0% found this document useful (0 votes)

341 views72 pages

Section 4: System Infrastructure and Control

CISA_04.pdf

Uploaded by

Abdullah Alrimawi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

341 views72 pages

Section 4: System Infrastructure and Control

CISA_04.pdf

Uploaded by

Abdullah Alrimawi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 72

CISA Examination Preparation Course

Section 4: System Infrastructure and

Control
Application Controls

Auditing Application Controls

Business Application Systems

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Section Objectives 4-2

Describe application controls

Detail the methods used to Audit

application controls

List business application systems

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Introduction 4-3

This section addresses:

System infrastructure controls

Application controls and how they can
be audited to verify their functionality
Business application systems
Risks with such items as electronic
funds transfer and electronic banking

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Introduction (cont.) 4-4

A CISA candidate should review the following

topics for the exam:

Application controls for input, output and processing

Data integrity and verifying the accuracy of controls.
Electronic commerce and electronic data
interchange
Security issues surrounding e-mail
Ways decision support systems are used for
efficiency and effectiveness

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Programmed and Manual Application
Controls (1) 4-5

Controls can be programmed manually or

automatically.
Automated controls include:
Validation and edit checks
Programmed logic functions
Manual controls are those that
Auditors or staff manually verify:
Review of reconciliation (resolution)
reports
Review of exception reports

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Programmed and Manual Application
4-6
Controls (2)
The purpose of both automated and manual
controls is to verify that:

Data is stored to maintain the security of its:

Accuracy
Validity
Confidentiality
Integrity
Processed data is valid and meets
expectations

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Programmed and Manual Application
Controls (3) 4-7

Auditors can perform control checks by:

Discovering and identifying application

components so that transaction flow can be
analyzed
Determining appropriate audit procedures to
tests strengths and weaknesses of the
application
Analyzing test results
Validating results
Reporting application’s effectiveness & efficiency
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Business Objectives and Strategy 4-8

Understand business objectives and strategy in

company’s business plan.
Review long and short-term goals:
Long-term goals are considered strategic and focus
on activities planned for the next three to five years.
Short-term goals are tactical and address immediate
concerns no more than 18 months into the future.
Review the organization’s goals:
Review background information and examine
process flow charts.

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Business Process Controls 4-9

1. Input Controls
2. Processing Controls
3. Output Controls

Processing
Input Controls Output Controls
Controls

Input authorization Processing Logging

Batch controls Validation Security signatures

Editing Report distribution

Balancing and reconciliation

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
1-Input Controls 4-10

When reviewing input controls, the Auditor

must ensure that all transactions have been
entered correctly.
Controls should be capable of checking that
input is valid.
In many automated systems, the output of one
system is the input of another.
Data should be checked to verify the
information from both the sending and
receiving applications.

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
1-Input Controls (cont.) 4-11

Authorization controls include:

Signatures on forms or documents approving
a change
Password controls that are required to process
a change
Client identification
controls that allow only
certain clients to
authorize a change

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Batch Controls 4-12

Batch controls:
Are a type of input control
Combine transactions into a group
and assign the group a value
The total can be based on:
Dollar amounts
Total counts
Total document numbers
Hash totals
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Other Input Controls 4-13

Total dollar amounts verify that individual items

total up to the correct batched total amount.
Total item counts verify that total counts match.
Total document numbers verify that the total
number of documents in the batch equals the
total number of documents processed.
Examples include:
Invoices generated
Orders recorded

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Other Input Controls (cont.) 4-14

Hash totals are generated by choosing a

number of fields in a series of transactions.
Values are computed again later to see if
the numbers match.
An incorrect match indicates that
something has been:
Lost
Entered incorrectly
Corrupted somehow

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
2-Processing Controls 4-15

Are used during online or batch processing to

ensure data:
Accuracy
Completeness
Timeliness: occurring at suitable time
Should be:
In place to verify data is processed only
through authorized routines
Designed to detect problems and initiate
corrective action

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
2-Processing Controls (cont.) 4-16

If procedures are in place to override these

controls, their use should be logged.

