Referencer for Quick

Revision
Intermediate Course Paper-7
Sec-A: Information Technology
A compendium of subject-wise capsules published in the
monthly journal “The Chartered Accountant Student”

Board of Studies
(Academic)
ICAI
INDEX
Edition of Students’
Page No. Topics
Journal
1-7 December 2019 Business Process Management & IT
7-13 December 2019 Information Systems and IT Fundament als
14-18 March 2020 Telecommunication and Network
18-22 March 2020 Business Information Systems
Business Process Automation through
22-25 March 2020
Application Software
information technology

The capsule on IIPC (old) Paper 7A: Information Technology that covers Chapter 1 “Business Process Management & IT”
and Chapter 2 “Information Systems and IT Fundamentals” of subject is another step of Board of Studies in its endeavour
to provide quality academic inputs to IIPC students of Chartered Accountancy course. This capsule intends to assist
students in their quick revision of Chapters 1 and 2 and should not be taken as a substitute for the detailed study of these
chapters. Students are advised to refer to the relevant study material and Revision Test Paper for comprehensive study
and revision.

CHAPTER 1: Business Process Management & IT

This chapter deals with the basic concepts of Business Process Management, Business Process Reengineering; different
approaches used in mapping business system and the significance of each approach; benefits and risks associated with
implementation of BPM and BPR Project.

Purchase to Pay (P2P) Cycle

Business Process Flow- A Business Process is a prescribed
sequence of work steps performed in order to produce
• A document is prepared requesting the purchase
a desired result for the organization. A business process department to place an order with the vendor
Purchase
is initiated by a particular kind of event, has a well- specifying the quantity and time frame.
Requisition
defined beginning and end, and is usually completed in a
relatively short period. Examples of Business Processes are:
Accounting, Sales and Purchase. • An invitation is sent to the vendors to join a
Request for bidding process for specific products.
Quote

Financial Closing Entries

statement Appropriate • The vendors provide cost quotations for the
The accounts entries are passed to Quotation supply of products.
are organized transfer accounts to
Source into the financial financial statements.
Document statements.
Captures data • A commercial document is issued to the vendor
from transactions specifying the type, quantity and agreed prices
and events. Purchase for products.
Order
Adjusted Trial
THE Balance
ACCOUNTING The trial balance
Journal CYCLE is finalized post • The physical receipt of goods and invoices.
Transactions are adjustments. Receipts
recorded from the
source document.

• The payments are made against the invoices.

Payments
Ledger Trial Balance Adjustments
Entries are posted containing Appropriate
to the ledger from totals from all adjustment entries
the journal. account heads.
. are passed.
Classification of Business Processes
Business Strategy

Order to Cash Process (O2C) Flow Cycle The strategy of the company is specified, which describes its long-
term concepts to develop a sustainable competitive advantage in the
market.
Recording Pick release
Customer Order Determines Realize
Availability of the The items are
A purchase order items is checked moved from the Goals
is received from a and customer warehouse to the
customer. The business strategy is broken down to Operational Goals which can
order is booked. staging area. be organized, so that each goal can be divided into a set of sub-goals.
Determines Realize

Receipt Invoice Shipping Organizational Business Processes

Money is received Invoice of the The items are High-level processes that are typically specified in textual form
from the customer transaction is loaded onto the by their inputs, their outputs, their expected results and their
against the invoices. generated and sent carrier for transport dependencies on other organizational business processes.
to the customer. to the customer.
Determines Realize

Operational Business Processes

Reconciliation The activities and their relationships are specified, but implementation
The bank aspects of the business process are disregarded.
reconciliation of
all the receipts is Determines Realize
performed.
Implemented Business Processes
Contain information on the execution of the process activities.

18 December 2019 The Chartered Accountant Student

1
 INformation technology
Business Process Management (BPM) - “The achievement of an Define
organization’s objectives through the improvement, management Measurements that are critical to customer
and control of essential business processes”. satisfaction [Critical to Quality, (CTQ)] are
identified for further project improvement.
BPM's Principles BPM's Practices

• Business processes • Strive for process-oriented Control Measure

are organizational organizational structure;
assets that are central • Appoint process owners;
to creating value for • Senior management needs to
customers; commit and drive BPM and
• By measuring, execution of BPM process
monitoring, controlling, improvements should take a
and analyzing business bottom-up approach;
processes, a company • Put in place information
can deliver consistent technology systems to
value to customers; monitor, control, analyze, and
• As the basis for process improve processes;
improvement - business • Work collaboratively with
processes should be business partners on cross-
continuously improved; organizational business
and processes;
• Information technology • Continuously train the
is an essential enabler workforce and continuously
for BPM. improve business processes;
• Align employee bonuses and
rewards to business process
performance;
• Utilize both incremental (e.g.,
Six Sigma) and more radical
(e.g., BPR) methodologies
to implement process
improvement.
Business Process Management Life Cycle
(BPM - L Cycle)
ANALYSIS
Involves analysis of the current environment
and current processes, identification of needs
and definition of requirements.
OPTIMIZE DESIGN
Involves evaluation of potential
Iterate for continuous
improvement. solutions to meet the identified
needs, business process designing
and business process modeling.
RUN & MONITOR IMPLEMENTATION
Involves business process Involves project
execution or deployment preparation, blue
and business process printing, realization, final
monitoring. preparation, go live and
support.
Theories of Process Management
Under the BPM framework, Business Process Re-engineering
(BPR) and incremental process improvement methodologies
(i.e., Six Sigma, TQM, etc.) are tools that organizations can use
to implement process improvement.
Six Sigma- A set of strategies, techniques, and tools for process
improvement. It follows a life-cycle having phases: Define,
Measure, Analyze, Improve and Control (or DMAIC).
Process is standardized Process output
and documented. Project is measures that are
evaluated and lessons learned attributes of CTQs are
are shared with others. determined.
Six Sigma
Improve
The most appropriate Analyze
solution is identified using The possible causes are
solution prioritization analyzed statistically to
matrix and validated using determine root cause of
pilot testing. variation.
• “BPR is the fundamental rethinking and radical redesign
of processes to achieve dramatic improvement, in
critical, contemporary measures of performance such as
cost, quality, service and speed”.
• Business Process Reengineering is based on the
understanding that the products and services a company
offers to the market are provided through business
processes, and a radical redesign of these processes is the
road to success.
Total Quality Management (TQM) is a comprehensive
and structured approach to organizational management that
seeks to improve the quality of products and services through
ongoing refinements in response to continuous feedback. TQM
processes are divided into four sequential categories: Plan, Do,
Check, and Act (the PDCA cycle).
Act Plan
People document their Define the problem
results; inform others to be addressed,
about process changes, and collect relevant data,
make recommendations and ascertain the
for the problem to be problem's root cause.
addressed in the next
PDCA cycle.
Total Quality
Management
Do
Check People develop and
implement a solution,
People confirm the results
through before-and-after and decide upon a
data comparison. measurement to gauge its
effectiveness.
Control refers to the policies, procedures, practices and
organization structures that are designed to provide reasonable
assurance that business objectives are achieved and undesired
events are prevented, detected or corrected.
BPR Success factors: BPR implies not just change but dramatic
change in the way a business functions. Research has identified
some key factors for BPR projects to succeed. These factors are
as follows:
• Organization wide commitment: Changes to business
processes would have a direct impact on processes,
organizational structures, work culture, information flows,
infrastructure & technologies and job competencies. This
requires strong leadership, support and sponsorship from
the top management.

The Chartered Accountant Student December 2019 19

2
INformation technology

• BPR team composition: A BPR team is formed which

Need for BPM Implementation
would be responsible to take the BPR project forward
and make key decisions and recommendations. The Active Optimal Integrated
BPR team would include active representatives from top Add Value Networking Success
Design
management, business process owners, technical experts
and users.
• Business needs analysis: It is important to identify exactly
• Process • Strategic BPM • Business and
what current processes need reengineering. A series of
Documentation implementation IT Service
sessions are held with the process owners and stakeholders
and • Process management
and all the ideas would be evaluated to outline and
Implementation oriented IT • Sourcing
conceptualize the desired business process.
• IT system management management
• Adequate IT infrastructure: Adequate investment in IT Launch • Business • Integration
infrastructure in line is of vital importance to successful • Enterprise process lifecycle management
BPR implementation. An IT infrastructure is a set of architecture • Compliance
hardware, software, networks, facilities, etc. in order modeling Management
to develop, test, deliver, monitor, control or support IT
services.
Business Process Automation (BPA) is a strategy that is used
• Effective change management: BPR involves changes in
people behavior and culture, processes and technologies. to optimize and streamline the essential business processes,
An effective change management process would consider using the latest technology to automate the functions involved
the current culture to foster a change in the prevailing in carrying them out.
beliefs, attitudes and behaviors effectively. Benefits
• Ongoing continuous improvement: BPR is an ongoing Saving on Automation leads to saving in time and labor
process hence innovation and continuous improvement are costs costs.
key to the successful implementation of BPR. Staying Today, in order to survive, businesses need to
ahead in adopt automation.
competition
Fast This was not the initial reason for adoption of
BPM Implementation service to BPA but gradually business managers realized
customers that automation could help them to serve their
• BPM is actually paper-based standard operating customers faster and better.
procedures taken to their most productive level – Risks
throughout the initiation of increasingly business- Risk to jobs Jobs that were earlier performed manually
centric technological advances. by several employees would post-automation
would be mechanized, thereby posing a threat
• The key to a successful BPM implementation is to to jobs.
consider it not just as an improvement programs but False sense Automating poor processes will not gain better
make it an integral part of business strategy. of security business practices.
• An effective BPM implementation has to result in BPM Technology
the institutionalization of process improvement as
a fundamental management practice. This can be BPM Technology can complement existing (and future)
effectively achieved through proactive and predictive investments in applications and give organizations the ability
management of relevant business processes. to implement a real – time process improvement without the
extensive process conversion efforts as the original business
processes already exist.
Key factors and related considerations in implementing BPM The process architecture of BPM contains four layers:

Factors Key Considerations • The Database layer physically contains data;

Scope A single process, a department, the entire
company
Goals Process understanding, improvement,
automation, re-engineering, optimization
Methods to be Six Sigma, BPM Life Cycle Method, TQM,
used Informal methods
Skills Required Consultants, Train Employees, Formal
Certification, Basic Education, Existing
Skill sets
Tools to be used White-Boards, Sticky Notes, Software
For Mapping, Documenting, Software for
Simulation, Comprehensive BPMS
Investments to Training, Tools, Time
Make
Sponsorship/ Executive Level, Department Level,
Buy-in Needed Process Owner Level, Employee Level
• Application Layer contains applications and process logic;
• Presentation Layer is what users see;
• Process Layer is an independent layer linking various
independent applications needed to execute a single end to
end business process.
Value Chain Automation
Value chain refers to separate activities which are necessary to
strengthen an organization's strategies and are linked together
both inside and outside the organization. The idea of the Value
Chain is based on the process view of organizations, the idea of
seeing a manufacturing (or service) organization as a system,
made up of subsystems each with inputs, transformation
processes and outputs.
Six business functions of the value chain are as follows:
• Research and development
• Design of products, services, or processes
• Production
• Marketing and sales
• Distribution
• Customer service

