) intensive (i.e., a very large number of simple transactions). Frequently support thousands of simultaneous users. 3. Servers (high-end and mid-range) -- Computers that are specifically constructed to "serve" thousands of users on a client/server computer network. May have some of the control features of mainframe computers but run slower and cost less. 4. Personal computers (PCs) or workstations -- Designed for individual users and typically include word processing and spreadsheet software, and, network connectivity to enable people to check their Facebook pages. Sometimes also called a "fat client," but some of us avoid the use of the word "fat" except in reference to people that we dislike. 5. Thin client computers -- Computers with minimal capabilities (e.g., slow processing speed, small amount of storage) that is used to access resources on a network system. 6. Laptop computers 7. Mobile Computing Devices 7. Mobile computing devices
General Ledger and Subsidiary Ledgers
1. The general ledger -- Classifies transactions by financial statement accounts (cash, inventory, accounts payable, sales revenue, supplies expense, etc.). 2. The subsidiary ledgers (sub-ledgers) -- Classify transactions by alternative accounts (e.g. customer accounts, vendor accounts, product accounts). Not all transactions are posted to sub-ledgers: each sub-ledger corresponds to a single general ledger account, and only transactions that affect that account are posted in the sub-ledger.
Important input controls Preprinted forms and preformatted screens Default values Automated data capture
11. Preprinted forms and preformatted screens -- Reduce the likelihood of data entry errors by organizing input data logically: when the position and alignment of data fields on a data entry screens matches the organization of the fields on the source document, data entry is faster, and there are fewer errors. 12. Default values -- Presupplied data values for a field when that value can be reasonably predicted; for example, when entering sales data, the sales order date is usually the current date; fields using default values generate fewer errors than other fields. 13. Automated data capture -- Use of automated equipment such as bar code scanners to reduce the amount of manual data entry; reducing human involvement reduces the number of errors in the system.
Important input cotrols Valid Cost test Check Digit
4. Valid code test (validity test) -- Checks to make sure that each account code entered into the system is a valid (existing) code; this control does not ensure that the code is correct, merely that it exists. 5. Check digit -- Designed to ensure that each account code entered into the system is both valid and correct. The check digit is a number created by applying an arithmetic algorithm to the digits of a number, for example, a customer's account code. The algorithm yields a single digit appended to the end of the code. Whenever the account code (including check digit) is entered, the computer recalculates the check digit and compares the calculated check digit to the digit entered. If the digits fail to match, then there is an error in the code, and processing is halted.
Important input cotrols Reasonableness check (logic test) Sequence check Key Verification
6. Reasonableness check (logic test) -- Checks to see that data in two or more fields is consistent. For example, a rate of pay value of "$3,500" and a pay period value of "hourly" may be valid values for the fields when the fields are viewed independently; however, the combination (an hourly pay rate of $3,500) is not valid. 7. Sequence check -- Verifies that all items in a numerical sequence (check numbers, invoice numbers, etc.) are present. This check is the most commonly used control for processing completeness. 8. Key verification -- The re-keying of critical data in the transaction, followed by a comparison of the two keyings.
Data Structures in Accounting Systems Bit Byte Field Record File Database
A. Bit (binary digit) -- An individual zero or one; the smallest piece of information that can be represented. B. Byte -- A group of (usually) eight bits that are used to represent alphabetic and numeric characters and other symbols (3, g, X, ?, etc.). Several coding systems are used to assign specific bytes to characters; ASCII and EBCIDIC are the two most commonly used coding systems. Each system defines the sequence of zeros and ones that represent each character. C. Field -- A group of characters (bytes) identifying a characteristic of an entity. A data value is a specific value found in a field. Fields can consist of a single character (Y, N) but usually consist of a group of characters. Each field is defined as a specific data type. Date, Text and Number are common data types. D. Record -- A group of related fields (or attributes) describing an individual instance of an entity (a specific invoice, a particular customer, an individual product). E. File -- A collection of records for one specific entity (an invoice file, a customer file, a product file). 1. In a database environment, files are sometimes called tables. F. Database -- A set of logically related files.
