CPA

Certified Public Accountant Examination

Stage: Foundation F2
Subject Title: F2.3 Information Systems
Revision Guide
LOSSARY

INSIDE COVER - BLANK

 CONTENTS

Title Page

Study Techniques 3

Examination Techniques 4

Assessment Strategy 9

Learning Resources 10

Sample Questions and Solutions 11

2
STUDY TECHNIQUE

What is the best way to manage my time?

• Identify all available free time between now and the examinations.

• Prepare a revision timetable with a list of “must do” activities.

• Remember to take a break (approx 10 minutes) after periods of

intense study.

What areas should I revise?

• Rank your competence from Low to Medium to High for each topic.

• Allocate the least amount of time to topics ranked as high.

• Allocate between 25% - 50% of time for medium competence.

• Allocate up to 50% of time for low competence.

How do I prevent myself veering off-track?

• Introduce variety to your revision schedule.

• Change from one subject to another during the course of the day.

• Stick to your revision timetable to avoid spending too much time on one topic.

Are study groups a good idea?

• Yes, great learning happens in groups.

• Organise a study group with 4 – 6 people.

• Invite classmates of different strengths so that you can learn from one another.

• Share your notes to identify any gaps.

3
EXAMINATION TECHNIQUES
INTRODUCTION
Solving and dealing with problems is an essential part of learning, thinking and intelligence.
A career in accounting will require you to deal with many problems.
In order to prepare you for this important task, professional accounting bodies are placing
greater emphasis on problem solving as part of their examination process.
In exams, some problems we face are relatively straightforward, and you will be able to deal
with them directly and quickly. However, some issues are more complex and you will need to
work around the problem before you can either solve it or deal with it in some other way.
The purpose of this article is to help students to deal with problems in an exam setting. To
achieve this, the remaining parts of the article contain the following sections:

• Preliminary issues

• An approach to dealing with and solving problems

• Conclusion.

Preliminaries
The first problem that you must deal with is your reaction to exam questions.
When presented with an exam paper, most students will quickly read through the questions
and then many will … PANIC!

Assuming that you have done a reasonable amount of work beforehand, you shouldn’t be
overly concerned about this reaction. It is both natural and essential. It is natural to panic in
stressful situations because that is how the brain is programmed.

Archaeologists have estimated that humans have inhabited earth for over 200,000 years. For
most of this time, we have been hunters, gatherers and protectors.

In order to survive on this planet we had to be good at spotting unusual items, because any
strange occurrence in our immediate vicinity probably meant the presence of danger. The
brain’s natural reaction to sensing any extraordinary item is to prepare the body for ‘fight or
flight’. Unfortunately, neither reaction is appropriate in an exam setting.

The good news is that if you have spotted something unusual in the exam question, you have
completed the first step in dealing with the problem: its identification. Students may wish to
use various relaxation techniques in order to control the effects of the brain’s extreme
reaction to the unforeseen items that will occur in all examination questions.

4
However, you should also be reassured that once you have identified the unusual item, you
can now prepare yourself for dealing with this, and other problems, contained in the exam
paper.

A Suggested Approach for Solving and Dealing with Problems in Exams.

The main stages in the suggested approach are:

1. Identify the Problem

2. Define the Problem
3. Find and Implement a Solution
4. Review
1. Identify the Problem
As discussed in the previous section, there is a natural tendency to panic when faced with
unusual items. We suggest the following approach for the preliminary stage of solving and
dealing with problems in exams:

Scan through the exam question

You should expect to find problem areas and that your body will react to these items.

PANIC!!
Remember that this is both natural and essential.

Pause
Take deep breaths or whatever it takes to help your mind and body to calm down.

Try not to exhale too loudly – you will only distract other students!

Do something practical
Look at the question requirements.
Note the items that are essential and are worth the most marks.

Start your solution by neatly putting in the question number and labelling each part of your
answer in accordance with the stated requirements.

Actively reread the question

Underline (or highlight) important items that refer to the question requirements. Tick or
otherwise indicate the issues that you are familiar with. Put a circle around unusual items that
will require further consideration.