20 December 2019 The Chartered Accountant Student

3

Accounting Systems Automation
An Accounting Information System (AIS) is defined as a system
of collection, storage and processing of financial and accounting
data that is used by decision makers.
Accountants and Auditors must study and understand AIS and
related concepts so that they can accomplish the functions of
accounting, general accounting reports and using accounting
reports. The Accounting Information System is the mechanism
that allows accountants to perform their accounting functions and
tasks. Basic Functions of an Accounting Information System.
1 Collect and Collect and store data about
store data organization’s business activities and
transactions by capturing transaction
data from source documents and posting
data from journals to ledgers.
2 Record Record transactions data into journals.
transaction These journals present a chronological
record of what occurred and provide
management with information useful for
decision making.
3 Safeguard Provide adequate controls to ensure
organisational that data are recorded and processed
assets accurately by safeguarding organizational
assets (data and systems).
• Processing Cycles of an Accounts BPM: These are namely
Financing Cycle, Revenue Cycle, Expenditure Cycle,
Human Resource Cycle, and Production Cycle.
Financing Cycle The cycle consists of a set of transactions
leading to the recognition of a major economic
event on the financial statements.
Revenue Cycle It includes transactions surrounding the
recognition of revenue involving accounts
like Sales, Accounts Receivable, Inventory and
General Ledger.
Expenditure It includes transactions surrounding the
Cycle recognition of expenditures involving accounts
like Purchases, Accounts Payable, Cash
Disbursements, Inventory and General Ledger,
preparation and recording of purchase orders;
receipt of goods and the recording of the
cost of inventory; receipt of vendor invoices;
recording of accounts payable and preparation
and recording of cash disbursements.
Human This involves activities of hiring and paying
Resource Cycle employees.
Production This involves the recurring set of business
Cycle activities and related data processing
operations associated with the manufacturer
of products including activities like converting
raw materials and labor into finished goods.
• General Ledger & Reporting System: The information
processing operations involved in updating the general
ledger and preparing reports, summarize the results of an
organization’s activities. An important function of the AIS is
to efficiently and effectively collect and process the data about
a company’s transactions.
• Data Processing Cycle: In the data processing cycle, the
processes of business activities about which data must be
collected and processed are identified. Further, the activities,
resources affected by that event, the agents who participate in
that event and the event of interest could be the input, output,
processing, storage, alerts, controls and feedback.
INformation technology
Data Processing Cycle
The Data Processing Cycle consists of following basic steps
with alerts, controls and feedback at each step.
Data Input Involves the activities like capturing the
data, implementing control procedures,
recording in journals, posting to ledgers
and preparation of reports.
Data Storage Involves organizing the data in master file
or reference file of an automated system for
easy and efficient access.
Data Involves addition, deletion and updating of
Processing the data in the transaction file, master file
or reference file.
Information Involves generation of documents and
Output managerial reports in printable or
electronic form for addressing queries.
Benefits of BPMS
Automating repetitive business processes
• Processes such as report creation and distribution or the
monitoring of or reporting on company’s Key Performance
Indicators (KPI) reduces the manual operational costs
and helps employees to concentrate on activities that are
important to the success of business.
Bpms works by ‘loosely coupling’ with a company's
existing applications
• Enables to monitor, extract, format and distribute
information to systems and people; in line with business
events or rules.
Operational savings
• BPM focuses on optimization of processes. The processes
that are repetitive are optimized and lead to reduced
expenses which translate to immediate cost savings.
Reduction in the administration involved in compliance
and iso activities
• The BPM is ideally suited to support companies in
their quest for process improvement and compliance/
governance certification.
• It gives full control over process and document change,
clarity of inherent risks, and ease with which process
knowledge is communicated across the company.
Freeing-up of employee time
• There is a hard cost associated with employee time as well
as soft costs associated with losing business or lowered
productivity.
• Another area where time comes into play is in opportunity
costs.
The Chartered Accountant Student December 2019 21
4
INformation technology
Business Risks of failure of IT
Reasons for failure of BPMS
• Superficial or deficient executive involvement;
• Deficient project management;
• Breakdown in gap analysis;
• Limited options for customization of the BPM software is
required;
• Not flexible enough or too complicated to be customized to
meet the precise workflow and business process;
• Failure to identify future business needs;
• Inadequate assessment of the need for change management;
• Persistent compatibility problems with the diverse legacy
systems of the partners;
• Resources not available when desirable;
• Software fails to meet business needs;
• System may be over-engineered when compared to the
actual requirements; and
• Technological obsolescence.
• Standardizing communications with others
• Documentation aids such as E-R Diagrams, System
Flowcharts, and Data Flow Diagrams are more standardized
tools and they are more likely to be interpreted the same way
by all parties viewing them.
• Auditing information systems
• Documentation helps depict audit trails, documentation helps
auditors determine the strengths and weaknesses of a system’s
controls.
• Documenting business processes
• Documentation helps managers better understand how their
businesses operate what controls are involved or missing from
critical organizational activities, and how to improve core
business activities.

Information as a Business Asset

Pictorial Representation for Mapping
Information becomes an asset for an organization if it is useful,
digital, accessible, relevant, accurate, trust-worthy, searchable, Business Processes
understandable, spatially enabled and shareable at the time when
required. Information can be treated as a valuable commodity if
it can be used effectively.
Information that is accurate and encompassing will allow a. Entity
decision-makers to better an organization’s performance. Relationship b. Data Flow
Without reliable information, the decision-making process can Diagram Diagram
be badly hampered and an informed decision impossible to
make.
To achieve operational performance, it is important to ensure
that Information Technology infrastructure is tailored to
an organization that is able to meet an organization’s needs e. Decision Pictorial
for Customer Relationship Management (CRM), Enterprise Table Representation
Resource Planning (ERP), Business Intelligence (BI), Data Techniques
Warehousing, Data Migration and Replication.

Approaches to Mapping Systems

Approaches to Mapping systems- Documentation includes the c. Flow chart
d. Decision
flowcharts, narratives and other written communications that
describe the inputs, processing and outputs of an Accounting Tree
Information System. Documentation also describes the logical
flow of data within a computer system and the procedures that
employees must follow to accomplish application tasks.

Reasons why documentation is important to

Information Systems a. ER Diagram: An Entity-Relationship (ER) diagram is a
• Depicting how the system works data modeling technique that creates a graphical representation
of the entities, and the relationships between entities, within an
• Documentation is required to help employees understand how information system.
a system works, assist accountants in designing controls for it,
demonstrates to managers that it will meet their information Shapes Type of Relationship
needs, and assists auditors in understanding the systems that
they test and evaluate. Boxes are commonly used to One-to-One relationship (1:1)
represent entities. One-to-Many relationship (1:N)
• Training users Diamonds are normally used to Many-to-One relationship
• Documentation also includes user guides, manuals, and represent relationships. (M:1)
similar operating instructions that help people learn how an Ovals are used to represent Many-to-Many relationships
Information System operates. attributes. (M:N)
Advantages Limitations
• Designing new systems
• ER Modeling is simple and easily • Physical design derived
• Documentation helps system designers develop new systems understandable. It is represented from E-R Model may
in much the same way that blueprints help architects design in business users’ language and have some amount
building. it can be understood by non- of ambiguities or
technical specialist. inconsistency.
• Controlling system development and gap • Intuitive and helps in Physical • Sometime diagrams may
maintenance costs Database creation. lead to misinterpretations.
• Can be generalized and specialized
• Helps system designers develop object-oriented software, based on needs.
which is software that contains modular, reusable code • Can help in database design.
that further avoid writing duplicate programs and facilitate • Gives a higher level description of
changes when programs must be modified later. the system.

22 December 2019 The Chartered Accountant Student

5
 INformation technology
b. Data Flow Diagram (DFD) is a graphical representation of Basic Flowchart Shapes
the flow of data through an information system. The major DFD
component’s symbols are as follows:
Entity An entity is the source or destination of data. Entities
are often represented as rectangles.
Process The process is the manipulation or work that transforms
data, performing computations, making decisions (logic
flow), or directing data flows based on business rules. Process Decision Document Data
Data A data store is where a process stores data between
Store processes for later retrieval by that same process or
another one.
Data Data flow is the movement of data between the entity,
Flow the process and the data store. Data flow portrays the Start 1 Start 2 Pre-defined Stored Data
interface between the components of the DFD. Process
Meaning Symbols
Process or
Data Store or
Internal Sequential Direct Data Manual
Entity Storage Data Input
Data Flow

Types of DFD
Logical Data A logical DFD focuses on the business and how
Flow Diagram the business operates. It describes the business Card Paper Tape Delay Display
events that take place and the data required
and produced by each event. The logical model
reflects the business.
Physical Data A physical DFD shows how the system will be
Flow Diagram implemented. The physical model depicts the Manual Preparation Parallel Loop Limit
system. Operation Mode
Advantages of DFD Limitations of DFD
• It aids in describing the boundaries • It make the
of the system. programmers little
• It is beneficial for communicating confusing concerning Terminator On-page Off-page Flowchart
existing system knowledge to the the system. Reference Reference shapes
users. • The biggest drawback
• A straightforward graphical of the DFD is that it
technique which is easy to recognize. simply takes a long
• DFDs can provide a detailed time to create, so long
representation of system that the analyst may
components. not receive support Auto height Dynamic Line curve Control
• It is used as the part of system from management to Text
documentation file. complete it.
Connector Connector Transfer
• DFDs are easier to understand • Physical considerations
by technical and nontechnical are left out.
audiences.
• It supports the logic behind the data fdgdfgfg
flow within the system.
Annotation
c. Flow Chart is a type of diagram that represents an algorithm,
workflow or process, showing the steps as boxes of various kinds, d. A Decision Tree also termed as an Inference or Logical tree
and their order by connecting them with arrows. is a collection of a basis (condition) and a conclusion (action).
It allows the programmer to compare different approaches and • A decision tree is a decision support tool that uses a tree-like
alternatives on paper and often shows interrelationships that are graph or model of decisions and their possible consequences,
not immediately apparent. including chance event outcomes, resource costs, and utility.
• Decision Trees are measured to be one of the most accepted
Advantages of using Flowchart approaches for representing classifier.
• Quicker grasp of relationships Advantages of using Decision Tree
• Effective Analysis • Are simple to understand and interpret. People are able to
• Communication understand decision tree models after a brief explanation.
• Documentation
• Efficient coding • Possible scenarios can be added.
• Orderly check out of problem • Worst, best and expected values can be determined for
• Efficient program maintenance different scenarios.

Limitations of using Flowchart Limitations of using Decision Tree

• Complex logic • For data including categorical variables with different number
• Modification of levels, information gain in decision trees are biased in favor
• Reproduction of those attributes with more levels.
• Link between conditions and actions • Calculations can get very complex particularly if many values
• Standardization are uncertain and/or if many outcomes are linked.