Individuals who have the ability to override these

controls should not be the same ones responsible
for reviewing the log.

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Processing Editing Controls 4-17

Validation
Description
Edit
Sequence numbers ensure that all data falls within
Sequence check
a given range.
Data to be processed should not exceed a
Limit check
predetermined limit.
Range check Ensures that a date is within a predetermined range
Validity check Verifies validity of data
Reasonableness
Verifies the reasonableness of the data
check
Verifies that the data matches the data in a look-up
Table look-ups
table

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Processing Editing Controls (cont.) 4-18

Validation
Description
Edit
Existence
Verifies that all required data is entered
check
Key
Requires a second employee to reenter the data
verification
Check digit Verifies accuracy
Completeness Ensures that all required data has been added and
check that no fields contain null values
Duplicate
Ensures that a data item is NOT a duplicate
check
Logical
Verifies log: If one condition is true, additional items
relationship
must also be true
check
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Processing Control Techniques 4-19
Processing
Description
Control
Manual Some transactions may be recalculated to ensure that processing is
recalculations operating correctly.
A program instruction controls input or processing of data to
Editing
verify its validity.
Run-to-run totals Various stages of processing ensure the validity of data.
Programming
Software-based controls flag problems and initiate corrective action.
controls

Reasonableness
Ensures reasonableness of data
verification

Limit checks Sets bounds on what are reasonable amounts

Reconciliation of Refers to the act of balancing debits, credits, and totals

file totals between two systems

Exception reports Should be generated when transactions appear to be incorrect

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Types of Data File 4-20

System-control parameters control values:

How much money can be transferred in a
single transaction with approval?

Standing data refers to information that is

somewhat static:
Customer’s name, address, and phone
number
Values do not frequently change; an
alteration should be controlled and should
require authorization.
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Types of Data File (cont.) 4-21

Balance data refers to values and totals held

temporarily during processing:
Values should be strictly controlled; manual
alteration of values should require
authorization and be logged

Transaction files deal with transmission of

information between two systems or applications:
Should be managed with exception reports or
validation checks

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Data File Type Controls 4-22

Before-and-after image reports

Maintenance error reporting

Internal and external labeling

Data file security

One-to-one checking

Transaction logs

Parity checking

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
3-Output Controls 4-23

Output data must be delivered accurately, in a

timely manner, to be useful in the decision-making
process.

Output controls are designed to:

Provide assurance in data
that has completed processing

Ensure that the data is

distributed and stored in
a secure manner

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
3-Output Controls (cont.) 4-24

Per ISACA, output controls should address the

following:
Logging and storage of sensitive, negotiable, and
critical forms
Negotiable instruments, forms, and signatures that
are computer generated
Distribution control
Balancing and reconciliation of control totals
Output errors that should be logged and reviewed
Retention records that specify how long output data
should be stored or maintained

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Auditing Application Controls 4-25

Application software is the engine behind

automated business transactions (Processes).
Processing payroll
Managing inventory
Invoicing customers

The auditor should be concerned about rules that

define how the application interacts with the
organization’s data.
Limits
Controls
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Understanding the Application 4-26

The Auditor must know what the application

does.

The Auditor can start with the documentation.

Functional design specifications

should also be reviewed because
of what they detail

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Observation and Testing 4-27

Auditors should:
Observe how users interact with the application
Test the limits of the application

Buffer overflows are one concern.

These can occur when attackers try to enter more
than the total number of characters allowed in a field.

Design specification might state that the

application does not accept negative numbers.
If you enter a negative quantity in a field, will the
application actually accept it?
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Observation and Testing (cont.) 4-28

Observation/Test Details

Separation of Verify separation of duties because it limits the ability of

duties each employee.
Verify who is authorized to access applications. If supervisor
Input authorization
override is used frequently, this might signal problems.

Balancing Verify that run-to-run totals are reconciled on a timely basis.

Review report distribution logs to see who has access to view

Report distribution and print reports. Controls used to limit report distribution
should also be reviewed.
Error correction Review past error corrections and verify that they are viewed and
and control addressed in a timely manner.
Access control and Verify that access is limited to those with a clearly
authorization demonstrated need.