5
2. Define the Problem
Having dealt with the preliminary issues outlined above, you have already made a good start
by identifying the problem areas. Before you attempt to solve the problem, you should make
sure that the problem is properly defined. This may take only a few seconds, but will be time
well spent. In order to make sure that the problem is properly defined you should refer back
to the question requirements. This is worth repeating: Every year, Examiner Reports note that
students fail to pass exams because they do not answer the question asked. Examiners have a
marking scheme and they can only award marks for solutions that deal with the issues as
stipulated in the question requirements. Anything else is a waste of time. After you have re-
read the question requirements ask yourself these questions in relation to the problem areas
that you have identified:

Is this item essential in order to answer the question?

Remember that occasionally, examiners will put ‘red herrings’ (irrelevant issues) into the
question in order to test your knowledge of a topic.

What’s it worth?
Figure out approximately how many marks the problem item is worth. This will help you to
allocate the appropriate amount of time to this issue.

Can I break it down into smaller parts?

In many cases, significant problems can be broken down into its component parts. Some parts
of the problem might be easy to solve.

Can I ignore this item (at least temporarily)?

Obviously, you don’t want to do this very often, but it can be a useful strategy for problems
that cannot be solved immediately.

Note that if you leave something out, you should leave space in the solution to put in the
answer at a later stage. There are a number of possible advantages to be gained from this
approach:
1) It will allow you to make progress and complete other parts of the question that you are
familiar with. This means that you will gain marks rather than fretting over something
that your mind is not ready to deal with yet.
2) As you are working on the tasks that you are familiar with, your mind will relax and you
may remember how to deal with the problem area.
3) When you complete parts of the answer, it may become apparent how to fill in the
missing pieces of information. Many accounting questions are like jigsaw puzzles: when

6
 you put in some of the parts that fit together, it is easier to see where the missing pieces
should go and what they look like.

3. Find and Implement a Solution

In many cases, after identifying and defining the problem, it will be easy to deal with the
issue and to move on to the next part of the question. However, for complex problems that
are worth significant marks, you will have to spend more time working on the issue in order
to deal with the problem. When this happens, you should follow these steps:

Map out the problem

Depending on your preferred learning style, you can do this in a variety of ways including
diagrams, tables, pictures, sentences, bullet points or any combination of methods. It is best
to do this in a working on a separate page (not on the exam paper) because some of this work
will earn marks. Neat and clearly referenced workings will illustrate to the examiner that you
have a systematic approach to answering the question.

Summarise what you know about the problem

Make sure that this is brief and that it relates to the question requirements. Put this
information into the working where you have mapped out the problem. Be succinct and
relevant. The information can be based on data contained in the question and your own
knowledge and experience. Don’t spend too long at this stage, but complete your workings as
neatly as possible because this will maximise the marks you will be awarded.

Consider alternative solutions

Review your workings and compare this information to the question requirements. Complete
as much of the solution as you can. Make sure it is in the format as stipulated in the question
requirements. Consider different ways of solving the problem and try to eliminate at least one
alternative.

Implement a solution
Go with your instinct and write in your solution. Leave extra space on the page for a change
of mind and/or supplementary information. Make sure the solution refers to your workings
that have been numbered.

4. Review
After dealing with each problem and question, you should spend a short while reviewing your
solution. The temptation is to rush onto the next question, but a few moments spent in

7
reviewing your solution can help you to gain many marks. There are three questions to ask
yourself here:

Have I met the question requirements?

Yes, we have mentioned this already. Examiner Reports over the years advise that failure to
follow the instructions provided in the question requirements is a significant factor in causing
students to lose marks. For instance, easy marks can be gained by putting your answer in the
correct format. This could be in the form of a report or memo or whatever is asked in the
question. Likewise, look carefully at the time period requested. The standard accounting
period is 12 months, but occasionally examiners will specify a different accounting period.

Is my solution reasonable?
Look at the figures in your solution. How do they compare relative to the size of the figures
provided in the question?
For example, if Revenue were 750,000 and your Net Profit figure was more than 1 million,
then clearly this is worth checking.
If there were some extraordinary events it is possible for this to be correct, but more than
likely, you have misread a figure from your calculator. Likewise, the depreciation expense
should be a fraction of the value of the fixed assets.

What have I learned?

Very often in exams, different parts of the solution are interlinked. An answer from one of
your workings can frequently be used in another part of the solution. The method used to
figure out an answer may also be applicable to other parts of your solution.