The Chartered Accountant Student December 2019 23

6
 INformation technology
Advantages of using Decision Table
e. A Decision Table is a table which may accompany a
• Easy to Draw – Decision Tables are easy to draw and modify as
flowchart, defining the possible contingencies that may be compared to flowcharts.
considered within the program and the appropriate course • Compact Documentation – The documentation in the form of
of action for each contingency. decision tables is compact since one decision table may replace few
pages of a flowchart.
• Simplicity – It is easier to follow a particular path in one column of a
Condition Stub Action Stub decision table than it is to go through several pages of the flowcharts.
comprehensively lists the • Direct Codification - The decision tables can be directly coded into
comprehensively lists the
comparisons or conditions. actions to be taken along the a program.
various program branches. • Better Analysis – A decision table shows various alternatives and
their respective outcomes side by side for better analysis of the
Quadrants of problem.
Decision Table • Modularity – The complex problems would require complex
decision tables which can be easily broken down to micro-decision
Action Entries tables.
Condition Entries
lists in its columns • Non-technical – No knowledge of computer language or CPU
list in its various columns corresponding to the condition working is necessary for drawing decision tables.
the possible permutations of entries the actions con­tingent
Limitations of using Decision Table
answer to the questions in the upon the set of answers to
conditions stub. questions of that column. • All programmers may not be familiar with Decision Tables and
therefore flow charts are more common.
• Flowcharts can better represent a simple logic of the system rather
than a decision table.
• The decision tables do not express the total sequence of the events
needed to solve the problem.

CHAPTER 2: INFORMATION SYSTEMS AND IT FUNDAMENTALS

This chapter deals with importance and impact of IT in auditing; Information System Layers; Information System Life Cycle; and
various computing technologies.

Need for Information Technology Audit Objectives

• Enterprises can now integrate their business EXISTENCE
functions and segments spread across different • Verify that the assets, liabilities, ownership, and/or activities
geographical areas. are real.
• Enterprises equipped with email, video
conferencing equipment and internal chat
rooms provide an efficient way to communicate
AUTHORIZATION
and conduct business. • Verify that events have occurred in accordance with
• VOIP service allows people across the world to management’s intent.
make free, unlimited, superior quality voice calls
via its innovative peer-to-peer software. Example VALUATION
Communication

- Skype.
Capabilities

• WhatsApp Messenger is a cross-platform • Verify that the accounting values fairly present items worth.
mobile messaging application which allows us to
exchange messages without having to pay for SMS. CUTOFF
It is available for: iPhone, BlackBerry, Android,
Windows phone etc. • Verify that the transaction is re-coded in the proper accounting
• Team-ware, Collaboration Software or period.
Groupware software allow collective and
collaborative working of teams from different
geographical locations on an online and real-time COMPLIANCE
basis. • Verify that the processing is in compliance with governmental
laws and regulations, generally accepted accounting
• Most enterprises store digital versions of procedures, and organization's policies and procedures.
Management
Information

documents on servers, storage devices and on

Data and

cloud economically and employees benefit from OPERATIONAL

immediate access to the documents they need
regardless of their geographical location. • Verify that the program, area, or activity is
performed economically, efficiently, and effectively;
• Used to optimize and streamline the essential • Assisting management in finding ways to
business processes, using the latest technology implementing internal control recommendations;.
to automate the functions involved in carrying • Participating in specifying and designing computer
control and other features for systems to be installed;
Automated

them out.
Processes

• Determining whether efficient use is made of the organization’s

• Allows the organizations to extract maximum
Computer resources; and
benefit by using the available resources to their • Determining whether Computer system used
best advantage, while keeping the operational accomplishes the business objectives and goals.
cost as low as possible.

24 December 2019 The Chartered Accountant Student

7
 INformation technology
Audit Procedures
REALIGNMENT OF CHANGES IN CUSTODY OF
Study • Gather evidential matter relating to technical FUNCTIONS FILES AND DOCUMENTS
Technical aspects of systems under study, including
Aspects all relevant documentation describing the Data entry and source of Ready access to data over telecom
computer facility, application programs, transactions may be centralized. links complicate custodial
operating procedures, security procedures and functions of data. Data librarian
so on. may become in charge for data.

Use Unique • Require application of unique techniques to Major areas in which

Techniques these efforts. For example, the audit planning Controls have been affected
step includes review of technical documentation
and interviewing technical specialists. DECLINE OF
• The auditor must understand the procedures for TRANSFER OF ACCOUNTABILITY
testing and evaluating Computer Controls. RESPONSIBILITIES
Traditional functions,
Audit • These procedures include the use of generalized Single action by user may responsibilities and boundaries
Software audit software to survey the contents of data complete the entire processing have been eliminated or are
Usage files, the use of specialized software to assess the cycle of the transaction. obscured by new methods.
contents of operating system parameter files and
flow-charting techniques for documenting the
automated applications.
From IT perspective, various IT processes that are usually
involved in a typical business enterprise:
Need for Controls in Information Systems
Database access Provides access to data via ODBC (Open
and changes DataBase Connectivity) connections, data
Information
updates, and file transfers.
Information
Reliability Integrity
File replication Protects valuable data by backing up
and Data backup databases and key systems.
Validity for timely flow Systems and Reviews and analyzes the event log and critical
of accurate information
throughout the Event Log systems, and create multistep corrective
organization monitoring action, such as restarting a server service.
With BPA, these processes run automatically
when certain events occur.
Job Scheduling Automates processes that perform a variety of
Need for significant Control Process daily or unscheduled tasks.
Application Automates IT and business processes by
Safeguarding assets to maintain data integrity to achieve system Integration combining applications that drive business.
effectiveness and efficiency is a significant control process. Complex processes such as database queries,
Information Systems Control Procedure may include data transformation and spreadsheet
integration can be automated.
• Strategy and Direction; File Transfers Can be automated to deliver and retrieve data
on set schedules.
• General Organization and Management; Printing Automated to simplify print jobs.

• Access to IT resources, including data and programs;

Business Process Automation - Critical pillars
• System development methodologies and change control;
INTEGRATION ORCHESTRATION AUTOMATION

• Operation procedures; Allows applications Enables the ability Orchestration and

and operating to bring tasks that integration unite
• System Programming and Technical support functions; systems not only to exist across multiple with automation
read data that the computers and to deliver the
• Quality Assurance Procedures; systems produce, different business capability to
but also to pass departments or provide a rules-
• Physical Access Controls; data between branches under one based process
the component umbrella that is the of automatic
• Business Continuity Planning (BCP) and Disaster Recovery applications of the business process execution that
Planning (DRP);
business process itself. can span multiple
• Network and Communication; and to modify the systems and enable
data as necessary. a more effective,
• Database Administration; and nimble and
efficient business
• Protective and detective mechanisms against process.
internal and external attacks.

The Chartered Accountant Student December 2019 25

8
INformation technology
Steps involved in implementing Business Process Automation A computer that delivers (serves up) web
Web pages. Every web server has an IP address
(BPA)
Server and possibly a domain name.
Step 1: Define The answer to this question will provide
why we plan to justification for implementing BPA.
implement BPA? Mail Mail server moves/stores mail over
Server corporate networks.
Step 2: Understand The underlying issue is that any BPA
rules/ regulation created needs to comply with applicable
under which it laws and regulations.
needs to comply instruction set
with?
Instruction set is the set of machine code instructions that the
Step 3: Document The current processes which are planned processor can carry out. CPU (Processor), the center piece of the
the process, we to be automated need to be correctly and computer’s architecture, is in charge of executing the instructions
wish to automate. completely documented at this step. of the currently loaded program.
Step 4: Define the This enables the developer and user to Instruction Set Architecture (ISA) is related to the programming
obj e c tive s/g o a l s understand the reasons for going for BPA. of a computer – that is, how the computer understands what each
to be achieved The goals need to be precise and clear. element in its basic language means, what instructions are to be
by implementing carried out and in what order, etc.
BPA. The instructions may be Data Movement Instructions, Transfer of
Step 5: Engage Once the entity has been able to define Control, Arithmetic/Logical Instructions; Input/Output and some
business process the above, the entity needs to appoint an miscellaneous instructions that handle interrupts and activities.
consultant. expert, who can implement it for the entity.
Types of instructions are as follows:
Step 6: Calculate The answer to this question can be used for
the RoI for project. convincing top management to say ‘yes’ to Fixed Length Instructions Variable Length Instructions
the BPA exercise.
Fixed - length instructions are Variable - length instructions
Step 7: Once the top management grant their commonly used with RISC are commonly used on CISC
Development of approval, the right business solution processors. machines.
BPA. has to be procured and implemented or
developed and implemented covering All machine code instructions Each instruction uses exactly
necessary BPA. are of the same length i.e. fixed the amount of space it
length. requires.
Step 8: Testing the Before making the process live, the BPA
BPA. solutions should be fully tested. Since each instruction occupies The variable length
the same amount of space, instructions reduce the
memory space is wasted by this amount of memory space
Computing Technologies form of instruction. required for a program.
Servers: Servers are often dedicated, meaning that they
They make the job of fetching These instructions take
perform no other tasks besides their server tasks. and decoding instructions easier relatively more time for
• From a hardware perspective, a Server is a computer and more efficient, i.e. they can execution.
(Hardware) or device on a network dedicated to run one be executed in less time than the
or more services (as a host), to serve the needs of the corresponding variable length
users of other computers on a network. instructions.
• In the context of client-server architecture, a Server
is a computer program running to serve the requests of
other programs, the "clients". Classification of Instruction Set: An important aspect of
computer architecture is the design of the instruction set for
Types of Servers the processor, which is of two types:

A computer and storage device dedicated • Complex Instruction Set Computer (CISC): If the
File Server to storing files. Any user on the network control unit contains a number of micro-electronic
can store files on the server.
circuitry to generate a set of control signals and each
micro-circuitry is activated by a micro-code, this
Print A computer that manages one or more
printers. design approach is called CISC design. Examples of
Server
CISC processors are: Intel 386, 486, Pentium, Pentium
Pro, Pentium II, Pentium III processors etc.
Network A computer that manages network traffic.
Server • Reduced Instruction Set Computer (RISC): To
execute each instruction, if there is separate electronic
Database A computer system that processes database circuitry in the control unit, which produces all the
Server queries.
necessary signals, this approach of the design of the
control section of the processor is called RISC design.
A program that handles all application
Application operations between users and an It is also called hard-wired approach. Examples of RISC
Server enterprise's backend business applications processors: IBM RS6000, MC88100 processors etc.
or databases.

26 December 2019 The Chartered Accountant Student

9
 INformation technology
INFORMATION SYSTEM LAYERS

DBMS HARDWARE PEOPLE

SYSTEM NETWORK
APPLICATIONS
SOFTWARE LINKS

Hardware is the tangible portion of our computer systems; Educational Holds contents adopted for use by students.
something we can touch and see. Software E.g. Examination Test CDs.

Media Addresses individual needs to generate

Hardware Architecture and print electronic media for others to
Development
consume. E.g. Desktop Publishing, Video
Software Editing etc.
Data Output
Input Processing Storage
Devices Devices Devices Advantages of Application software Disadvantages of
Devices
Application software
• Addressing User needs: It meets • Development is costly.
Control the exact needs of the user. • Infection from
ALU Registers • Less threat from virus: The threat Malware.
Unit
of viruses invading custom-made
applications is very small.
• Regular updates: Licensed
Internal Primary Secondary application software gets regular
Memory Memory Memory updates from the developer for
security reasons.