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Data Integrity Controls 4-29

Data integrity testing to examine data’s:

Accuracy
Completeness
Consistency
Authorization of data.
For failures in input and processing controls
Data stored in databases has unique requirements.
It differs from data stored or processed by an
application.
Database integrity testing can be performed
through several methods.

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Data Integrity Controls (cont.) 4-30

Referential integrity guarantees that all foreign keys

reference existing primary keys. Attribute

Table A
Customer Location Phone Number Sales Rep
Bank One Huston 555-1234 Jim Barnes
Primary Compass Bank Dallas 555-2346 George Mays
keys Texas Gulf Bank Galveston 555-8412 Alan Simpson
First Bank Austin 555-0973 Ted Knight

First Bank is the foreign key in Table B Tuple

Table B
Sales Ranking Customer Dollar Sales
1 First Bank $54,125
2 Compass Bank $44,136
3 Bank one $16,124
4 Texas Gulf Bank $8,012

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
The ACID Test 4-31
Atomicity: Divide work so that results are
either all or nothing

Consistency: Ensure transactions are

processed only if they meet system-
defined integrity constraints

Isolation: Ensure each transaction is

isolated from all others until complete

Durability: when a transaction processed,

it cannot be rolled back and is accurate

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Application System Testing (1) 4-32

Snapshots: Monitors and records the flow of data

through an application
Are useful in verifying logic

Mapping: Verifies program logic that might not

been performed or tested
Is useful in detecting undiscovered problems

Tracing and tagging: Marks selected transactions

Enables these tagged transactions to be monitored
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Application System Testing (2) 4-33

Using test data: Verifies program operation

Requires little knowledge of the environment
Does not require the review of the source code

Base case system evaluation: Uses test data

to thoroughly test the environment
Requires great effort and close cooperation
among various internal groups

Parallel operation: Both old and new

systems process data to monitor results
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Application System Testing (3) 4-34

Parallel simulation: Uses computer

programs to simulate program logic

Transaction selection: Uses audit software

to determine what transactions should be
processed

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Continuous Online Auditing 4-35

Testing a system once before rollout:

Provides a baseline of information
Offers no ongoing feedback on application operation

Continuous online auditing:

Gives auditors tools needed to perform ongoing
monitoring
Produces audit results either at real-time intervals or
after a short period of time
Can reduce costs because the need for conventional
audits might be reduced or eliminated
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Continuous Audit Techniques 4-36

Issues and
Name Description
Concerns
SCARF/EAM
(Systems Control Application must contain Cannot be used to
Audit Review File embedded audit software to act as interrupt regular
and Embedded a monitoring agent. processing
Audit Modules)
Live and dummy data are fed into
Integrated test the system. Dummy data results Should not be used
facilities are compared with pre-calculated with test data
results.
Requires
Simulates the transaction run. If
CIS (Continuous examination of
data meets certain criteria, the
and Intermittent transactions that
simulator logs the transaction;
Simulation) meet specific
otherwise, processing continues.
criteria
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Continuous Audit Techniques 4-37

Issues and
Name Description
Concerns
Tags transactions and
takes snapshots as the Requires an
Snapshots
data is moved from input audit trail
to output.
Uses embedded hooks
Detects items
that act as red flags if
Audit hooks that meet
certain conditions are
specific criteria
met.

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Auditing Systems Development,
Acquisition, and Maintenance 4-38

Auditors work with the development team during

the development process to:

Ensure that the final product meets user

requirements while possessing adequate controls

Minimize risks and exposures

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Auditing Systems Development 4-39

Eight general steps an Auditor should follow during

the development process:
1. Determine the objectives and user requirements of
the project

2. Perform a risk assessment that identifies threats,

risks, and exposures.

