Tutorial Letter Semester 1/2016 FEEDBACK TUTORIAL LETTER, ACCOUNTING INFORMATION SYSTEMS (AIS822S) Assignment 1 Solutions and Comments.

Transcription

1 Tutorial Letter Semester 1/2016 FEEDBACK TUTORIAL LETTER, ACCOUNTING INFORMATION SYSTEMS (AIS822S) Assignment 1 Solutions and Comments Question 1 1. Whether they're buying MP3s or machinery, buyers prefer the ease-of-use and accessibility conventions of the ecommerce experience that grew in the B2C space. Rather than cling to old technology with green screens and trading hubs, B2B needs to not only provide B2C features and functionality but also the payment methods and processes of the B2B world like terms and volume discounts. 2. Powerful ecommerce enables you to reach parts of the world you just couldn't reach before. Staying wedded to a regional mindset can hurt your prospects for growth. In many industries, distributors have loosened or even eliminated their old regional exclusivity pacts.. A powerful ecommerce solution helps your business reach buyers wherever they are, without the need to add staff and overhead in satellite offices. 3. The depth and effectiveness of your product catalog is a competitive advantage. Building out your ecommerce experience doesn't mean simply putting up a data sheet and "add to cart" button for every SKU in stock. Modern ecommerce platforms give you the power to merchandise solutions personalized to your customers based on the buyer's profile, buying and viewing history, and even the search terms used to reach your site. This context-sensitive personalization gives companies a chance to demonstrate superior product knowledge and earn loyalty. 4. Organizations need reliable and real-time links between their ecommerce front-end and the equally powerful inventory management, order management, CRM, financials, marketing and reporting systems that power the back office. A stand-alone online store can't deliver the kind of insight to efficiently run and grow business. 5. A single ecommerce system that can facilitate supplier purchases and management as well as sell to end customers means businesses can operate efficiently, speeding

2 delivery times and facilitating orders. As the lines between suppliers and customers blur, having one system to manage them all allows a company to react swiftly to changing business conditions. Question 2 a)

3 b) Question 3 1. CONTROL ENVIRONMENT Control environment is the attitude toward internal control and control consciousness established and maintained by the management and the employees of an organization. It is a product of management's philosophy, style and supportive attitude, as well as the competence, ethical values, integrity, and morale of the organization's people. The organization structure and accountability relationships are key factors in the control environment. Elements of the Control Environment

4 Ethical Values and Integrity, Management s Operating Style and Philosophy, Competence, Morale, Supportive Attitude- Mission Structure 2. COMMUNICATION Communication is the exchange of useful information between and among people and organizations to support decisions and coordinate activities. Within an organization, information should be communicated to management and other employees who need it in a form and within a time frame that helps them to carry out their responsibilities. Communication also takes place with outside parties such as customers, suppliers and regulators. Elements of Communication - Timeliness, Sufficient but not excessive detail appropriate to user, Clear and open horizontal and vertical 3. ASSESSING AND MANAGING RISK Risks are events that threaten the accomplishment of objectives. They ultimately impact an organization's ability to accomplish its mission. Risk assessment is the process of identifying, evaluating and determining how to manage these events. At every level within an organization there are both internal and external risks that could prevent the accomplishment of established objectives. Ideally, management should seek to prevent these risks. However, sometimes management cannot prevent the risk from occurring. In such cases, management should decide whether to accept the risk, reduce the risk to acceptable levels, or avoid the risk. To have reasonable assurance that the organization will achieve its objectives, management should ensure each risk is assessed and handled properly. 4. CONTROL ACTIVITIES Control activities are tools - both manual and automated - that help prevent or reduce the risks that can impede accomplishment of the organization's objectives and mission.

5 Management should establish control activities to effectively and efficiently accomplish the organization's objectives and mission. Examples of Control Activities - Documentation - Approval and Authorization Verification - Supervision - Separation of Duties 5. MONITORING Monitoring is the review of an organization's activities and transactions to assess the quality of performance over time and to determine whether controls are effective. Management should focus monitoring efforts on internal control and achievement of organization objectives. For monitoring to be most effective, all employees need to understand the organization's mission, objectives, and responsibilities and risk tolerance levels. Major Areas for Monitoring - Control Activities Mission - Control Environment - Communication - Risks and Opportunities Question 4 a) Public: Public information Internal Use: Confidential business information Confidential: Information that customers consider confidential

6 Sensitive: Personal and Private Information (PII), information that THE LAW considers confidential Highly Sensitive: Encryption keys, server secrets, staff/admin passwords Students can also provide specific examples of commercial data and explain why protection is required. The role of security is to protect the confidentiality, integrity, and availability of data and information resources. Confidential information is protected by reasonable technical security countermeasures, also known as technical security controls. To choose appropriate security countermeasures requires a detailed threat model and to do so means a comprehensive understanding of the nature of the information handled by the system. b) Risks includes Spoofing, Hacking, DoS, Botnets, Spam, Data theft, Data manipulation, Social Engineering, Virusses, Worms, Phishing, Human Errors, Natural Disasters 1. Establish strong passwords Implementing strong passwords is the easiest thing you can do to strengthen your security. 2. Put up a strong firewall In order to have a properly protected network, "firewalls are a must 3. Install antivirus protection Antivirus and anti-malware software are essentials in your arsenal of online security weapons, as well. 4. Update your programs regularly

7 Making sure your computer is "properly patched and updated" is a necessary step towards being fully protected; there's little point in installing all this great software if you're not going to maintain it right. 5. Secure your laptops Because of their portable nature, laptops are at a higher risk of being lost or stolen than average company desktops. It's important to take some extra steps to make certain your sensitive data is protected. 6. Secure your mobile phones Cloutier points out that smartphones hold so much data these days that you should consider them almost as valuable as company computers -- and they're much more easily lost or stolen. As such, securing them is another must. 7. Backup regularly Scheduling regular backups to an external hard drive, or in the cloud, is a painless way to ensure that all your data is stored safely. 8. Monitor diligently 9. Be careful with , IM and surfing the Web It's not uncommon for a unsuspecting employee to click on a link or download an attachment that they believe is harmless -- only to discover they've been infected with a nasty virus, or worse. 10. Educate your employees Teaching your employees about safe online habits and proactive defense is crucial.