Conclusion
In order to pass your exams you will have to solve many problems. The first problem to
overcome is your reaction to unusual items. You must expect problems to arise in exams and
be prepared to deal with them in a systematic manner. John Foster Dulles, a former US
Secretary of State noted that: The measure of success is not whether you have a tough
problem to deal with, but whether it is the same problem you had last year. We hope that, by
applying the principles outlined in this article, you will be successful in your examinations
and that you can move on to solve and deal with new problems.

8
ASSESSMENT STRATEGY

Examination Approach

The examination seeks to test students’ knowledge and understanding of the role and
application, analysis and evaluation of Information Systems and Information Technology.

Question 1 is a case-study set within a real-life business context. This assesses the ability to
transfer strategic and practical knowledge of Information Systems to a business situation. It
also tests the ability to assimilate information, identify problems/issues and recommend
appropriate solutions.

Question 2 is compulsory. This essay-type question facilitates the examination of a range of

topics across different syllabus areas.

Question 3 to 6 have, as their major element, one of the main topic areas from the syllabus.
Students are expected to demonstrate sufficient knowledge relating to technology and
developments to effectively contribute to the formulation of an information technology
strategy.

Examination Format

Examination Duration: 3 Hours

The examination is unseen, closed book.

It is divided into two sections. Section A is compulsory and consists of an unseen mini case-
study for 25 marks and a second 15 mark question. Section B has four 20 mark questions.
Students are required to answer 3 questions out of 4 from this section.

Marks Allocation

Question Marks
1 Compulsory Question (Mini Case Study) 25
2 15
Choice of 3 questions out of 4 60 (20 marks each)
Total 100

9
LEARNING RESOURCES
Core Texts
Laudon and Laudon, Management Information Systems - Global edition, Publ. Prentice Hall
2011 / ISBN 9780273754596 12th edition.

Manuals
Institute of Certified Public Accountants of Rwanda – F2.3 Information Systems

Supplementary Texts and Journals

O’Brien, Management Information Systems - AManagerial End-User Perspective (Irwin,

International Student Edition).

Wright/Harcos, Micro Computer Applications in Accounting (McGraw Hill).

Useful Websites (as at date of publication)

http://www.icparwanda.com/
www.isc.ie - Information Society Commission.
www.isaca.org - Information Systems Audit and
Control Association (ISACA).
www.bbc.co.uk/click - BBC’s Technology
Programme.
www.thedigitalhub.com - The Digital Hub
Development Agency.
www.enterweb.org - The Knowledge Portal for
Small Business.
www.clickz.com/stats/ - The Click Z Network.

10
 F2.3 INFORMATION SYSTEMS
REVISION QUESTIONS AND SOLUTIONS

11
REVISION QUESTION 1
Define the term Group Decision Support System and explain how it can improve group
decision-making. Identify four factors involved in the successful outcome of any group
meeting?

(8 Marks)

SOLUTION
Beyond three to five attendees the traditional meeting process breaks down. GDSS software
tools contribute to a more collaborative atmosphere by guaranteeing contributors’ anonymity
so that attendees can focus on evaluating the ideas themselves. The GDSS software tools
follow structured methods for organising and evaluating ideas and for preserving the results
of meetings, allowing non-attendees to locate needed information after the meeting.

The documentation of the meeting by one group at one site can also be used as input to
another meeting on the same project at another site. If properly designed and supported,
GDSS meetings can increase the number of ideas generated and the quality of decisions while
producing the desired results in fewer meetings.

The nature of electronic meeting technology is only one of a number of factors that affect
meeting processes and output. The outcome of group meetings depends upon the composition
of the group, the manner in which the problem is presented to the group, the facilitator’s
effectiveness, the organisation’s culture and environment, the quality of the planning, the
cooperation of the attendees, and the appropriateness of tools selected for different types of
meetings and decision problems.

12
REVISION QUESTION 2
What is customer relationship management? Why are customer relationship management
systems so important for businesses?

(6 Marks)

SOLUTION
CRM systems capture and integrate customer data from all over the organization, consolidate
the data, analyse them, and distribute the results to various systems and customer touch points
across the enterprise. Well designed CRM systems provide a single enterprise view of
customers that is useful for improving both sales and customer services. These systems also
provide customers with a single view of the company regardless of what touch point the
customer uses.