3. Assess existing controls to determine whether they

will adequately reduce risk to acceptable levels
Discuss any needed changes with the development
team
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Auditing Systems Development 4-40

4. Monitor the development process and evaluate

controls as they are designed and created

5. Evaluate the system during rollout, and review audit

mechanisms to ensure that they function as
designed

6. Take part in any post-implementation reviews

7. Verify system-maintenance procedures

8. Review production library control to ensure the

needed level of security
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Project Management 4-41

The Auditor should be involved throughout the

development process to:
Minimize risk
Ensure adequate controls are in place

An Auditor must evaluate the level of oversight that

a project committee has over the process and other
important issues including:
Reporting
Change control
Stakeholder involvement
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Audit Controls and Quality-Assurance
Checks 4-42
Stage Items to Review
Examine proposal and documentation
Assess criticality of user’s needs
Feasibility
Evaluate how effectively solution meets the user’s needs
Investigate possibility of an alternate or existing solution
Assess total cost of project and verify sponsor approval
Examine conceptual design and verify that it meets user
Requirements definition demands
Evaluate possibility of embedded audit routines
Examine proposed user acceptance plans
Examine the RFP to ensure that it is complete
Software-acquisition
Examine vendor contracts
process
Verify legal department has approved vendor contract
Study system flowcharts
Evaluate input, process, and output controls
Design and development
Examine proposed audit trails and determine usefulness
Review how system will handle erroneous input and data
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Audit Controls and Quality-Assurance
Checks (cont.) 4-43
Stage Items to Review
Examine proposed test plans
Verify audit trails, error processing, and error reports
Testing Evaluate user documentation and manuals
Review test results
Examine system security
Examine system documentation
Implementation Examine system parameters
Examine any data-conversion activities to verify correctness
Review requirements to verify that systems meet user needs
Examine user satisfaction and cost-benefit analysis
Post-implementation
Examine the change-request process
Examine error logs
Determine whether emergency change procedures exist
System change Evaluate separation of production code from test code and
procedures access security controls
Determine end-user satisfaction with change process
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Business Application Systems 4-44

Audit programs require an understanding of the

application being reviewed:
Start by reviewing application system flowcharts

Business applications can be categorized by where

they are used or by functionality:

Accounting
Payroll
Inventory
Sales

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Business Application Systems (cont.) 4-45

These systems can be used in:

E-commerce systems

Web-based applications

Electronic banking

Electronic payment systems

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
E-Commerce 4-46

E-commerce models can be broken down into four

basic categories:
B-to-B (Business-to-Business): Transactions
between two or more businesses, such
as a business and its suppliers
B-to-C (Business-to-Consumer): Transactions
between businesses and consumers
One of the greatest growth areas for e-commerce
Brokers can act as middlemen to sell products for
companies that do not sell directly to their customer

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
E-Commerce (cont.) 4-47

B-to-G (Business-to-Government): Transactions

between business and government, such as the
online filing of legal documents and reports

B-to-E (Business-to-Employee): Transactions

between business and employees
Organizations set up internal websites and portals for
employee services, such as:

Healthcare
Job benefits
Payroll

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Electronic Data Interchange 4-48

EDI (Electronic Data Interchange) facilitates the

exchange of data between computer systems
ANSI X12 is the most common format

Because all information is transmitted

electronically, EDI:
Reduces paperwork
Results in fewer errors

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Electronic Data Interchange (cont.) 4-49

EDI components:

Communications handler: Method used to transmit

and receive electronic documents

EDI interface: Comprised of the EDI translator and

the application interface

Application system: Program responsible for

processing documents that have been sent or
received

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
EDI and Authorization 4-50

One big concern with EDI is authorization.

EDI process should have an additional

layer of application control to address:

Authorization
Lost or duplicate transactions
Issues of confidentiality and invalid
distribution
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
EDI and Authorization (cont.) 4-51

Common controls include:

Transmission controls
Validate sender and receiver

Manipulation controls
Prevent unauthorized changes to data

Authorization controls
Authenticate communication partners

Is the most used Internet application

Raises some security concerns:

Is usually clear text

Can be spoofed

Is a major conduit for spam, phishing, and viruses

2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Basic E-mail Operation (1) 4-53
Back end
messaging Front end
server program
Send
e-mail (via SMTP)