Digital Signatures Digital certificates
A. Digital signatures -- 1. An electronic means of identifying a person or entity. 2. Use public/private key pair technology to provide authentication of the sender and verification of the content of the message. 3. The authentication process is based on the private key. 4. Vulnerable to man-in-the-middle attacks in which the sender's private and public key are faked. A digital signature is like the sealing of an envelope with the King's personal wax seal in the days of Kings. A thief may steal, or a forger may duplicate, the King's seal. Therefore, the message from the King, or the email—in the case of digital signatures—may not be from the person who the receiver thinks that it is from, because a thief stole the seal (or the private key). B. Digital certificates -- 1. For transactions requiring a high degree of assurance, a digital certificate provides legally recognized electronic identification of the sender, and, verifies the integrity of the message content. a. Based on a public key infrastructure (PKI) which specifies protocols for managing and distributing cryptographic keys; b. In this system, a user requests a certificate from the certificate authority. The certificate author then completes a background check to verify identity before issuing the certificate. c. More secure than digital signatures.
File Controls Parity Check Read after write check Echo Check Error Reporting and Resolution
A. Parity check (parity bit) -- A zero or one included in a byte of information that makes the sum of bits either odd or even; for example, using odd parity, the parity check bit for this byte of data: - A parity check is designed to detect errors in data transmission B. Read after write check -- Verifies that data was written correctly to disk by reading what was just written and comparing it to the source. C. Echo check -- Verifies that transmission between devices is accurate by "echoing back" the received transmission from the receiving device to the sending unit. D. Error reporting and resolution -- Controls to ensure that generated errors are reported and resolved by individuals who are independent of the initiation of transactions (segregation of duties).
Software
A. Software—Instructions, i.e., programs, for hardware B. Computer software—Divided into three categories C. Systems software -- 1. The programs that run the computer and support system management operations. Several of the most frequently encountered types of systems software are D. Programming languages -- 1. All software is created using programming languages. They consist of sets of instructions and a syntax that determines how the instructions can be put together. E. Application software -- 1. The diverse group of end-user programs that accomplish specific user objectives. Can be general purpose (word processors, spreadsheets, databases) or custom-developed for a specific application (e.g., a marketing information system for a clothing designer). May be purchased "off the shelf" or developed internally.
Output Controls Spooling Controls (print queue) Disposal of aborted print jobs Distribution of reports End User Controls Logging and archiving of forms, data and programs Record retention and disposal
A. Spooling (print queue) controls -- Jobs sent to a printer that cannot be printed immediately are spooled—stored temporarily on disk—while waiting to be printed; access to this temporary storage must be controlled to prevent unauthorized access to the files. B. Disposal of aborted print jobs -- Reports are sometimes damaged during the printing or bursting (separation of continuous feed paper along perforation lines) process; since the damaged reports may contain sensitive data, they should be disposed of using secure disposal techniques. C. Distribution of reports -- Data control is responsible for ensuring that reports are maintained in a secure environment before distribution and that only authorized recipients receive the reports; a distribution log is generally maintained to record transfer of the reports to the recipients. D. End user controls -- For particularly critical control totals, or where end-users have created systems, perform checks of processing totals and reconciling report totals to separately maintained records. This is also sometimes called one-to-one checking. E. Logging and archiving of forms, data and programs -- Should be in a secure, off-site location. F. Record retention and disposal -- This is discussed in the separate lesson on "Program Library, Documentation, and Record Management" related to this topic.
Processing Methods Batch Processing
Batch processing -- Batch processing is a periodic transaction processing method in which transactions are processed in groups: 1. Input documents are collected and grouped by type of transaction. These groups are called "batches." Batches are processed periodically (i.e., daily, weekly, monthly, etc.). 2. Batch processing is accomplished in four steps: Step 1: Data entry: The transactions data is manually keyed (usually) and recorded in a transactions file. Step 2: Preliminary edits: The transaction file data is run through an edit program that checks the data for completeness and accuracy; invalid transactions are corrected and re-entered. Step 3: Sorting: The edited transaction file records are sorted into the same order as the master file. Step 4: Master file update: The individual debits and credits are used to update the related account balance in the general ledger master file and, if appropriate, in the subsidiary ledger master file. Batch processing is a sequential processing method—transactions are sorted in order to match the master file being updated.