System Software is computer software that is designed to operate

Application Software: This includes all that computer
software that cause a computer to perform useful tasks
beyond the running of the computer itself. The different
types of application software are as follows:
Has multiple applications bundled together.
Application Related functions, features and user
interfaces interact with each other. E.g. MS
Suite Office 2010 which has MS Word, MS Excel,
MS Access etc.
the computer hardware and to give and maintain a platform for
running application software. One of the most important and
widely used system software is computer operating systems.
An Operating System (O/S) is a set of computer programs that
manages computer hardware resources and acts as an interface
with computer applications programs.
Variety of Activities performed by O/S

Performing Hardware functions

Enterprise Addresses an enterprise's needs and data
Software flow in a huge distributed environment. E.g. • Acts as an intermediary between the application program
ERP Applications like SAP.
and the hardware.

Enterprise Provides capabilities required to support User Interfaces

Infrastructure enterprise software systems. E.g. email
Software servers, Security software.
• Provides user interface by accessing how we interface with
our system.
Addresses individual needs required
Information to manage and create information for
Worker Hardware Independence
individual projects within departments.
Software E.g. Spreadsheets, CAAT (Computer
Assisted Audit Tools) etc. • Provides Application Program Interfaces (API), which can
be used by application developers to create application
software, thus obviating the need to understand the inner
Used to access contents and addresses workings of OS and hardware. Thus, OS gives us hardware
Content a desire for published digital content &
Access entertainment. E.g. Media Players, Adobe independence.
Software Digital etc.

The Chartered Accountant Student December 2019 27

10
INformation technology
Memory Management
Important Definitions in Networking
• Allows controlling how memory is accessed and maximize Refers to the process of deciding on how
available memory & storage. Routing to communicate the data from source to
destination in a network.
Task Management
Bandwidth Refers to the amount of data which can be
• Facilitates a user to work with more than one application sent across a network in given time.
at a time i.e. multitasking and also allows more than one
user to use the system i.e. timesharing.
Refers to the ability of a network to recover
Resilience from any kind of error like connection
Networking Capability failure, loss of data etc.

• Provides systems with features & capabilities to help Refers to the situation that arises when
connect computer networks. Contention there is a conflict for some common
resource in a network.

Logical Access Security

• Provides logical security by establishing a procedure Database Management Systems (DBMS)

for identification & authentication using a User ID and
Password.
DBMS Record keeping
File Management

• Keeps a track of where each file is stored and who can Adding new files
access it, based on which it provides the file retrieval. to database

Network Links: Computer Network is a collection

of computers and other hardware interconnected by
communication channels that allow sharing of resources
Deleting Retrieving
and information. Each component, namely the computer in existing Modifying or querying
a computer network is called a ‘Node’. files from data in data from
database existing files existing files

Benefits of Computer Network

Inserting Deleting data
Distributed data in in existing
Resource Computational existing files files
nature of Sharing Power
information

User
DBMS - Basic Concepts
Reliability communication
Characters Collection of Bits.

Types of Computer Network Collection of Characters.

Field

Connection Oriented Networks

• Wherein a connection is first established and then data is Record Collection of Fields.
exchanged, like it happens in case of telephone networks.

File Collection of
Connectionless Networks Records.

• Where no prior connection is made before data

exchanges. Data which is being exchanged in fact has a Database Collection
complete contact information of recipient and at each of Files.
intermediate destination, it is decided how to proceed
further, like it happens in case of postal networks.

28 December 2019 The Chartered Accountant Student

11

Hierarchical Database
Network Database
Model
Model
DATABASE MODELS
Relational Database Object Oriented Database
Model Model
advantages of dbms
Permitting data sharing
• In DBMS, the same information can be made available to
different users.
Minimizing Data Redundancy
• In a DBMS, duplication of information or redundancy is, if
not eliminated, carefully controlled or reduced.
Integrity can be maintained
• Data integrity is maintained by having accurate, consistent,
and up-to-date data. Updates and changes to the data only
have to be made in one place in DBMS ensuring Integrity.
Program and file consistency
• The file formats and programs are standardized. This
makes the data files easier to maintain because the same
rules and guidelines apply across all types of data.
User-friendly
• DBMS makes the data access and manipulation easier for
the user and also reduces the reliance of users on computer
experts to meet their data needs.
Improved security
• DBMS allows multiple users to access the same data
resources which could lead to risk to an enterprise if not
controlled. Security constraints can be defined.
Achieving program/data independence
• In a DBMS, data does not reside in applications but data
bases program & data are independent of each other.
Faster application development
• In the case of deployment of DBMS, the data is already
therein databases, application developer has to think of
only the logic required to retrieve the data in the way a
user needs.
INformation technology
Information System Life Cycle
Phase 1: Investigate
Understand the Problem
Phase 5: Maintenance & Phase 2: Analyse
Review Assess the Solutions
Evaluate Results
Phase 3: Design
Phase 4: Implementation
Design or select the
Put Solution into affect best solution
Phase 1: System Investigation - Examines ‘What is
the problem and is it worth solving?'
 Technical feasibility: Does the technology exist to
implement the proposed system or is it a practical
proposition?
 Economic feasibility: Is proposed system cost-effective: if
benefits do not outweigh costs, it’s not worth going ahead?
 Legal feasibility: Is there any conflict between the
proposed system and legal requirements?
 Operational feasibility: Are the current work practices
and procedures adequate to support the new system?
 Schedule feasibility: How long will the system take to
develop, or can it be done in a desired time-frame?
Phase 2: System Analysis - Examines ‘What must
the Information System do to solve the problem?’
 Interviewing staff: at different levels from end-users to
senior management;
 Examine current business: systems documents and
output including current order documents, computer
system procedures and reports used by operations and
senior management;
 Sending out questionnaires: that have to be carefully
constructed to elicit unambiguous answers; and
 Observation of current procedures: by spending time in
various departments. A time and motion study can show
where procedures could be more efficient or to detect
bottlenecks.
Phase 3: System Designing - Examines ‘How will the
Information System do, that it must do to obtain the
solution to the problem?'
 Hardware platform: Computer, network capabilities,
input, storage and output devices;
 Software: Programming language, package and database;
 Outputs: Report layouts and screen designs;
 Inputs: Documents, screen layouts and validation procedures;
 User interface: How users will interact with the computer
system;
 Modular design: Of each program in the application;
 Test plan: Develop test data;
 Conversion plan: How the new system is to be
implemented; and
 Documentation: Including systems and operations
documentation. Later, a user manual will be produced.
The Chartered Accountant Student December 2019 29
12
INformation technology
Phase 4: System Implementation - Examines ‘How will the Cloud Computing Architecture refers to the components
Solution be put into effect?' and subcomponents that typically consist of a Front end
Implementation can be put in place either through Installation platform (fat client, thin client, mobile device), Back end
or Conversion. platforms (servers, storage), a cloud based delivery, and a
network (Internet, Intranet, Intercloud).
Installation involves Conversion involves following
following major activities: Front End Back End
activities: • Direct Changeover: The user
• Installing the stops using the old system one The Front End of the cloud In cloud computing, the
new hardware, particular day and starts using computing system comprises Back End is cloud itself
which may the new system from thereon, of the client’s devices (or it which may encompass
involve extensive usually over a weekend or
re-cabling and during a slack period. may be a computer network) various computer machines,
changes in office • Parallel Conversion: The old and some applications are data storage systems and
layouts; system continues alongside the needed for accessing the cloud servers.
• Training the users new system for a few weeks or computing system. Existing
on the new system; months. web browsers such as Firefox,
and • Phased Conversion: Used with Microsoft’s internet explorer or
• Conversion of larger systems that can be broken
Apple’s Safari.
master files to the down into individual modules
new system or which can be implemented
creation of new separately at different times. Service Models of Cloud Computing
master files. • Pilot Conversion: New system
Infrastructure as a Service (IaaS)
will first be used by only a Provides clients with access to server hardware, storage,
portion of the enterprise, for bandwidth and other fundamental computing resources.
example at one branch or
factory.
Software as a Service (SaaS)
In this, an application is hosted as a service provided to
Phase 5: System Maintenance and Review - Evaluates results • customers across the Internet by removing the need to
of solution and modifies the system to meet the changing install and run an application on a user’s own computer.
needs. Platform as a Service (PaaS)
Provides clients with access to the basic operating
Perfective This implies that while the system runs software and optional services to develop and use
Maintenance satisfactorily, there is still room for software applications without the need to buy and
improvement. manage the underlying computing infrastructure.

Adaptive All systems will need to adapt to changing Network as a Service (NaaS)
Maintenance needs within a company. Involves optimization of resource allocation by
considering network and computing resources as a
whole. Example - VPN, Mobile N/w Virtualization.
Corrective Problems frequently surface after a system
Maintenance has been in use for a short time, however
Communication as a Service (CaaS)
thoroughly it was tested. Any errors must Allows businesses to selectively deploy communication
be corrected. devices and modes on a pay-as-you-go, as-needed basis.
This approach eliminates the large capital investments.
Examples are: Voice over IP (VoIP), Instant Messaging (IM),
cloud computing Collaboration and Videoconferencing.

Cloud Computing is defined as the use of various services,

such as software development platforms, servers, storage, mobile computing
and software, over the Internet, often referred to as the Mobile Computing: Defined as the use of portable computing
"Cloud." Cloud Computing Environment involves the devices like laptop/handheld computers in conjunction with mobile
following: communications technologies to enable users to access Internet and
data on their home/ work computers from anywhere in the world.
PUBLIC CLOUD: Its components are:
COMMUNITY
Composition of two or more Mobile Mobile Hardware Mobile Software
CLOUD: Shared by Communication
private, community or public
several organizations; Refers to the Includes mobile It is the actual
clouds that remain unique
externally hosted, infrastructure put in devices or device program that runs
entities but are bound together, place to ensure that components that on the mobile
but may be internally
offering the benefits of seamless and reliable receive or access the hardware.
hosted by one of the
multiple deployment models, is communication goes service of mobility.
organizations.
internally & externally hosted. on.
These would include They would range This is the engine of
devices such as from Portable that mobile device.
HYBRID CLOUD: Protocols, Services, laptops, Smart In other terms, it
PRIVATE CLOUD: Used Bandwidth and phones, Tablet PC’s is the operating
Provisioned for open
for a single organization; Portals necessary to to Personal Digital system of that
use for the public by a
can be internally or facilitate and support Assistants. appliance.
particular organization
externally hosted. the stated services.
who also hosts the service.

30 December 2019 The Chartered Accountant Student

13
 Information Technology
information Technology
The Capsule on IIPC(Old) Paper 7A: Information Technology incorporates Chapter 3: Telecommunication
and Network, Chapter 4: Business Information Systems and Chapter 5: Business Process Automation Through
Application Software. This capsule intends to assist students in their Quick revision and should not be taken
as a substitute for the detailed study of these chapters. Students are advised to refer to the relevant study
material and Revision Test Paper for comprehensive study and revision.

Chapter 3: Telecommunication and Network

Networking an Enterprise
Businesses are installing and extending intranets throughout their organizations to improve communications and
collaboration among individuals and teams within the enterprise. Major generic components of any telecommunications
network are terminals, telecommunications processors, communication channels, computers, and telecommunications
s/w. Telecommunications processors include modems, multiplexers, and internetworked processors. Internet and Internet-
like networks inside an enterprise are called Intranets, between an enterprise and its trading partners are called Extranets.

Advantages of a computer network in an organization

♦ File Sharing ♦ Remote Access ♦ Fault Tolerance
♦ Resource Sharing ♦ Shared Databases ♦ Internet Access and Security

telecommunicAtion network model

♦ These are starting and stopping points in any telecommunication network environment including Video
Terminals Terminals, Microcomputers, Telephones, Office Equipment, Telephone & Transaction Terminals.

♦ These support data transmission and reception between terminals and computers by providing a variety
Telecommunications
of control and support functions. They include Network Interface Card, Modem, Multiplexer and
Processors
Internetworked Processors such as Switch, Router, Hub, Bridge, Repeater, etc.

♦ Used to optimize and streamline the essential business processes, using the latest technology to automate
Telecommunications the functions involved in carrying them out.
Media/Channels ♦ Grouped into Guided Media and Unguided Media.
♦ Guided Media inludes Twisted pair Wire, Coaxial Cable, Fiber optics and Unguided Media includes
Terestrial Microwave, Radio Wave, Micro Wave, Infrared Wave and Communication Satellites.

Computers ♦ Of all sizes and types are connected through media to perform their communication assignments.

Telecommunications ♦ Consists of programs that control telecommunications activities and manage the functions of
Control Software telecommunications networks. They include Telecommunication Monitors, Network Operating
Systems for network servers, Network Management Components and Communication Packages.

Classification of Telecommunication Networks

Area Coverage Based Classification Functional Based Classification Ownership Based Classification

LAN MAN WAN Client- Peer-to- Public Private Virtual Private

Multi-Tier
Server Peer Network Network Network (VPN)

Local Area Networks (LAN)

The Local Area Networks are telecommunications networks that connect information-processing devices within a limited
physical area. It has following characteristics:
♦ Security ♦ Expanded PC usage through inexpensive workstation
♦ Distributed processing ♦ Electronic mail and Message Broadcasting
♦ Organizational Benefits ♦ Data management benefits

Metropolitan Area Network (MAN)

A Metropolitan Area Network is somewhere between a LAN and a WAN. A MAN can support both data and voice. Cable
television networks are examples of MANs that distribute television signals. A MAN just has one or two cables and does
not contain switching elements.

Wide Area Networks (WAN)

Wide Area Networks are telecommunications networks that cover large geographic areas with various communication
facilities such as long distance telephone service, satellite transmission, and under-sea cables. These networks cover areas
such as large city or metropolitan area; Whole country or many countries and continents.

The Chartered Accountant Student March 2020 15

14
Information Technology
Client Server (C/S) Network
Client/Server network is a computer network in which one centralized powerful computer (called Server) is connected to many
less powerful PCs or workstations (called Clients). A Client is a single-user workstation that provides a presentation services and
the appropriate computing, connectivity and the database services relevant to the business need. A Server is one or more multi-
user processors with shared memory providing computing, connectivity and the database services and the interfaces relevant to the
business need. Different types of Clients are - Fat/Thick Client, Thin Client and Hybrid Client.
Prominent characteristics of C/S architecture are as follows:
 Service: The server process is a provider of services and the client is a consumer of services.
 Shared Resources: A server can service many clients at the same time and regulate their access to the shared resources.
 Transparency of Location: C/S software usually masks the location of the server from the clients by redirecting the service calls
when needed.
 Mix-and-Match: The ideal C/S software is independent of h/w or O/S software platforms.
 Scalability: Client workstations can either be added or removed and the server load can be distributed across multiple servers.
 Integrity: Server code & data are centrally managed, which results in cheaper maintenance and the guarding of shared data integrity.
Issues in Client/Server Network are as follows:
 When the server goes down or crashes, all the computers connected to it become unavailable to use.
 Simultaneous access to data and services by the user takes little more time for server to process the task.

Peer to Peer Networking (p2P)

 It is created with two or more PCs connected together and share resources without going through a separate server computer.
 The prime goal of a P2P file-sharing network is that many computers come together and pool their resources to form a content
distribution system. Configured computers in P2P workgroups allow sharing of files, printers across all the devices.
Advantages
 These are easy and simple to set up and only require a Hub or a Switch to connect all the computers together.
 If one computer fails, all other computers connected to it continue to work.
Disadvantages
 There can be problem in accessing files if computers are not connected properly.
 Does not support connections with too many computers as the performance gets degraded in case of high network size.
 The data security is very poor in this architecture.

Multi-Tier Architecture
Single Tier Architecture Two Tier Architecture n-Tier Architecture
Involves putting all the required A software architecture in which a It is a client–server architecture in which
components for a software application or presentation layer or interface runs on a presentation, application processing, and
technology on a single server or platform. client, and a data layer or data structure data management functions are logically
gets stored on a server. separated.
Cl -1 Cl -2 Cl -3
Cl -1 Cl -2 Cl -3
Client 2 Tier Tier

Client 1 Client 3 Tier Server 1 Server 2

File
Server Databa se
Databa se Server Database Tier Databa se
Tier
Server

Advantages Advantages Advantages

 This system requires only one stand-  System performance is higher  Clear separation of user-interface
alone computer and installation of because business logic and database control & data presentation from
proprietary software which makes it are physically close. application-logic; Dynamic load
most cost-effective system.  More users could interact with system. balancing & change management.
Disadvantages Disadvantages Disadvantages
 Can be used by only one user at a  Performance deteriorates if number  Creates an increased need for
time. of users increases. network traffic management, server
 It is impractical for an organization  There is restricted flexibility and load balancing, and fault tolerance.
which requires two or more users to choice of DBMS, since data language  Current maintenance tools are
interact with the organizational data used in server is proprietary to each relatively immature, inadequate and
stores at the same time. vendor. more complex.
Ownership Based Classification
Public Data Network Private Data Network Virtual Private Networks (VPN)
A network established and operated by Enables the ability to bring tasks that These are overlay networks on top of public networks
a telecommunications administration, exist across multiple computers and but with most of the properties of private networks.
or a recognized private operating different business departments or They are called ‘virtual’ because they are merely an
agency, for the specific purpose of branches under one umbrella that is the illusion, just as virtual. It is a private network that
providing data transmission services business process itself. uses a public network (usually the Internet) to connect
for the public. remote sites or users together.

16 March 2020 The Chartered Accountant Student

15
 Information Technology
Network Computing
The growing reliance on the computer hardware, software, and data resources of the Internet, Intranets, extranets, and other networks has
emphasized that for many users “the network is the computer”.
Features of Network Computing are as follows:
 Network computers & other thin clients provide a browser-based user-interface for processing small application programs (applets).
 These are microcomputers without floppy or hard disk drives that are designed as low-cost networking computing devices.
 Application and database servers provide the operating system, application software, applets, databases, and database management
software needed by end users in network.

Models of Computing
Centralized Computing - It is done at a central location, Decentralized Computing - Decentralized computing is the allocation of
using terminals attached to a central computer. The computer resources, both hardware and software, to each individual workstation, or
itself may control all the peripherals directly, or they may be office location. Decentralized systems enable file sharing and all computers
attached via a terminal server. can share peripherals.
Advantages - It offers greater security over decentralized Advantages - These can run independently of each other and enable file
systems because all the processing is controlled in a central sharing and all computers can share peripherals such as printers & scanners,
location. allowing all the computers in the network to connect to the internet.

Network Topology
‘Topology’ defines the physical or logical arrangement of links in a network. It is the geometric representation of the relationship of all the
links and linking devices (usually called Nodes) to each other.

Star Network Ring Network Bus Network Mesh Network

The central unit (server) in
the network acts as the traffic
controller among all the other
computers tied to it.
Local computer processors are A single length of wire, cable, or Each node is connected by a
tied together sequentially in optical fiber connects number dedicated point to point link to
a ring with each device being of computers. every node.
connected to two other devices
under a decentralized approach.

A node failure does not bring Failure of one computer on the If one of the microcomputer If one of node fails, the network
down the entire network. Failure network can affect the whole fails, it will not affect the entire traffic can be redirected to
of server affects whole network. network. network. another node.
New nodes can be added easily It is considered to be inefficient It is easy to install, easily It is the best choice for fault
without affecting rest of the as data can only travel in one extendable and inexpensive. tolerance, however, it is very
network. route to reach its destination. difficult to setup and maintain.

Data Transmission (The transmission of binary data across a link)

Parallel Serial

Asynchronous Synchronous
Serial Mode Parallel Mode
In this, the data bits are transmitted serially one after another. In this, the data bits are transmitted simultaneously.
Data is transmitted over a single wire. Data is transmitted over 8 different wires.
It is a cheaper mode of transferring data. It is relatively expensive mode of transferring data.
It is useful for long distance data transmissions. Not practical for long distance communications as it uses parallel
paths, so cross talk may occur.
It is relatively slower. It is relatively faster.

Transmission Mode used to define direction of signal flow between two linked devices
Simplex Connection Half -Duplex Connection Full Duplex Connection
Data flows in only one direction. Data flows in one direction or the other, Data flows in both directions simultaneously.
but not both at the same time.
Terminal A Terminal B Terminal A Terminal B Terminal A Terminal B
Example – Data from user’s Example – Walkie-Talkie. Example – Mobile Phones.
computer to the printer.

The Chartered Accountant Student March 2020 17

16
Information Technology
Based on techniques used to transfer data, communication networks can be categorized into the following:
♦ Broadcast Networks: Data transmitted by one node is received by many, sometimes all, of the other nodes.This
refers to a method of transferring a message to all recipients simultaneously.
Transmission ♦ Switched Networks: Data transferred from source to destination is routed through the switch nodes. The way
Techniques in which the nodes switch data from one link to another, as it is transmitted from source to destination node,
is referred to as a switching technique. Three common switching techniques are Circuit Switching, Packet
Switching and Message Switching.

Network Architecture
♦ It refers to the layout of the network consisting of the hardware, software, connectivity, communication protocols and mode of
transmission, such as wired or wireless and its goal is to promote an open, simple, flexible, and efficient telecommunications
environment. It includes hardware components used for communication, cabling and device types, network layout and
topologies, physical and wireless connections, implemented areas and future plans.
Protocols
♦ Protocols are software that performs a variety of actions necessary for data transmission between computers. These are a set of
rules for inter-computer communication that have been agreed upon and implemented by many vendors, users and standards
bodies to ensure that the information being exchanged between the two parties is received and interpreted correctly.
The OSI Model: The International Standards Organization (ISO) developed a seven-layer Open Systems Interconnection (OSI)
model to serve as a standard model for network architectures.
TCP/IP The OSI Model Functions
Application Layer Provides communications services for end user applications.
Application or Process Layer Presentation Layer Provides appropriate data transmission formats and codes.
Session Layer Supports the accomplishment of telecommunication sessions.
Host-to-Host Transport Layer Transport Layer Supports the organization and transfer of data between nodes in the network.
Internet Protocol (IP) Network Layer Provides appropriate routing by establishing connections among network links.
Network Interface Data Link Layer Supports error-free organization and transmission of data in the network.
Physical Layer Physical Layer Provides physical transmission of data on the telecommunication media in the network.
Threats
Unstructured Threats
♦ These originate mostly from inexperienced individuals using easily available hacking tools from the Internet.
♦ These include port-scanning tools, address-sweeping tools, and many others.
Structured Threats
♦ These originate from individuals who are highly motivated and technically competent and usually understand network
systems design and the vulnerabilities of those systems.
External Threats
♦ These originate from individuals or organizations working outside an organization, which does not have authorized
access to organization’s computer systems or network.
Internal Threats
♦ These threats originate from individuals who have authorized access to the network. These users either have an account
on a server or physical access to the network.

Vulnerability
Vulnerability is an inherent weakness in the design, configuration, or implementation of a network or system that renders it susceptible to
a threat. The following facts are responsible for occurrence of vulnerabilities in the software:
 Software Bugs - Software bugs are so common that users have developed techniques to work around the consequences, and bugs that
make saving work necessary every half an hour or crash the computer every so often are considered to be a normal part of computing.
 Timing Windows - This problem may occur when a temporary file is exploited by an intruder to gain access to the file, overwrite
important data, and use the file as a gateway for advancing further into the system.
 Insecure default configurations - Insecure default configurations occur when vendors use known default passwords to make it as easy
as possible for consumers to set up new systems.
 Trusting Untrustworthy information - This is a problem that affects routers, or those computers that connect one network to another.
 End users - Generally, users of computer systems are not professionals and are not always security conscious.

Network Security
It is based on the increasing demand and expectations, the security involves four aspects: Privacy (Confidentiality), Message
Authentication, Message Integrity and Non-repudiation.
Privacy Authentication Integrity Non-Repudiation
• This means that sender and receiver • The receiver is sure of • This means that the data must • This means that a receiver
expect confidentiality. The transmitted the sender’s identity arrive at the receiver exactly must be able to prove that
message should make sense to and that an imposter as it was sent. There must a received message came
only intended receiver and the has not sent the not be any changes during from a specific sender and
message should be unintelligible to message. the transmission – either the sender must not be able
unauthorized users. accidental or malicious. to deny sending it.

18 March 2020 The Chartered Accountant Student

17
 Information Technology
Secure Socket Layer - It provides a secure channel between two SSH File Transfer Protocol - A computing network protocol
machines operating over the Internet or an internal network. for accessing and managing files on remote file systems.
Network Security ProtocolS
HyperText Transfer Protocol Secure - A protocol  for  secure Secure  Shell  (SSH) - A program to log into another computer
communication over a  computer network, with especially over a network, execute commands in a remote machine and move
wide deployment on the Internet. files from one machine to another.

Network Security Techniques

These are the tools/techniques to protect information and systems against compromise, intrusion, or misuse.
1. Intrusion Detection System (IDS): An Intrusion Detection System is a device or software application that monitors network or system
activities for malicious activities or policy violations and produces reports to a Management Station. Intrusion Detection System are primarily
of following types: Network Intrusion Detection (NID), Host-based Intrusion Detection (HID), and Hybrid Intrusion Detection.
2. Firewall: Forms a barrier between a secure and an open environment when the latter environment is usually considered hostile.
3. Network Access Control: Enforces security policy by granting only security policy–compliant devices access to network assets.
4. Anti – Malware: It is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses,
worms, trojan horses etc. and other malicious programs.
5. Site Blocking: It is a software-based approach that prohibits access to certain Web sites that are deemed inappropriate by management.

Network Administration and Management

Network Management refers to the activities, methods, procedures, and tools that pertain to the Operation, Administration,
Maintenance, and Provisioning of networked systems.
Operation
Deals with keeping network and services that the network provides up and running smoothly.
Administration
Deals with keeping track of resources in the network and how they are assigned.
Maintenance
Concerned with performing repairs and upgrades.
Provisioning
Concerned with configuring resources in the network to support a given service.

E-commerce / M-commerce
Electronic Commerce (e-Commerce) is a sophisticated combination of technologies and consumer-based services integrated to form a new
paradigm in business transaction processing. It refers to the use of technology to enhance the processing of commercial transactions between
a company, its customers and its business partners.
Benefits of e-Commerce Application and Implementation are as follows:
• Reduction in costs to buyers and suppliers by electronically accessing on-line databases; errors, time, and overhead costs in information
processing; time to complete business transactions; inventories and reduction of risk of obsolete inventories; overhead and advertising
costs; use of ecologically damaging materials.
• Easier entry into new markets, especially geographically remote markets, for enterprises regardless of size and location.
• Optimization of resource selection as businesses form cooperative teams.
Risks involved in e-Commerce are Problem of anonymity, Repudiation of contract, Lack of authenticity of transactions, Data Loss or theft or
duplication, Attack from hackers, Denial of Service, Non-recognition of electronic transactions, Lack of audit trails and Problem of piracy.
Types of e-Commerce are as follows:
(a) Business-to-Business (B2B) e-Commerce (c) Consumer-to-Business (C2B) e-Commerce (e) Business-to-Government (B2G) e-Commerce
(b) Business-to-Consumer (B2C) e-Commerce (d) Consumer-to-Consumer (C2C) e-Commerce (f ) Business-to-Employee (B2E) e-Commerce
M-commerce (Mobile commerce) is the buying and selling of goods and services through wireless handheld devices such as cellular telephone
and personal digital assistants (PDAs), known as next-generation e-commerce; enables users to access the Internet without needing to find a
place to plug in. The industries affected by m-commerce include Financial services, Telecommunications, Service/retail, etc.

Chapter 4: Business Information Systems

Information System is defined as a combination of people, hardware, software, communication devices, network and data
resources that processes data and information for a specific purpose. The system needs inputs from user which will then be
processed using technology devices such as computers, and produce output (printing reports, displaying results) that will
be sent to another user or other system via a network and a feedback method that controls the operation.

Components of Information System

Human Resources Telecommunications
IT Professionals, Systems administrators, Communication media
Programmers and End users
Data
Computer System Raw fact

Software
System software/ Application Software Hardware
Physical components of computer

The Chartered Accountant Student March 2020 19

18
Information Technology
Business Information System (BIS): Defined as systems integrating information technology, people and business. BIS bring
business functions and information modules together for establishing effective communication channels which are useful for
making timely and accurate decisions and in turn contribute to organizational productivity and competitiveness.
A Business Process: It is an activity or set of activities that will accomplish a specific organization goal. Has a goal, specific inputs
and outputs, several activities that are performed in some order. It uses resources, may affect more than one organisational unit and
creates value of some kind for the customer.

Types of Information Systems

Operational Level Knowledge Level Systems Management Level Strategic-level Systems

Systems (OLL) that that support discovery, Systems are used for (SLS) are used by top-level
support operational processing and storage of monitoring, controlling, strategic managers like
managers that track knowledge and data workers. decision-making, and CEO, CIO, etc., to track
elementary activities. Used by Knowledge and Data administrative activities and deal with strategic
Used by First line Workers. E.g. OAS. of middle management. issues, assisting long-range
managers. E.g. TPS. E.g. MIS, DSS. planning. E.g. EIS.

Introduction TPS Cycle TPS Attributes Pre-requisites of ACID Test

TPS is the lowest • Data Entry: Recording/ • Access Control: people who are • Atomicity: means that
level of OLL level editing of data to be not authorized to use the system a transaction is either
Transaction Processing System

system that collects, quickly/correctly captured are not permissible to influence or completed in full or not at
stores, modifies and for its proper processing. transform the transaction process. all. TPS systems ensure that
retrieves the day-to- • Transaction processing: • Equivalence: Transactions are transactions take place in
day data transactions As Batch/Real-time processed in the similar format their entirety.
of an enterprise. processing. every time to ensure that full • Consistency: TPS systems
(TPS)

Examples are Airline • Database Maintenance:
Reservation Systems, Correct/up-to date.
Railway reservation • Document & Report
System etc. Generation: purchase
orders, pay-checks, sales
receipts, invoices, and
customer statements.
effectiveness is achieved. exist within a set of
• High Volume Rapid Processing: operating rules.
instantaneous processing of • Isolation: Transactions
transactions is noteworthy to the must appear to take place
success of certain industry such as in seclusion.
banking. • Durability: Once
• Trustworthiness: designed to be transactions are completed,
robust and trustworthy. they cannot be undone.

Office Automation Systems (OAS) is an amalgamation of hardware, software, and other resources used to smooth the progress
of communications and augment efficiency. Its basic activities include – Exchange of information; management of administrative
documents; handling of numerical data; and meeting, planning and management of work schedules.
Applications Description
Word Processing Use of a computer to perform automatically many of the tasks necessary to prepare typed or printed documents.
Electronic mail Use of a computer network that allows users to send, store & retrieve messages using terminals & storage devices.
Voice Mail Requires computers with an ability to store audio messages digitally and convert them back upon retrieval.
Video Use of television equipment to link geographically dispersed conference participants.
Conferencing

Knowledge Management Systems (KMS) refer to any kind of IT system that stores and retrieves knowledge, improves
collaboration, locates knowledge sources, mines repositories for hidden knowledge, captures and uses knowledge, or in some other
way enhances the KM process. There are two broad types of knowledge—Explicit and Tacit.
Explicit Knowledge: It can be formalized easily and is Tacit Knowledge: It is unarticulated and represented as
easily available across the organization. It is articulated, and intuition, perspective, beliefs, and values that individuals form
represented as spoken words, written material and compiled based on their experiences. It is personal, experimental and
data. It is codified, easy to document, transfer and reproduce. context specific. It is difficult to document and communicate
For example – Online tutorials, Policy and procedural manuals. the tacit knowledge. For example – hand-on skills, special
know-how, employee experiences.
Management Information System (MIS) refers to the data, equipment and computer programs that are used to develop
information for managerial use.
 Management: Comprises the process and activity that a manager does in the operation of their organization, i.e., to plan
organize, direct and control operations.
 Information: Information simply means processd data or in the layman language, data which can be converted into meaningful
and useful form for a specfic user.
 System: Defined as a group of interrelated components working together towards a common goal by accepting input and
producing output in an organize transformation process.
 Some Examples of MIS - Airline reservations (seat, booking, payment, schedules, boarding list, special needs, etc.); Bank
operations (deposit, transfer, withdrawal) electronically with a distinguish payment gateways; and Integration of department
with the help of contemporary software’s like ERP.

20 March 2020 The Chartered Accountant Student

19
 Information Technology
Decision Support System (DSS) is a type of computerized information system that supports business and organizational decision
– making activities. Planning languages commonly used in DSS are General-purpose planning languages and Special-purpose
planning languages. DSS components are as follows:
The user: Usually a manager One or more databases: Model Base: It is the brain of DSS that performs data
with an unstructured or semi- Databases contain both routine manipulations & computations with the data provided
structured problem to solve and non-routine data from both to it by user & database. The planning language in DSS
at management - level of an internal and external sources. allows user to maintain a dialogue with model base.
organization.

Executive Information Systems (EIS) sometimes referred to as an Executive Support System (ESS) serves the strategic level i.e.
top-level managers of the organization.
Components Description
Hardware Includes Input data-entry devices, CPU, Data Storage files and Output Devices.
Software Includes Text base software, Database, and Graphic types such as time series charts, scatter diagrams,
maps, motion graphics, sequence charts, and comparison-oriented graphs (i.e., bar charts) Model base.
User Interface Includes hardware (physical) and software (logical) components by which people (users) interact with
a machine. Several types of interfaces can be available to the EIS structure, such as scheduled reports,
questions/answers, menu driven, command language, natural language, and input/output.
Telecommunication Involves transmitting data from one place to another in a reliable networked system.

specialised systems

Customer Relationship Management (CRM) may be defined as a business process in which client relationships; customer loyalty
and brand value are built through marketing strategies & activities. It allows businesses to develop long-term relationships with
established and new customers while helping modernize corporate performance, incorporates commercial and client-specific
strategies via employee training, marketing planning, relationship building , etc.

Benefits of CRM

♦ Generates customer loyalty, raising a market intelligence enterprise, and an integrated relationship.
♦ Preserves existing customers/provides enhanced services to accomplish loyalty.
♦ Smoothens the progress to capture, consolidate, analysis, and enterprise-wide dissemination of data from existing and potential
customers.

Supply Chain Management (SCM) may be defined as the process of planning, implementing and controlling the operations of the
supply chain with the purpose of satisfying the customer's requirement as efficiently as possible. Core Elements of SCM are as follows:

DISTRIBUTION INTEGRATION PURCHASING OPERATIONS

 Transportation  Coordination  Supplier Selection  Inventory
 CRM  Management  Recruitment  Control
 Logistics Parties  Control  Payroll Management  Quality

Human Resource Management System refers to the systems and processes at the intersection between  Human Resource
Management (HRM) and Information Technology. 

♦ Workforce Management provides powerful tools to effectively manage labor rules, ensure compliance, and control labor
costs and expenses.
♦ Time and Attendance module gathers standardized time and work related efforts, data collection methods, labor distribution
capabilities and data analysis.
♦ Payroll Management facilitates salary, deductions, calculations, eliminates errors, free up HR staff etc.
♦ Training Management tracks the trainer or training organization, costs associated with training schedule, training locations,
required supplies and equipment and registered attendees.
♦ Compensation Management requires integrating employee processes, information and programs with organizational
processes and strategies to achieve optimal organizational results.
♦ Recruitment Management includes processes for managing open positions/requisitions, applicant screening, assessments,
selection and hiring, correspondence, reporting and cost analysis.
♦ Personnel Management comprises of HR master-data, personnel administration, recruitment and salary administration.
♦ Organizational Management includes organizational structure, staffing schedules and job description.
♦ Employee Self Service (ESS) allows employees to query HR related data and perform some HR transactions over the system.
♦ Analytics enables organizations to extend the value of an HRMS implementation by extracting HR related data for use with
other business intelligence platforms.

The Chartered Accountant Student March 2020 21

20
Information Technology
Core Banking Systems (CBS) may be defined as a back-end system that processes daily banking transactions, and posts updates to
accounts and other financial records. Examples of core banking products include Infosys’ Finacle, Nucleus FinnOne and Oracle's Flexcube
application (from their acquisition of Indian IT vendor i-flex). Elements of CBS are as follows:
♦ Making and servicing loans. ♦ Opening new accounts.
♦ Processing cash deposits and withdrawals. ♦ Processing payments and cheques.
♦ Calculating interest. ♦ Customer Relationship Management activities.
♦ Establishing criteria for minimum balances, interest rates, number of ♦ Establishing interest rates.
withdrawals allowed and so on. ♦ Maintaining records for all the bank’s transactions.
Accounting Information System (AIS) is defined as a system of collection, storage and processing of financial and accounting data that is
used by decision makers. Its key components are as follows:
People AIS helps various system users that include accountants, consultants, business analysts, managers, chief financial
officers and auditors etc. from different departments within a company to work together.
Procedure & These include both manual and automated methods for collecting, storing, retrieving and processing data.
Instructions

Data Refers to the information pertinent to the organization's business practices that may include sales orders, customer
billing statements, sales analysis reports etc., which can then be used to prepare accounting statements and reports.
Software These are the computer programs that provide quality, reliability and security to the company's financial data that
may be stored, retrieved, processed and analyzed. Managers rely on the information it outputs to make decisions
for the company, and they need high-quality information to make sound decisions.
IT Infrastructure This include hardware such as personal computers, servers, printers, surge protectors, routers, storage media, and
possibly a backup power supply used to operate the system.
Internal Controls These are the security measures such as passwords or as complex as biometric identification to protect sensitive
data against unauthorized computer access and to limit access to authorized users. Internal controls also protect
against computer viruses, hackers and other internal and external threats to network security.

Expert System (ES) A computerized information system that allows non-experts to make decisions comparable
Definition to those of an expert.

♦ Knowledge Base: Includes the data, knowledge, relationships, rules of thumb

(heuristics), and decision trees used by experts to solve a particular problem.
♦ Inference Engine: Contains the logic and reasoning mechanisms that simulate the
Expert Systems expert logic process and deliver advice.
Components ♦ User Interface: Allows the user to design, create, update, use and communicate with ES.
♦ Explanation facility: Provides user with an explanation of the logic the ES used to
arrive at its conclusion.

Business Intelligence (BI) is the delivery of accurate, useful information to the appropriate decision makers within the necessary
time frame to support effective decision making for business processes.

Business Intelligence Tools are a type of software that is designed to retrieve, analyze and report data.
Simple Reporting This involves using the data warehouse that provides the perfect architecture to combine all the data
and Querying dispersed throughout the enterprise in different applications in a variety of formats, on a range of hardware,
which could be anywhere to be cleaned up, summarized, converted and integrated into one common format
and available centrally for further processing.
Business Analysis Business analysis refers to presenting visualizing data in a multidimensional manner. This allows the user
to plot data in row and column coordinates to further understand the intersecting points. ETL (Extract,
Transform, Load) tools bring in data from outside sources, transform it to meet business specified
operational needs, and then load the results into the company database
Dashboards Are flexible tools that can be bent into as many different shapes as per user requirements. It includes a
collection of graphs, reports, and KPIs that help monitor business activities as progress on a specific initiative.
Scorecards This involves providing a visual representation of the enterprise strategy by taking critical metrics and
mapping them to strategic goals throughout the enterprise. A scorecard has a graphical list of specific,
attainable strategic milestones, combined with metrics that serve as benchmarks.
Data Mining This involves using statistical, artificial intelligence, and related techniques to mine through large volumes of
or Statistical data and providing knowledge without users even having to ask specific questions. The objective is to provide
Analysis interesting and useful information to users by design even without their querying.
Business Reports are a type task which facilitates in scrutinizing a situation and pertain to business theories to fabricate a variety
of suggestions for development. Business reports are routinely assigned to facilitate us to:
• Accomplish conclusions about a trouble or issue.
• Demonstrate short and apparent communication skills.
• Endow with recommendations for upcoming accomplishing.
• Exhibit our analytical, reasoning, and evaluation skills in identifying and weighing-up potential solutions and outcomes.
• Pertain business and management theory to a practical situation.
• Scrutinize obtainable and potential solutions to a problem, situation, or question.

22 March 2020 The Chartered Accountant Student

21
 Information Technology
Importance of Access and Privilege Controls
In order to safeguard software systems, procedures are developed and implemented for protecting them from unauthorized
modification, disclosure or destruction to ensure that information remains accurate, confidential, and is available when required.
Access controls help us to restrict whom and what accesses our information resources, and they possess four general functions:
Identity Verification, Authentication, Authorization and Accountability.
Approaches to Access Control are as follows:
Role-based Access Control (RBAC) enforces static Rules-based Access Control (RAC) is largely context-based that
constraints based on a user’s role that largely eliminates considers the data affected, the identity attempting to perform a
discretion when providing access to objects. RBAC, for task, and other triggers governed by business rules.
example, enforces static constraints based on a user’s role.
Principle of Least Privilege
This is a fundamental principle of information security, which refers to give only those privileges to a user account, which are
essential to that user's work. For example, a backup user does not need to install software; hence, the backup user has rights only to
run backup and backup-related applications. Any other privileges, such as installing new software, should be blocked.

Chapter 5: Business Process Automation Through Application Software

Business Application
• Business is defined as a person’s regular occupation or commercial activity, a person’s concern.
• Application, in terms of computers, is defined as a computer program to fulfill a particular purpose.
• Business Application as a computer program used to fulfill a person’s need for regular.

Applications Based on Nature of Processing

Batch Processing
It is defined as a processing of large set of
data in a specific way, automatically, without
needing any user intervention. The data is first
collected, during a work day, for example, and
then batch-processed, so all the collected data
is processed in one go.
Online Processing Real-Time Processing
Data is processed immediately while Real time processing is a subset of interactive or
it is entered, the user usually only has online processing. This system doesn't need a
to wait a short time for a response. user to control it, it works automatically. Real
Interactive or online processing time processing is used in warning systems on
requires a user to supply an input. aircraft, alarm systems in hazardous zones,
burglar alarms etc.

Applications based on Size and Complexity of Business

Small and Medium Enterprise (SME) Business Large Business
The best software for small and medium businesses is When it comes to other sorts of business software, designed for the larger or more
software designed to help them to run their operations ambitious businesses, a business application being used by many small business
better, cut costs and replace paper processes. establishments in India may not be effective for large business organizations.
Business applications based on Nature of Application
Accounting These are used by business entities for the purpose of day-to-day transactions of accounting and generating financial
Applications information such as balance sheet, profit and loss account and cash flow statements.
Office Mgt. S/w These applications help entities to manage their office requirements like word processors (MS Word), electronic
spreadsheets (MS Excel), presentation software (PowerPoint), file sharing systems, etc.
Compliance Enterprises need to comply with applicable laws and regulations. A separate class of business application are available
Applications that facilitate meeting the compliance requirements.
CRM S/w These are specialized applications catering to the need of organizations largely in FMCG categories.
Management These are applications catering to decision-making needs of the management. They may be further classified based
Support S/w on the level of management using them.
ERP S/w These applications called as Enterprise Resource Planning software, which are used by entities to manage resources
optimally and to maximize the three Es i.e. Economy, Efficiency and Effectiveness of business operations.
Product Lifecycle These applications are used by enterprises that are involved in developement or launch of new products and are
Mgt. S/w involved in development of new products.
Logistics Mgt. S/w For large logistics managing companies, these are key business applications.
Legal Mgt. S/w Government of India is keen to reduce the pendency in courts. As this process goes, on legal profession in India shall
need such systems.
Industry Specific These are industry specific applications focused on a specific industry sector.
Applications
Business Process Automation (BPA)
It is a strategy that is used to optimize and streamline the essential business processes, using the latest technology to automate the functions
involved in carrying them out. The objectives of BPA are given below:
Confidentiality To ensure that data is only available to persons who have right to see the same.
Integrity To ensure that no un-authorized amendments can be made in the data.
Availability To ensure that data is available when asked for.
Timeliness To ensure that data is made available in at the right time.

The Chartered Accountant Student March 2020 23

22
 Information Technology
Applications that help entity to achieve BPA
Applications that help entity to achieve BPA are: TALLY, SAP R/3, MS Office Applications, Attendance Systems, Vehicle Tracking System,
Automated Toll Collection Systems, Department Stores Systems, Travel Management Systems, Educational Institute Management Systems, etc.

Reducing the Impact of Human Error processes as they are introduced that provide greater
♦ BPA removes human participation in the process, control over business and IT processes.
Why BPA shoule be implemented?

which is the source of many errors.
Transforming Data into Information
♦ BPA can, apart from collecting and storing data also
analyze data and make it available in a form that is
useful for decision-making.
Improving performance and process effectiveness
♦ In many cases, tasks that must be done manually
are the bottleneck in the process. Automating those
manual tasks speeds up the effective throughput of the
application.
Making users more efficient and effective
♦ People can focus their energies on the tasks they do
best, allowing the computers to handle those that
machines are best suited for.
Making the business more responsive
♦ Enterprises can easily automate new applications and
Improving Collaboration and Information Sharing
♦ Business processes designed through a collaborative
interface mean IT can integrate its processes with the
business-side logic that drives day-to-day operations.
Cost Saving
♦ Automation leads to saving in time and labor costs
through higher efficiency and better management of
the people involved.
To remain competitive
♦ To provide the level of products and services as
offered by competition.
Fast service to customers
♦ Automation shortens cycle times in the execution
of processes through improved and refined business
workflows and help enterprises to serve their
customers faster and better.

Information may be defined as processed data, which is of value to the user. Information is necessary for decision making and survival
of an entity as success of business depends upon making right decisions at the right time based on the right information available. The
effort to create information from raw data is known as Information Processing.
Classification of information based on level of human/computer intervention is as follows:
Manual Information These are the systems where the level of manual intervention is very high. Components of manual
Processing Cycle information processing cycle include:
♦ Input: Put details in register.
♦ Process: Summarize the information.
♦ Output: Present information to management in the form of reports.
Computerized Information These are systems where computers are used at every stage of transaction processing. The components of a
Processing Cycle computerized information processing cycle include:
♦ Input: Entering data into the computer;
♦ Processing: Performing operations on the data;
♦ Storage: Saving data, programs, or output for future use; and
♦ Output: Presenting the results.

 Control is defined as policies, procedures, practices and organization structure that are designed to provide reasonable
assurance that business objectives are achieved and undesired events are prevented or detected and corrected. Major
control objectives are as follows:

Authorization
Ensures that all transactions are approved by responsible personnel in accordance with their specific or general authority before
the transaction is recorded.
Completeness
Ensures that no valid transactions have been omitted from the accounting records.
Accuracy
Ensures that all valid transactions are accurate, consistent with the originating transaction data, and information is recorded in
a timely manner.
Validity
Ensures that all recorded transactions fairly represent the economic events that actually occurred, are lawful in nature, and have
been executed in accordance with management's general authorization.
Physical Safeguards and Security
Ensures that access to physical assets and information systems are controlled and properly restricted to authorized personnel.
Error Handling
Ensures that errors detected at any stage of processing receive prompt corrective action and are reported to the appropriate level
of management.
Segregation of Duties
Ensures that duties are assigned to individuals in a manner that ensures that no one individual can control both the recording
function and the procedures relative to processing a transaction.

24 March 2020 The Chartered Accountant Student

23
 Information Technology
Information Systems’ (IS) Controls
Auditors need guidelines that will direct them toward those aspects of the information systems function in which material losses
or account misstatements are most likely to occur. Controls reduce expected losses from unlawful events by either decreasing the
probability of the event occurring in the first place or limiting the losses that arise of the event occurs.
A. Managerial Controls: These controls provide a stable infrastructure in which information systems can be built, operated, and maintained
on a day-to-day basis. These are as follows:
Management Subsystem Description of Subsystem
Top Mgt. Responsible primarily for long – run policy decisions on how IS will be used in the organization.
Information Systems Mgt. Provides advice to top mgt. in relation to long-run policy decision making & translates long-run policies
into short-run goals & objectives.
Systems Development Mgt. Responsible for the design, implementation, and maintenance of application systems.
Programming Management Responsible for programming new system; maintain old ones and providing general systems support s/w.
Data Administration Responsible for addressing planning and control issues in relation to use of an organization’s data.
Quality Assurance Responsible for ensuring IS development; implementation, operation, and maintenance conform to
Management established quality standards.
Security Administration Responsible for access controls and physical security over the information systems function.
Operations Management Responsible for planning and control of the day-to-day operations of information systems.
B. Application Controls: It will examine the application functions that need to be in place to accomplish reliable information processing.
Application Subsystem Description of Subsystem
Boundary Comprises components that establish interface between user and system.
Input Comprises components that capture, prepare, and enter commands and data into system.
Communication Comprises components that transmit data among subsystems and systems.
Processing Comprises the components that perform decision making, computation, classification, ordering, and
summarization of data in the system.
Output Comprises components that retrieve and present data to users of the system.
Database Comprises the components that define, add, access, modify, and delete data in the system.

Managerial Functions Based Controls

1. Top Management and
Information Systems Management
Controls: The senior managers who
take responsibility for IS function
in an organization perform many
functions that involves following:
♦ Planning: Determining the goals of the information systems function and the means of
achieving these goals;
♦ Organizing: Gathering, allocating, and coordinating resources needed to accomplish goals;
♦ Leading: Motivating, guiding, and communicating with personnel; and
♦ Controlling: Comparing actual performance with planned performance as a basis for taking
any corrective actions that are needed.

2. Systems Development
Management Controls: These have
the responsibility for the functions
concerned with analyzing, designing,
building, implementing, and
maintaining information systems.
♦ Concurrent Audit: Auditors are members of the system development team. They assist
the team in improving the quality of systems development for the specific system they are
building and implementing.
♦ Post-implementation Audit: Auditors seek to help an organization learn from its
experiences in the development of a specific application system.
♦ General Audit :Auditors evaluate systems development controls overall.

3. Programming Management
Controls: Program development
and implementation is a major
phase within the systems
development life cycle containing
following six phases:
4. Data Resource Management
Controls: Data is a critical
resource that must be managed
properly and therefore,
accordingly, centralized planning
and control are implemented.
5. Quality Assurance
Management Controls
♦ Planning: Techniques like Work Breakdown Structures (WBS), Gantt Charts and PERT (Program
Evaluation and Review Technique) Charts can be used to monitor progress against plan.
♦ Design: A systematic approach to program design, such as any of the structured design approaches
or object-oriented design is adopted.
♦ Coding: Programmers must choose a module implementation and integration strategy, a coding
strategy,and a documentation strategy .
♦ Testing: Three types of testing are to ensure that a developed or acquired program achieves its
specified requirements.
♦ Operation and Maintenance: Management establishes formal mechanisms to monitor the status
of operational programs so maintenance needs can be identified on a timely basis.
♦ For data to be managed better users must be able to share data, data must be available to users
when it is needed, in the location where it is needed, and in the form in which it is needed.
♦ It must be controlled carefully, however, because consequences are serious if data definition is
compromised or destroyed.
♦ Organizations are increasingly producing safety-critical systems and users are becoming more
demanding in terms of the quality of the software they employ to undertake their work.

6. Security Management Controls
7. Operations Management
Controls
Information security administrators are responsible for ensuring that information systems assets are secure.
The major threats to the security of information systems and their controls are as given below:
♦ Fire: Well-designed, reliable fire-protection systems must be implemented.
♦ Water: Facilities must be designed and sited to mitigate losses from water damage.
♦ Energy Variations: Voltage regulators, circuit breakers, and uninterruptible power supplies can be used.
♦ Structural Damage: Facilities must be designed to withstand structural damage.
♦ Pollution: Regular cleaning of facilities and equipment should occur.
♦ Unauthorized Intrusion: Physical access controls can be used.
♦ Viruses and Worms: Controls to prevent use of virus-infected programs and to close security loopholes
that allow worms to propagate.
♦ Misuse of software, data and services: Code of conduct to govern the actions of IS employees.
♦ Hackers: Strong, logical access controls to mitigate losses from the activities of hackers.
♦ These must continuously monitor the performance of hardware/software platform to ensure
that systems are executing efficiently, an acceptable response time or turnaround time is being
achieved, and an acceptable level of uptime is occurring.

The Chartered Accountant Student March 2020 25

24
Information Technology
Application Functions Based Controls
Boundary Controls
♦ Cryptographic Controls: These are designed to protect the privacy of data and to prevent unauthorized modifications of data.
♦ Access Controls: These restrict use of computer system resources to authorized users, limit actions authorized users can taker with these
resources, and ensure that users obtain only authentic computer system resources.
♦ Personal Identification Numbers (PIN): It is similar to a password assigned to a user by an institution based on the user characteristics
and encrypted using a cryptographic algorithm.
♦ Digital Signatures: These establish the authenticity of persons & prevent denial of messages or contracts when data is exchanged
electronically.
♦ Plastic Cards: These are used to identify a user need to go through procedural controls like application for a card, preparation of the card,
issue of card, use of the card and return of the card or card termination phases.

Input Controls
♦ Source Document Control: These facilitate data entry into a computer system & reference checking.
♦ Data Coding Controls: These are put in place to reduce user error during data feeding.
♦ Batch Controls: These are put in place at locations where batch processing is being used.
♦ Validation Controls: These are intended to detect errors in transaction data before the data are processed.

Communication Controls
♦ Physical Component Controls: One way to reduce expected losses in the communication subsystem is to choose physical component
that have characteristics that make them reliable and that incorporate features or provide controls that mitigate the possible effects of
exposures.
♦ Line Error Controls: Whenever data is transmitted over a communication line, it can be received in error because of attenuation,
distortion, or noise that occurs on the line.
♦ Flow Controls: These are needed because two nodes in a network can differ in terms of the rate at which they can send receive and process
data.
♦ Link Controls: This involves two common protocols – HDLC (Higher Level Data Control) and SDLC (Synchronous Data Link Control)
♦ Topological Controls: Specifies the location of nodes within a network, the ways in which these nodes will be linked, and the data
transmission capabilities of the links between the nodes.
♦ Channel Access Controls: Two different nodes in a network can compete to use a communication channel. Whenever the possibility of
contention for the channel exists, some type of channel access control technique must be used.
♦ Internetworking Controls: Internetworking is the process of connecting two or more communication networks together to allow the
users of one network to communicate with the users of other networks.

Processing Controls
♦ Run-to-Run Totals: These help in verifying data that is subject to process through different stages.
♦ Reasonableness Verification: Two or more fields can be compared/cross verified to ensure their correctness.
♦ Edit Checks: Edit checks similar to the data validation controls can also be used at the processing stage to verify accuracy and
completeness of data.
♦ Field Initialization: Data overflow can occur, if records are constantly added to a table or if fields are added to a record without
initializing it, i.e., setting all values to zero before inserting the field or record.
♦ Exception Reports: Exception reports are generated to identify errors in data processed.
♦ Existence/Recovery Controls: The check-point/restart logs, facility is a short-term backup and recovery control that enables a system
to be recovered if failure is temporary and localized.

Output Controls
♦ Storage and Logging of Sensitive and Critical Forms: Pre-printed stationery should be stored securely to prevent unauthorized
destruction or removal and usage.
♦ Logging of Output Program Executions: When programs used for output of data are executed, they should be logged and monitored.
♦ Controls over Printing: This ensures that unauthorized disclosure of information printed is prevented.
♦ Report Distribution and Collection Controls: Distribution of reports should be in a secure way to avoid unauthorized disclosure of
data.
♦ Retention Controls: These consider duration for which outputs should be retained before being destroyed.
♦ Existence/Recovery Controls: These are needed to recover output in the event that it is lost or destroyed.

Database Controls
♦ Sequence Check Transaction and Master Files: Synchronization and correct sequence of processing between the master file and transaction
file is critical to maintain integrity of updation, insertion or deletion of records in the master file with respect to the transaction records.
♦ Ensure all records on files are processed: While processing transaction file records mapped to respective master file end-of-file of transaction
file with respect to the end-of-file of the master file is to be ensured.
♦ Process multiple transactions for a single record in the correct order: Multiple transactions can occur based on a single master record.

26 March 2020 The Chartered Accountant Student

25