Retrieve
Send and receive e-mail (via POP3 or IMAP)
Internet e-mail
(via SMTP)

1. User opens an e-mail program such

as Outlook to create an e-mail message.
2. After e-mail is created and addressed
to recipient, user sends e-mail.
3. E-mail is forwarded to an SMTP server,
which provides MTA (message transfer agent).
Just as the postal service sorts mail using a zip
code, e-mail messages are sorted by domain.
For example, in an e-mail addressed to
[email protected], the domain is
thesolutionfirm. This domain identifies where the
message is to be forwarded.
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Basic E-mail Operation (3) 4-55

4. MTA forwards e-mail toward its final destination.

5. E-mail is delivered to the destination mail server
where it waits until the recipient user retrieves it.
6. E-mail is retrieved using POP3 (Post Office
Protocol version 3) and is displayed via Outlook
on the recipient’s computer.

PGP (Pretty Good Privacy)

S/MIME (Secure Multipurpose Internet Mail

Extensions)

SSL (Secure Sockets Layer):

For example; web-based mail

Objectives:
Reduce decision-making time
Increase value of the decision

Is useful in:
Understanding customer needs
Understanding capabilities of the firm
Risk management
Help spot Unusual trends
Help spot Odd transactions
Help spot Statistics on loss and exposure

To properly implement an infrastructure

to support business intelligence, the
business must design and develop a data
architecture:

Data sources: Actual data sources

reside here

Data access: Connects data sources

Data staging: Copies and formats data

into a standard format for the data
warehouse layer

Data warehouse: Captures data by many

databases and organizes into subject-
oriented usable groupings

Data mining: Searches large volumes of

Data mart: Relational database that

enables the user to move the data
around to extract specific components
The user can extract data about data.

Presentation layer: Top of the model,

the point at which users interact with
the system
This layer can include applications such as
Microsoft Access and Excel.
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Decision Support System 4-61

DSS

Helps managers solve problems

Uses models and mathematical

techniques

Is usually designed with fourth-

Model-driven DSS: Uses models based on

statistics, finance, or simulation
Designed to help users make a decision
An example of this can be seen in the
dicodess project at
http://dicodess.sourceforge.net
Communication-driven DSS: Facilitates
sharing so more than one person can work
on a task
For example, Lotus Notes was used after 9/11 to
help rebuild an emergency operation center.
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Decision Support System
Components (cont.) 4-63

Data-driven DSS: Accesses a variety of internal and

external data to analyze outcomes:
Companies, such as Oracle, IBM, and Microsoft, are
leaders in this field as they build products that
support data warehousing.

Document-driven DSS: Manipulates and manages

unstructured information
Knowledge-driven DSS: Based on rules, facts, and
knowledge
This component is used for problem solving and to
provide answers.
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
DSS Models’ Properties 4-64

Used for decision-making

Used for goal seeking
Used to perform simulation
Are linkable
Used to perform “what if” modeling
Provide time series analysis

True test of a DSS is in its capability to help the

user make a better decision.

Artificial intelligence and expert systems are

used to solve complex problems.

An expert system contains the knowledge base

and set of rules needed to extrapolate new facts
from existing knowledge and inputted data.

Prolog and LISP programming languages, used

most in developing such systems are both
considered 5GL languages.
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Customer Relationship Management 4-66

CRM: Tools, techniques, and software companies

use to manage their relationship with customers

Designed to track and record everything you need

to know about your customers.

Sales automation: Automation of sales force

management tasks
Customer service: Automation of customer service
processes
Requests
Comments
Complaints and returns
Enterprise marketing: Automation of business
enterprise information
Trends and forecasts
Business environment
Competition
2009 Precise
© 2017 Global Knowledge Training
Thinking TCT. LLC.reserved.
All rights All rights reserved.
Supply Chain Management 4-68

SCM: Science of matching buyers to sellers

to improve the way businesses acquire
raw materials to make products or
services they sell

Begins with raw materials and ends with

finished goods delivered to the customer

Plan: Strategy used for managing resources

and monitoring the supply chain

Source: Process of choosing suppliers

Make: Manufacturing process

Deliver: Logistics of moving goods and

services to the customer

Return: Systems developed to return non-

Cooperation between companies in the supply chain

and the business

Applying principles can

Reduce inventory

Increase transaction speed by

exchanging data in real time

Produce higher revenue

In this domain we:

Described application controls

Detailed auditing application controls

Listed business application systems

QUESTIONS?