Computer Hardware - Central Processing Unit
Central processing unit (CPU) -- The CPU is the control center of the computer system. The CPU has three principal components: 1. Control unit -- Interprets program instructions. 2. Arithmetic logic unit (ALU) -- Performs arithmetic calculations. 3. Primary storage (main memory) -- Stores programs and data while they are in use. It is divided into two main parts: a. Random access memory (RAM) -- Stores data temporarily while it is in process. b. Read-only memory (ROM) -- A semi-permanent data store for instructions that are closely linked to hardware (e.g., "firmware"). Includes portions of the operating system. Hard to change.
Important Processing Controls Run to Run Controls Internal Labels Audit trail controls
Controls designed to ensure that master file updates are completed accurately and completely. Controls also serve to detect unauthorized transactions entered into the system and maintain processing integrity. A. Run-to-run controls -- Use comparisons to monitor the batch as it moves from one programmed procedure (run) to another; totals of processed transactions are reconciled to batch totals—any difference indicates an error. Also called "control totals." B. Internal labels ("header" and "trailer" records) -- Used primarily in batch processing, electronic file identification allows the update program to determine that the correct file is being used for the update process. C. Audit trail controls -- Each transaction is written to a transaction log as the transaction is processed; the transaction logs become an electronic audit trail allowing the transaction to be traced through each stage of processing; electronic transaction logs constitute the principal audit trail for online, real-time systems.
EDI costs include
Costs of change Hardware costs Translation software Cost of data transmission Security, audit, and control procedures
Asymmetric encryption
D. Asymmetric encryption -- 1. Safer but more complicated than symmetric encryption. 2. More often used with data-in-motion. 3. Also called public/private-key encryption. 4. Uses two paired encryption algorithms to encrypt and decrypt. 5. If the public key is used to encrypt, the private key must be used to decrypt; conversely, if the private key is used to encrypt, the public key must be used to decrypt. 6. To acquire a public/private key pair, the user applies to a certificate authority (CA): a. The CA registers the public key on its server and sends the private key to the user; b. When someone wants to communicate securely with the user, he or she accesses the public key from the CA server, encrypts the message, and sends it to the user; c. The user then uses the private key to decrypt the message; d. The transmission is secure because only the private key can decrypt the message and only the user has access to the private key.
E -business and E-commerce
E-business is the generic name given to any business process that relies on electronic dissemination of information or on automated transaction processing. E-commerce is a narrower term used to refer to transactions between the organization and its trading partners.
Files Controls Boundary Protection Internal Labels (Header and Trailer) External Labels Version Control File Access and Updating Controls
E. Boundary protection -- Sort of a computer traffic cop. When multiple programs and/or users are running simultaneously and sharing the same resource (usually the primary memory of a CPU), boundary protection prevents program instructions and data from one program from overwriting the program instructions or data from another program. F. Internal labels ("header" and "trailer" records) -- Used primarily in batch processing, electronic file identification allows the update program to determine that the correct file is being used for the update process. Read by the system. Very important for removable storage. G. External labels -- Labels on removable storage that are read by humans. H. Version control -- Procedures and software to ensure that the correct file version is used in processing (e.g., for transaction files). I. File access and updating controls -- These controls ensure that only authorized, valid users can access and update files.
Electronic Data Interchange (EDI)
EDI is computer-to-computer exchange of business data (e.g., purchase orders, confirmations, invoices, etc.) in structured formats allowing direct processing of the data by the receiving system; EDI reduces handling costs and speeds transaction processing compared to traditional paper-based processing. -EDI requires that all transactions be submitted in a specified format; translation software is required to convert transaction data from the internal company data format to the EDI format and vice versa -EDI can be implemented using direct links between the trading partners, through communication intermediaries (called "service bureaus"), through value-added networks (VANs), or over the Internet. The well-established *audit trails, controls, and security provided for EDI transactions by VAN are the principal reasons* for their continued popularity.