Benefits include: better customer service, make call centres more efficient, cross-sell
products more effectively, help sales staff close deals faster, simplify marketing and sales
processes, acquire new profitable customers, sell additional products and services, provide
customer information for developing new products, increase product utilization, reduce sales
and marketing costs, identify and retain profitable customers, optimise service delivery costs,
retain high-lifetime value customers, improve customer loyalty, improve response rates to
direct mail, increase product profitability, respond quickly to market opportunities.

13
REVISION QUESTION 3
What is an enterprise system and describe the benefits and challenges of using enterprise
systems in an organisation.

(8 Marks)

SOLUTION
Enterprise systems focus on integrating the key internal business processes of the firm.
Enterprise software is used by enterprise systems and is a set of integrated software modules
for finance and accounting, human resources, manufacturing and production, and sales and
marketing that allows data to be used by multiple functions and business processes.

Enterprise software consists of a set of interdependent software modules that support basic
internal business processes. The software allows data to be used by multiple functions and
business processes for precise organisational coordination and control. Organisations
implementing this software would have to first select the functions of the system they wished
to use and then map their business processes to the predefined business processes in the
software. Some of the business processes supported by enterprise software include financial
and accounting processes, human resources processes, manufacturing and production
processes, and sales and marketing processes.

Benefits include creating an enterprise-enabled organisation, providing firm wide knowledge-

based management processes, providing a unified information system technology platform
and environment, and enabling more efficient operations and customer-driven business
processes. Challenges include a daunting implementation process, surviving a cost-benefit
analysis, inflexibility, and realising strategic value.

Companies can use enterprise systems to support organisational structures that were not
previously possible or to create a more disciplined organisational culture. They can also
improve management reporting and decision making. Furthermore, enterprise systems
promise to provide firms with a single, unified, and all-encompassing information system
technology platform and environment. Lastly, enterprise systems can help create the
foundation for a customer-driven organisation.

Enterprise applications are very difficult to implement successfully. They require extensive
organisational change, large new software investments, and careful assessment of how these
systems will enhance organisational performance. Management vision and foresight are
required to take a firm- and industry-wide view of problems and to find solutions that realise
strategic value from the investment.

14
REVISION QUESTION 4
Explain why information systems are vulnerable to unauthorised access, abuse or fraud and
describe the most common security threats against contemporary information systems.

(7 Marks)

SOLUTION
Computer systems tend to be more vulnerable to destruction, error, and fraud than manual
systems for the following reasons:

• Data are stored electronically, where they are not immediately visible or easily
audited.
• Data are concentrated in electronic files. Effects of a disaster such as a hardware
malfunction, power outage, or fire can be more extensive. An organisation’s entire
record keeping system could be destroyed.
• There may not be a visible trail to indicate what occurred for every computer process.
• Operation of automated systems requires specialised technical expertise. Unless the
systems are properly protected, it may be easy for programmers and computer
operators to make unauthorised changes.
• Data files can be accessed and manipulated directly in online systems.
• Data can be stolen, corrupted or destroyed by hackers and computer viruses.
• Errors can be entered in data.
• Errors can be accidentally inserted when desired updates are installed.
• Many programs can be accessed through telecommunications, and
telecommunications can produce errors in data transmission.
• Hardware and software can fail.
• Purposeful and accidental problems, such as programming and data errors, can occur.
• Individuals (or groups) can steal data, services, and equipment.

Key areas where systems are most vulnerable include: hardware or software failure and
errors; personnel actions; terminal access penetration; fire or electrical hazards; user errors;
theft of services, data, and equipment; program changes; and telecommunications problems.

15
REVISION QUESTION 5
List and describe four types of information systems controls that could be employed by an
organisation to make their systems more secure.

(6 Marks)

SOLUTION
For protection, a company must institute good security measures, which will include
firewalls, investigation of personnel to be hired, physical and software security and controls,
antivirus software, and internal education measures. These measures are best put in place at
the time the system is designed, and careful attention paid to them. A prudent company will
engage in disaster protection measures, frequent updating of security software, and frequent
auditing of all security measures and of all data upon which the company depends. Full
protection may not be feasible in light of the time and expenses involved, but a risk analysis
can provide insights into which areas are most important and vulnerable. These are the areas
to protect first.