CISA Domain 1 Slides
100% (2)
CISA Domain 1 Slides
151 pages
D1 CISA Q&A 12th Edition
100% (2)
D1 CISA Q&A 12th Edition
82 pages
Study Guide For The Risk Managm Abdulla Alkuwaiti
100% (2)
Study Guide For The Risk Managm Abdulla Alkuwaiti
368 pages
Updated Dumps For CISA Certified Information Systems Auditor Exam
No ratings yet
Updated Dumps For CISA Certified Information Systems Auditor Exam
89 pages
Equipment Qualification: Presented By: Davender Plant TST
100% (1)
Equipment Qualification: Presented By: Davender Plant TST
43 pages
CISA Domain 4 - Information Systems Operations, Maintenance and Service Management
0% (1)
CISA Domain 4 - Information Systems Operations, Maintenance and Service Management
27 pages
CISA
No ratings yet
CISA
12 pages
Chap 3 Power Train
100% (1)
Chap 3 Power Train
52 pages
CISA Lecture Domain 1 PDF
100% (1)
CISA Lecture Domain 1 PDF
143 pages
CISA - Domain 3 - IS Acquisition, Development and Implementation
100% (3)
CISA - Domain 3 - IS Acquisition, Development and Implementation
153 pages
CISA - Domain 2 - Governance and Management of IT
100% (1)
CISA - Domain 2 - Governance and Management of IT
98 pages
CISA Domain 4
100% (3)
CISA Domain 4
2 pages
05.2 - 2020 - CISA-50Q - Additional - Questions - v1
100% (1)
05.2 - 2020 - CISA-50Q - Additional - Questions - v1
8 pages
CISA - Certified Information Systems Auditor Study Guide Summary
100% (1)
CISA - Certified Information Systems Auditor Study Guide Summary
21 pages
CISA 27e Sample Exam Answers and Justifications
100% (2)
CISA 27e Sample Exam Answers and Justifications
49 pages
ISACA CISA Domain 4 Q
No ratings yet
ISACA CISA Domain 4 Q
116 pages
CISA Lecture Domain 2
50% (4)
CISA Lecture Domain 2
116 pages
Basic Sabre Formats and Functions
No ratings yet
Basic Sabre Formats and Functions
51 pages
SABSA Introduction
100% (2)
SABSA Introduction
51 pages
CISA Lecture Domain 11
100% (2)
CISA Lecture Domain 11
138 pages
Auditing in A Computer Information Systems Environment
100% (1)
Auditing in A Computer Information Systems Environment
72 pages
CISA Exam Passing Principles: ISACA Series
No ratings yet
CISA Exam Passing Principles: ISACA Series
9 pages
2012 CISA Review Course: Chapter 4 - Information Systems Operations, Maintenance and Support
100% (1)
2012 CISA Review Course: Chapter 4 - Information Systems Operations, Maintenance and Support
119 pages
CISA - Domain 1 - The Process of Auditing Information Systems
0% (1)
CISA - Domain 1 - The Process of Auditing Information Systems
3 pages
CISA Student Handout Domain1
100% (1)
CISA Student Handout Domain1
46 pages
CISA - 27e - CH - 4 - Information Systems Operations and Business Resilience
No ratings yet
CISA - 27e - CH - 4 - Information Systems Operations and Business Resilience
154 pages
CISA REVIEW QUESTIONS No Answers
No ratings yet
CISA REVIEW QUESTIONS No Answers
29 pages
CEH Exam Part-1
No ratings yet
CEH Exam Part-1
19 pages
CISA Domain (Simplilearn) Simulation
No ratings yet
CISA Domain (Simplilearn) Simulation
69 pages
At Cisa Domain 2 26.7.19
100% (1)
At Cisa Domain 2 26.7.19
113 pages
CISA Practice Questions To Prep For The Exam
No ratings yet
CISA Practice Questions To Prep For The Exam
14 pages
ISACA CISA v2022-12-29 q155
No ratings yet
ISACA CISA v2022-12-29 q155