Input Controls (Also known as programmed controls, edit checks, or automated controls.)
Ensure that the transactions entered into the system meet the following control objectives: 1. Valid -- All transactions are appropriately authorized; no fictitious transactions are present; no duplicate transactions are included. 2. Complete -- All transactions have been captured; there are no missing transactions. 3. Accurate -- All data has been correctly transcribed, all account codes are valid; all data fields are present; all data values are appropriate.
Customer Relationship Management (CRM)
Technologies used to manage relationships with clients; biographic and transaction information about existing and potential customers is collected and stored in a database; the CRM provides tools to analyze the information and develop personalized marketing plans for individual customers.
CPA Exam Tip - Data elements by size
Except for "file" the words get longer as the units get bigger: Bit (3 characters) Byte (4 characters) Field (5 characters) Record (6 characters) File (4 characters) Database (8 characters)
Computer and System Attack Methods
I. Packet sniffing -- Programs called packet sniffers capture packets of data as they move across a computer network. While administrators use packet sniffing to monitor network performance or troubleshoot problems with network communications, hackers also use these tools to capture usernames and passwords, IP addresses, and other information that can help the hacker break into the network. Packet sniffing on a computer network is similar to wiretapping a phone line. This is one form of a man-in-the-middle attack. J. Password crackers -- Once a username has been identified, hackers can use password-cracking software to generate many potential passwords and use them to gain access. Password cracker programs are most effective with weak passwords (i.e., passwords that have fewer than eight characters, that use one letter case, that do not require use of numbers or special symbols). K. Phishing -- A deceptive request for information delivered via email. The email asks the recipient to either respond to the e-mail or visit a web site and provide authentication information. You probably get several phishing queries every week. L. Session hijacking and masquerading -- Masquerading occurs when an attacker identifies an IP address (usually through packet sniffing) and then attempts to use that address to gain access to the network. If the masquerade is successful, then the hacker has hijacked the session: gained access to the session under the guise of another user. M. Salami fraud -- Taking a small amount of money from many accounts using a variety of rounding methods. N. Social engineering or spoofing -- Using deceit or deception to gain logical access to the system. The deception is to persuade employees to provide usernames and passwords to the system. These deceptive requests may be delivered verbally or through e-mail, text messaging, or social networking sites. Fraudsters may spoof by faking an identity (e.g., a company or friend), an email (e.g., pretending to be your bank or a friend of yours), or, a website that mimics a real website.
Intrusion Detection Systems Honeypots/Honeynets
Intrusion detection systems (IDSs) -- Monitor network systems for unusual traffic. A honeypot or honeynet is a server that lures hackers to a decoy system. Its purpose is to identify intruders and provide information to help block them from live systems.
Types of Networks
Local area networks (LANs) -- Local area networks were so named because they were originally confined to very limited geographic areas (a floor of a building, a building, or possibly several buildings in very close proximity to each other). With the advent of relatively inexpensive fiber optic cable, Local area networks can extend for many miles. For example, many urban school districts have Local Area Networks connecting all of the schools in the district. Wide area networks (WANs) -- Although WANs can vary dramatically in geographic area, most are national or international in scope. Storage area networks (SANs) -- A type of, or variation of, LANs that connect storage devices to servers. Personal area networks (PANs) -- Often, a home network that links devices used by an individual or family to one another and to the Internet.