Information systems controls measures include:

• Application controls such as

o Input controls check the data for accuracy and completeness when they enter
the system. There are specific input controls for input authorisation, data
conversion, data editing, and error handling.
o Processing controls establish that data are complete and accurate during
updating. Run control totals, computer matching, and programmed edit checks
o Output controls ensure that the results of computer processing are accurate,
complete, and properly distributed.
• Firewalls prevent unauthorised users from accessing internal networks. They protect
internal systems by monitoring packets for the wrong source or destination, or by
offering a proxy server with no access to the internal documents and systems, or by
restricting the types of messages that get through, for example, email. Further, many
authentication controls have been added for Web pages as part of firewalls.
• Intrusion detection systems monitor the most vulnerable points in a network to detect
and deter unauthorised intruders. These systems often also monitor events as they
happen to look for security attacks in progress. Sometimes they even can be
programmed to shut down a particularly sensitive part of a network if it receives
unauthorised traffic.
• Antivirus software is designed to check computer systems and drives for the presence
of computer viruses. Often the software can eliminate the virus from the infected area.
To be effective, antivirus software must be continually updated.

16
REVISION QUESTION 6
Explain how the Internet challenges the protection of individual privacy and intellectual
property.

(8 Marks)

SOLUTION
Contemporary information systems technology, including Internet technologies, challenges
traditional regimens for protecting individual privacy and intellectual property. Data storage
and data analysis technology enables companies to easily gather personal data about
individuals from many different sources and analyse these data to create detailed electronic
profiles about individuals and their behaviours. Data flowing over the Internet can be
monitored at many points. The activities of Web site visitors can be closely tracked using
cookies, Web beacons, and other Web monitoring tools. Not all Web sites have strong
privacy protection policies, and they do not always allow for informed consent regarding the
use of personal information. This allows information that a user may have given voluntarily
for a good purpose, for example logging into the New York Times site, to be shared with
some other site. Spamming or e-mail that uses a user’s e-mail address is another invasion of
privacy. It should also be noted that Intellectual property is subject to a variety of protections
under three different legal traditions:

• Trade secrets
• Copyright
• Patent law

Traditional copyright laws are insufficient to protect against software piracy because digital
material can be copied so easily. Internet technology also makes intellectual property even
more difficult to protect because digital material can be copied easily and transmitted to many
different locations simultaneously over the Net. Web pages can be constructed easily using
pieces of content from other Web sites without permission

17
REVISION QUESTION 7
What are the business advantages and disadvantage of cloud computing?

(6 Marks)

SOLUTION
Cloud computing is the idea of making computing resources available based on what a user
really needs instead of what they might need.

The advantages include:

• Not dependent on physical location of either resources or users.

• Users access computing resources on their own not necessarily dependent on IT staff.
• Based on standard network and Internet devices.
• Resources serve multiple users with computing virtually assigned according to need.
• Resources are increased or decreased according to demand.
• Charges are based on the amount of resources actually used.
• Large investments in IT infrastructure are not necessarily needed or investments are
significantly reduced.
• Firms can shift additional processing requirements to cloud computing during peak
business periods.
• It allows a more flexible IT infrastructure.

The disadvantages include:

• Responsibility for data storage and control is transferred away from the organization
to a third party.
• Security risks and chances of data compromises are increased.
• Risk diminishing system reliability.
• Increase dependency on a third party making everything work.
• Huge investments in proprietary systems supporting unique business processes may
be at risk.

18
REVISION QUESTION 8
Define the term ‘outsourcing’ and explain the benefits and possible drawbacks of outsourcing
the development of this system to an external organisation.

(8 Marks)

SOLUTION
Outsourcing is subcontracting a process, such as product design or manufacturing, to a third-
party company. Outsourcing of information systems is the process of subcontracting the
development and sometimes the operation of information systems to a third party company
who provide these services. The work is done by the vendor rather than the organisation’s
internal information systems staff. The decision to outsource is often made in the interest of
lowering firm costs, redirecting or conserving energy directed at the competencies of a
particular business, or to make more efficient use of labour, capital, technology and
resources.

Organisations that outsource are seeking to realise benefits or address the following issues:

• Cost savings. The lowering of the overall cost of the service to the business. This will
involve reducing the scope, defining quality levels, re-pricing, re-negotiation, cost re-
structuring. Access to lower cost economies through offshoring generated by the wage
gap between industrialised and developing nations.