37 pages
CISA Student Handout Domain1
No ratings yet
CISA Student Handout Domain1
42 pages
It Exam
100% (1)
It Exam
258 pages
Cisa CH 1
No ratings yet
Cisa CH 1
156 pages
Domain 4 - PPT Slides
No ratings yet
Domain 4 - PPT Slides
70 pages
Unit 2-Unity, Duality, Rhythm, Repetition
100% (1)
Unit 2-Unity, Duality, Rhythm, Repetition
31 pages
02 CISA Training Notes Is Audit Process P12
100% (2)
02 CISA Training Notes Is Audit Process P12
9 pages
METROLOGY JNTUK Mech III - II
0% (3)
METROLOGY JNTUK Mech III - II
103 pages
CISA
0% (1)
CISA
82 pages
CISA Domain 3
No ratings yet
CISA Domain 3
3 pages
CISA - Domain 0 - Introduction To CISA
100% (2)
CISA - Domain 0 - Introduction To CISA
11 pages
Information Systems Acquisition, Development and Implementation
No ratings yet
Information Systems Acquisition, Development and Implementation
173 pages
CISA Question Bank-1
No ratings yet
CISA Question Bank-1
15 pages
At Cisa Domain 4 - 23.8.19
No ratings yet
At Cisa Domain 4 - 23.8.19
137 pages
Exam 1 Chapters 1-4
100% (4)
Exam 1 Chapters 1-4
37 pages
Cisa 1 10% The Is Audit Process 82 Q Only
0% (1)
Cisa 1 10% The Is Audit Process 82 Q Only
16 pages
CISA Student Handout Domain3
100% (2)
CISA Student Handout Domain3
39 pages
Select The Correct Answer
No ratings yet
Select The Correct Answer
10 pages
CISA Exam Passing Principles
100% (1)
CISA Exam Passing Principles
9 pages
Actualtests: Topping Certification Exam Prep, Test Dumps Materials - Actualtestsit
No ratings yet
Actualtests: Topping Certification Exam Prep, Test Dumps Materials - Actualtestsit
8 pages
Syllabus CISA
No ratings yet
Syllabus CISA
9 pages
Cisa Notes 2010
No ratings yet
Cisa Notes 2010
26 pages
Isaca Passguide CISA Vce Download V2018-May-08
No ratings yet
Isaca Passguide CISA Vce Download V2018-May-08
7 pages
CISA Task Statements
100% (1)
CISA Task Statements
3 pages
Cisa 02
No ratings yet
Cisa 02
82 pages
To Obtain The Performance of DC Series Motor by Load Test
No ratings yet
To Obtain The Performance of DC Series Motor by Load Test
4 pages
CISA Acronyms
No ratings yet
CISA Acronyms
8 pages
CISA Exam - Practice Exam CHP 01
No ratings yet
CISA Exam - Practice Exam CHP 01
4 pages
CEH Exam Part-2
100% (1)
CEH Exam Part-2
2 pages
CISA - Practice.questions.2009.2a It Governance
50% (2)
CISA - Practice.questions.2009.2a It Governance
27 pages
09.Project-Hospital Management System
No ratings yet
09.Project-Hospital Management System
50 pages
Section 3: Lifecycle Management: Project Management Business Application Development Application Development
No ratings yet
Section 3: Lifecycle Management: Project Management Business Application Development Application Development
58 pages
Pega CV
No ratings yet
Pega CV
3 pages
CH03. Sheet Metal Processes
No ratings yet
CH03. Sheet Metal Processes
74 pages
Placement Summary For The Batch - 2018-19: VNR Vignana Jyothi Institute of Engineering & Technology
No ratings yet
Placement Summary For The Batch - 2018-19: VNR Vignana Jyothi Institute of Engineering & Technology
1 page
US20110196159A1 Improved Feed Mixing Exxon 2011
No ratings yet
US20110196159A1 Improved Feed Mixing Exxon 2011
22 pages
Electrical Cable Rate
No ratings yet
Electrical Cable Rate
4 pages
Certified Information Systems Auditor CISA Exam Simulator Software 2400 Questions