Logical Access Controls
NON PHYSICAL CONTROLS
Components of a Network Network operating system Communication devices
Network operating system -- Controls communication over the network and access to network resources: 1. Peer-to-peer systems -- All nodes share in communications management; no central controller (server) is required; these systems are relatively simple and inexpensive to implement; used by LANs. 2. Client/server systems -- A central machine (the server) presides as the mediator of communication on the network and grants access to network resources; client machines are users of network resources but also perform data processing functions; used by LANs and by the world's largest client—the internet. 3. Hierarchical operating systems -- a. Use a centralized control point generally referred to as the host computer b. The host not only manages communications and access to resources but also often performs most of the data processing c. Nodes connected to these systems often function as dumb terminals which are able to send and receive information but do not actually process the data d. Used by WANs D. Communications devices -- Link networks to other networks and to remote access. Examples include modems, hubs, repeaters, multiplexers, concentrators, bridges, routers, and gateways. You should know that these terms are associated with networks but you don't need to know their specific functions within networks (unless you are an IT auditor).
Components of a Network Nodes Transmission Media Network operating system Communication devices
Nodes -- Any device connected to the network is a node: 1. Client -- A node, usually a microcomputer, used by end users; a client uses network resources but does not usually supply resources to the network. May be "fat" or "thin" (see the lesson on "Information Systems Hardware"). 2. Server -- A node dedicated to providing services or resources to the rest of the network (e.g., a file server maintains centralized application and data files, a print server provides access to high-quality printers, etc.); servers are indirectly, not directly, used by end users.
Computer and System Attack Methods
O. Spam -- Unsolicited mass emailings. P. Trojan horse -- A malicious program hidden inside a seemingly benign file. Frequently used to insert back doors into a system (see below). Q. Virus -- An unauthorized program, usually introduced through an email attachment, which copies itself to files in the users system; these programs may actively damage data, or they may be benign. R. War chalking, driving, and walking -- Multiple methods for identifying access points in order to gain unlawful access to wireless networks. S. Worm -- Similar to viruses except that worms attempt to replicate themselves across multiple computer systems. Worms generally try to accomplish this by activating the system's e-mail client and sending multiple e-mails.
Processing Methods Online, real-time (OLRT) processing
Online, real-time (OLRT) processing -- OLRT is a continuous, immediate transaction processing method in which transactions are processed individually as they occur. 1. In OLRT processing, transactions are entered and the master files updated as transactions occur. a. Requires random access devices such as magnetic disk drives to process transactions. 2. Each transaction goes through all processing steps (data entry, data edit, and master file update) before the next transaction is processed. Thus, under OLRT processing: a. *The accounting records are always current.* b. *Detection of transaction errors is immediate.* 3. Because transactions are processed as they occur, OLRT systems generally *require a networked computer system* to permit data entered at many locations to update a common set of master files; this means that *OLRT systems are more expensive to operate than batch systems.* 4. OLRT systems are desirable whenever: a. It is critical to have very current information. b. Transactions are continuous and interdependent as, for example, when a sales order is received: sales orders are received continuously and, once approved, cause other activities to occur (e.g., picking the goods in the warehouse, shipping the goods to the customer, invoicing the customer). c. Transactions are infrequent and few in number. (Batch processing is cost-effective only when a significant number of transactions must be processed.)
Processing Methods Point-of-sale (POS) systems
POS systems are one of the most commonly encountered data capture systems in the marketplace today. POS systems combine online, real-time processing with automated data capture technology, resulting in a system that is highly accurate, reliable, and timely. 1. POS systems usually consist of a special-purpose computer connected to or integrated with an electronic cash register: a. Each individual POS system is generally networked to a central computer that maintains a database of the products available for sale as well as the financial accounting data. 2. POS systems use scanners to capture data encoded on product bar codes: a. *Using scanners provides dramatic increases in processing efficiency and transactions accuracy.* 3. Increased transaction detail and faster available information in a POS system facilitate: a. Just-in-time inventory management b. Cash flow management c. Integration of marketing with production (e.g., build to order or on demand)
Computer Hardware - Peripherals
Peripherals -- Devices that transfer data to or from the CPU but do not take part in processing data; peripherals are commonly known as input and output devices (I/O devices). 1. Input devices -- Instruct the CPU and supply data to be processed. Examples include keyboard, mouse, trackball, touch-screen technology, point-of-sale (POS) scanners. 2. Output devices -- Transfer data from the processing unit to other formats. For example: printers, plotters, monitors, flat panel displays, cathode ray tube (CRT) displays.
Computer Hardware - Secondary storage devices
Secondary storage devices -- Provide permanent storage for programs and data; depending on the way the devices are set up, they can either be online (the data on the device is available for immediate access by the CPU) or offline (the device is stored in an area where the data is not accessible to the CPU). 1. Magnetic disks -- Random access devices: data can be stored on and retrieved from the disk in any order. A commonly used form of secondary storage. 2. Magnetic tape -- Magnetic tape is a sequential access device: data is stored in order of the primary record key (i.e., document number, customer number, inventory number, etc.) and is retrieved sequentially; although once used for transaction processing, now mostly used in data archives. 3. Optical disks -- Use laser technology to "burn" data on the disk (although some rewritable disks use magnetic technology to record data); in general, read-only and write-once optical disks are more stable storage media than magnetic disks; optical disks, like magnetic disks are random access devices; there are several different types of optical disks. 4. Flash drives -- (also known as jump drives or thumb drives)—Very small, portable devices that can store up to several gigabytes of data; the term "drive" is a bit of a misnomer as there are no moving parts to "drive;" rather, the memory in a flash drive is similar to the RAM used as primary storage for your CPU.
Supply Chain Managment (SCM)
The process of planning, implementing, and controlling the operations of the supply chain: the process of transforming raw materials into a finished product and delivering that product to the consumer. Supply chain management incorporates all activities from the purchase and storage of raw materials, through the production process into finished goods through to the point-of-consumption.
Firewalls
The purpose of a firewall is to allow legitimate users to use, and to block hackers and others from accessing, system resources. It consists of hardware, or software, or both, that helps detect security problems and enforce security policies on a networked system. A firewall is like a door with a lock for a computer system. It inspects, and when necessary filters, data flows. There are multiple types, and levels, of firewalls: A. Network -- 1. Filters data packets based on header information (source and destination IP addresses and communication port) 2. Blocks noncompliant transmissions based on rules in an access control list 3. Very fast (examines headers only) 4. Forwards approved packets to application firewall B. Application -- 1. Inspects data packet contents 2. Can perform deep packet inspection (detailed packet examination) 3. Controls file and data availability to specific applications C. Personal -- Enables end users to block unwanted network traffic.
Components of a Network Transmission Media
Transmissions media -- The communication link between nodes on the network; the link may be one of several types of wired or wireless media. Local area networks (LANs) use dedicated communications lines (i.e., used only by the network); Wide area networks (WANs) use public or shared communications lines (i.e. telephone lines, television cables, etc.) 1. Wired communications media -- a. *Copper or twisted pair* i. Traditionally used for phone connections ii. The slowest, least secure (e.g. easy to tap) and most subject to interference of the wired media iii. Recent modifications have, however, improved performance significantly iv. Least expensive media v. Performance degrades with cable length b. *Coaxial cable* -- Similar to the cable used for television, coaxial cable is faster, more secure, and less subject to interference than twisted pair but has a slightly higher cost. c. *Fiber optic cable* -- Extremely fast and secure, fiber optic cable communications are based on light pulses instead of electrical impulses; therefore they are not subject to electrical interference and the signal does not degrade over long distances; more expensive to purchase and to install. 2. Wireless communications media -- a. Microwave transmission -- May use a combination of terrestrial microwave and/or satellite microwave transmission; used primarily by WANs. b. Wi-Fi or spread-spectrum radio transmission -- i. Used in both large networks serving hundreds of users and small home networks ii. Found in both LANs and WANs c. Bluetooth -- Uses the same radio frequencies as Wi-Fi but with lower power consumption resulting in a weaker connection; used to provide a direct communications link between two devices (i.e., a headset and a smartphone, a computer and a printer, etc.). d. Digital cellular (cellular digital packet data, or CDPD) -- Allows transmission of data over the cell phone network; used by WANs.