• Cost restructuring. Operating leverage is a measure that compares fixed costs to

variable costs. Outsourcing changes the balance of this ratio by offering a move from
fixed to variable cost and also by making variable costs more predictable. Improve
quality. Achieve a step change in quality through contracting out the service with a
new Service Level Agreement.
• Operational expertise. Access to operational best practice that would be too difficult
or time consuming to develop in-house.
• Staffing issues. Access to a larger talent pool and a sustainable source of skills.

• Capacity management. An improved method of capacity management of services and

technology where the risk in providing the excess capacity is borne by the supplier.

• Catalyst for change. An organisation can use an outsourcing agreement as a catalyst

for major step change that cannot be achieved alone. The outsourcer becomes a
Change agent in the process.
• Reduce time to market. The acceleration of the development or production of a
product through the additional capability brought by the supplier.

19
 • Risk management. An approach to risk management for some types of risks is to
partner with an outsourcer who is better able to provide the mitigation.

• Time zone. A sequential task can be done during normal day shift in different time
zones - to make it seamlessly available 24x7. Same/similar can be done on a longer
term between earth's hemispheres of summer/winter.
• Customer Pressure. Customers may see benefits in dealing with your company, but
are not happy with the performance of certain elements of the business, which they
may not see a solution to except through outsourcing.

Possible drawbacks include:-

• Quality of service
• Productivity
• Staff turnover
• Failure to deliver business transformation
• Security
• Qualifications of outsourcers

Note: Candidates should define IT outsourcing and describe three advantages and three
drawbacks.

20
REVISION QUESTION 9
Describe the core activities in the systems development process.

(8 Mark)

SOLUTION
This is a formal methodology/process for managing the development of systems and is still
the principal methodology for medium and large projects. The overall development process is
partitioned into distinct stages, each of which consists of activities that must be performed to
fashion and implement an information system. The stages are usually gone through
sequentially with formal “sign-off” agreements among end users and data processing
specialists to validate that each stage has been completed. Users, managers, and data
processing staff have specified responsibilities in each stage. The approach is slow,
expensive, inflexible, and is not appropriate for many small desktop systems.

A typical development process or systems life cycle consists of systems analysis, systems
design, programming, testing, conversion, and production and maintenance. Systems analysis
is the phase where the problem that the organisation is trying to solve is analysed. Technical
specialists identify the problem, gather information requirements, develop alternative
solutions, and establish a project management plan. Business users provide information
requirements, establish financial or operational constraints, and select the solution. During
systems design, technical specialist’s model and document design specifications and select
the hardware and software technologies for the solution. Business users approve the
specifications.

During the programming phase, technical specialists translate the design specifications into
software for the computer. During the testing phase, technical specialists develop test plans
and conduct unit, system and acceptance tests. Business users provide test data and scenarios
and validate test results.

During the conversion phase, technical specialists prepare a conversion plan and supervise
conversion. Business users evaluate the new system and decide when the new system can be
put into production. During the production and maintenance phase, technical specialists
evaluate the technical performance and perform maintenance. Business users utilise the
system and evaluate its functional performance.

Summary of above:

• Feasibility Study – cost benefit – recommendation – various type of feasibility

• Analysis Stage user input – information gathering – questionnaires, interviews,
observation, records
• Logical Design – what in terms of data, processes, information

21
• Physical Design – how in terms of hardware, software, data structures etc
• Development – coding and testing
• Implementation – types of implementation procedures
• Maintenance – reasons for – errors, environmental and internal requirements

22
REVISION QUESTION 10
Define information system prototyping and the benefits and limitations of it as a systems
development method.

(6 Marks)

SOLUTION
Prototyping is the process of building an experimental system quickly and inexpensively for
demonstration and evaluation so that end users can better define information requirements.
The prototype is a preliminary model that is refined until it meets end-user requirements. The
process of repeating the steps to build a system over and over again is called an iterative
process. Prototyping is more explicitly iterative than the conventional life cycle and it
actively promotes system design changes.

The four-step model of the prototyping process consists of the following:

1. Identify the user's basic requirements

2. Develop a working prototype
3. Use the prototype
4. Revise and enhance the prototype
The process of developing a prototype can be
broken down into four steps. Because a prototype
can be developed quickly and inexpensively,
systems builders can go through several iterations,
repeating steps 3 and 4, to refine and enhance the
prototype before arriving at the final operational
one.

Prototyping is most useful when some uncertainty

exists about user requirements or a design
solution. It is especially valuable for the design of
the end-user interface of an information system
such as on-line display and data entry screens.
End-user involvement means that the system is
more likely to fill user requirements. However,
rapid prototyping can gloss over essential
programming and documentation steps, or be
poorly designed for large quantities of data.

23
REVISION QUESTION 11
What is the function of risk assessment and how is it carried out information systems?

(7 Marks)

SOLUTION
A risk assessment determines the level of risk to the firm if a specific activity or process is
not properly controlled. Business managers working with information systems specialists can
determine the value of information assets, points of vulnerability, the likely frequency of a
problem, and the potential for damage.

Security risk analysis involves determining what you need to protect, what you need to
protect it from, and how to protect it. It is the process of examining all of the firm’s risks, and
ranking those risks by level of severity. This process involves making cost-effective decisions
on what you want to protect. The old security adage says that you should not spend more to
protect something than it is actually worth. A full treatment of risk analysis is outside the
scope of this section; however, there are two elements of a risk analysis that should be briefly
covered:

1. Identifying the assets

2. Identifying the threats.

For each asset, the basic goals of security are availability, confidentiality, and integrity. Each
threat should be examined with an eye to how the threat could affect these areas. One step in
a risk analysis is to identify all the things that need to be protected. Some things are obvious,
like all the various pieces of hardware, but some are overlooked, such as the people who
actually use the systems. The essential point is to list all things that could be affected by a
security problem.

Here is an example list of categories:

• Hardware: keyboards, terminals, workstations, personal computers, printers, disk

drives, communication lines, terminal servers, routers.
• Software: source programs, object programs, utilities, diagnostic programs, operating
systems, communication programs.
• Data: during execution, stored online, archived off-line, backups, audit logs,
databases, and in-transit over communication media.
• People: users, people needed to run systems.
• Documentation: on programs, hardware, systems, and local administrative procedures.
• Supplies: paper, forms, ribbons, and magnetic media.
Once the assets requiring protection are identified, it is necessary to identify threats to those
assets. The threats can then be examined to determine what potential for loss exists.
24
REVISION QUESTION 12
Distinguish between unstructured, semi-structured and structured decisions.

(6 Marks)

SOLUTION
Unstructured decisions are those in which the decision maker must provide judgment,
evaluation, and insights into the problem definition. Each of these decisions is novel,
important, and non-routine, and there is no well understood or agreed-on procedure for
making them. An example of a structured decision might concern whether to launch a new
product or whether to invest in a particular country. Structured decisions are repetitive and
routine, and decision makers can follow a definite procedure for handling them to be
efficient. A structured decision might concern staff scheduling. Many decisions have
elements of both and are considered semi-structured decisions, in which only part of the
problem has a clear-cut answer provided by an accepted procedure. In general, structured
decisions are made more prevalent at lower organisational levels, whereas unstructured
decision making is more common at higher levels of the firm. Semi-structured decisions are
decisions in which some aspect of the problem are structured and others are unstructured.

25
REVISION QUESTION 13
Name and describe six principal electronic payment systems used on the Internet.

(6 Marks)

SOLUTION
The electronic payment systems include digital credit card payment, digital wallet,
accumulated balance payment, stored value payment systems, digital cash, peer-to-peer
payment systems, digital checking, and electronic billing presentment and payment.

Digital credit card payment systems provide secure services for credit card payments on the
Internet and protect information transmitted among users, merchant sites, and processing
banks.

Digital wallets store credit card and owner identification information and provide these data
automatically during electronic commerce purchase transactions.

Accumulated balance payment systems accumulate micro-payment purchases as a debit

balance that must be paid periodically on credit card or telephone bills.

Stored value payment systems enable customers to make instant online payments from a
value stored in a digital account. A smart card is a credit card-size plastic card that stores
digital information and can be used for electronic payments.

Digital cash is an electronic form of currency, moves outside the normal network of money,
and is used for micropayments or larger purchases.

A peer-to-peer payment system is an electronic payment system for people who want to send
money to vendors or individuals who are not set up to accept credit card payments.

An electronic billing presentment and payment system is used to pay routine monthly bills; it
allows users to view their bills electronically and pay them through electronic funds transfers
from bank or credit card accounts.

26