100% (1)
Certified Information Systems Auditor CISA Exam Simulator Software 2400 Questions
6 pages
CISA FAQs Ad
No ratings yet
CISA FAQs Ad
12 pages
Titan PDF
No ratings yet
Titan PDF
8 pages
Air Com 2000 Hrs Service Report
No ratings yet
Air Com 2000 Hrs Service Report
2 pages
Advanced Administration Guide: General Parallel File System
No ratings yet
Advanced Administration Guide: General Parallel File System
164 pages
Cs2311 Oops Model Exam QP-KEY (EEE)
No ratings yet
Cs2311 Oops Model Exam QP-KEY (EEE)
4 pages
Presentation 1
No ratings yet
Presentation 1
6 pages
Presentation 1
No ratings yet
Presentation 1
6 pages
Question Papers
No ratings yet
Question Papers
89 pages
Detail Instalasi Kitchen Hood LT.4
No ratings yet
Detail Instalasi Kitchen Hood LT.4
1 page
R3-1 (QTY: 14) : 60 KPH Speed Limit Sign
No ratings yet
R3-1 (QTY: 14) : 60 KPH Speed Limit Sign
22 pages
OSHA 1910.137 - Electrical Protective Equipment
No ratings yet
OSHA 1910.137 - Electrical Protective Equipment
10 pages
Resume of Andhra University
No ratings yet
Resume of Andhra University
3 pages
En EnvStand10 Drinking Water Quality
No ratings yet
En EnvStand10 Drinking Water Quality
14 pages
IK Construction Agreement Format
No ratings yet
IK Construction Agreement Format
5 pages
2016 SitePro Catalog
No ratings yet
2016 SitePro Catalog
44 pages
Evaluation of Interface Shear Strength Properties of GeogridReinforced Construction and Demolition Materials Using A Modified Large-Scale Direct Shear Testing Apparatus
No ratings yet
Evaluation of Interface Shear Strength Properties of GeogridReinforced Construction and Demolition Materials Using A Modified Large-Scale Direct Shear Testing Apparatus
9 pages
Worming Parcelling Serving
No ratings yet
Worming Parcelling Serving
2 pages
Tps40057 Data Sheet
No ratings yet
Tps40057 Data Sheet
41 pages
Frm050-Driver L293D
No ratings yet
Frm050-Driver L293D
2 pages
Python Project
No ratings yet
Python Project
5 pages
IT Audit Field Manual: Strengthen your cyber defense through proactive IT auditing
From Everand
IT Audit Field Manual: Strengthen your cyber defense through proactive IT auditing
Lewis Heuermann
No ratings yet
CRISC Certified In Risk and Information Systems Control Exam Practice Questions And Dumps ISACA CRISC Exam Guidebook And Updated Questions
From Everand
CRISC Certified In Risk and Information Systems Control Exam Practice Questions And Dumps ISACA CRISC Exam Guidebook And Updated Questions
Byte Books
No ratings yet
CISA Exam-Testing Concept-Knowledge of Logical Access Control
From Everand
CISA Exam-Testing Concept-Knowledge of Logical Access Control
Hemang Doshi
2.5/5 (3)
CISA EXAM-Testing Concept-Knowledge of Compliance & Substantive Testing Aspects
From Everand
CISA EXAM-Testing Concept-Knowledge of Compliance & Substantive Testing Aspects
Hemang Doshi
3/5 (4)
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 2
From Everand
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 2
Byte Books
No ratings yet
CCISO Third Edition
From Everand
CCISO Third Edition
Gerardus Blokdyk
No ratings yet
Qualified Security Assessor Complete Self-Assessment Guide
From Everand
Qualified Security Assessor Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet