|Time Allowed: 3 hours.
| Answer any FIVE questions.
|ALL questions carry equal
- Certain employees will always be placed in positions of trust, for example senior systems analysts, database administrators and information systems security managers. Such employees can therefore, compromise the security of information systems if they so wish.
Explain three control measures that an organization should institute over these employees and guarantee the security of the information systems. (6 marks)
individual in an organization has some opportunity to commit computer fraud.
The potential for which they can do so depends on a number of factors. Examine three of these factors. (6 marks)
- Ethical principals can help in evaluating the potential harms or risks in the use of information communication technology.
Explain ant two principles of technology ethics. (4 marks)
- Explain the advantages to an organization in having users involved in developing an information systems application. (4 marks)
(Total: 20 marks)
ANSWERS TO QUESTION ONE
These employees perform the following jobs.
Senior systems Analysts – he is the head of system analysts. These employees analyze the existing system with a view to their computerization. They design systems and oversee their implementation and review. They are actively involved in the upgrading of the system.
Database administrators – they ensure that the data in the database meets the information needs of the organization involved in retrieving data and structuring reports, which are appropriate to the organization.
Systems security managers – they are involved in ensuring the security of the system is not compromised. They ensure that no outsiders or unauthorized persons access the information..
From the above information, it can be seen that these employees access valuable information and if they are compromised then the firm can suffer. The following measures are put in place to curb this.
- Administrative controls – they include.
- Policies – policies outlining and requiring each employee to do certain things and not Things not authorized to be done are threats to security.
- Administrative procedures – put by an organization to ensure that users only do what they are authorized to.
- Legal provision – this serve as security controls by laying down legal penalties which may be suffered in case of breaches in security.
- Ethics – a strict code of conduct by the organization to be followed by the employees can boost security.
- Logical security controls – these are measures incorporated within the system to provide for security against the employee. This include the need of passwords to access any
- Physical controls – this include lockups. The offices should be locked at the end of the day and no employee should access the others office. It also encompasses employing security
guards to prevent unauthorized access.
- Rotation and Compulsory Leave – an employee should not be allowed to stay in one place for long but should be rotated. Due to this threats of fraud are discovered in advance.
Compulsory leave should be given and work reviewed in case of any perceived threat on security.
- Good Remuneration – the employees should be paid well to guard against compromising.
Every individual in an organization can commit fraud. The potential of an employee committing fraud depends on the following: –
- Security – inadequate security and loopholes in the security system can be a potential motivator to an individual to commit fraud. An employee who knows that he can commit
fraud without being found out would be greatly motivated.
- Remuneration – individuals who are poorly paid are highly susceptible to committing fraud to make their ends meet.
- Company policies – if employees are aware that the organization policies are not stringent then they are likely to be involved in fraud. Absence of policies like rotation of employees
or compulsory leave will be a driving factors as chances of being caught are low.
- Ethics – the code of conduct of a company also play a major role. In organizations where there is laxity then the chances are high that employees will engage in fraud.
- Legal provision – where no legal sanctions are imposed, on the employees if found guilty of fraud, they could engage in fraudulent activities.
- Principles of technological ethics include: –
- Honesty and trustworthy – a honest computing professional should not make deliberate or deceptive claims about a system or systems design, but should
instead provide full disclosure of all pertinent system limitations and problems.
- Privacy – it is the responsibility of professionals to maintain the privacy and integrity of data describing individuals. Data should be protected from
- Integrity – the information users and professionals should maintain integrity in use of the information. This ensure the accuracy and reliability of the
information stored on computers.
- Confidentiality – this involves respecting of data which touches on individuals. This is to respect all obligations of confidentiality to employers, clients and users unless disclosure is required by law.
- Advantages of users being involved in developing an information system application:
Users know the internal quirks of the system in order to get required information. (ii) Improves relationship between users, management and developers
- Improves system literacy of users and subject understanding of developers.
- Conflict resolution become responsibility of both users and developers. This eases conflict resolution.
- Improves system analysts time by focusing on work relations and gathering project resources simultaneously.
- Lowers cost of system development by defining requirements completely and correctly in a short time period.
- Increases team satisfaction confidence and support
- Reduces maintenance time due to earlier application completeness and correctness of
(a) Some of the major challenges facing the convergence of networks in businesses is performance, that is, the network can at times be painfully too slow and result in high interconnectivity costs.
- Explain the meaning of the terms ―bandwidth‖ and ― interconnectivity costs‖.
- Examine four factors that can determine the extent to which network performance
degrades or slows down. (8 marks)
Explain two strategies that business organizations can adopt to keep network costs low. (4 marks)
Identify any four common reasons for losing data in computer-based systems.
(Total 20 marks)
- Bandwidth – bandwidth is the bits-per-second (bps) transmission capability of a communication channel. It also refers to the amount of data that can be transmitted in a fixed amount of time. There are three types:-
- Voice band – bandwidth of standard telephone lines.
- Medium band – bandwidth of special leased lines used. (iii) Broadband – bandwidth of microwave, satellite coaxial cable and fibre optic.
- Interconnectivity costs
- These are costs incurred in running a network. These costs basically include the subscribing costs which run when the network is interacting with other networks. It also includes unquantifiable costs like security threats.
- Factors that determine the extent to which network performance degrades or Slows down: –
- Bandwidth – the size of the bandwidth will determine the speed of network. A large bandwidth will be sufficient to support a large number of network users
- without slowing down the network.
- Software – For example, a network operating system with a high performance (eg linux operating system) can be able to provide a high network performance.
- Hardware – different hardware have different capability thus if the hardware is outdated then the network will slow down.
- Dedication of the servers – when a server is connected to different networks then it will be painfully slow as so many users are using the server. As such servers should be connected in a way to serve limited networks for optimum performance.
- Software – the software of the components of a network will have influence on the network.
- Quality assurance and testing are important in developing and delivering information systems.
Briefly describe four characteristics of quality assurance you would expect to find in a software product. (8 marks)
- It is always recommended that any new system should have a graphical user interface (GUI) to make it easier to use than current character-based systems.
Briefly describe what is meant by a graphical user interface (GUI). (2 marks) Discuss two limitations associated with the implementation and use of GUI. (6 marks)
- Identify four major factors that influence the structure of an information system.
(Total 20 marks)
- 3strategies – are plans made to improve the position of a situation. The strategies to be adapted are:-
dedication of servers – servers in the organization should perform specific functions to reduce overload on the server leading to slowness and thus decrease the costs that arise when the network is down.
Working offline – the organization should do most of the work offline and only go online when sending or in need of information online.
Use updated software – make use of modern software which do the work faster and better. This could be done by either updating the software or just getting new software.
Common reasons for losing data
- Ignorance – a software user may delete data files maintained by a software because he/she does not know how to operate the software of is unaware of the consequences of deletion.
- Accidents – a user may accidentally delete data files maintained by software due to mistaken identity of files.
- Fraud – employer may access and delete security log files to cover any illegal activities taking place.
- Malice – hackers may delete organizational data in order to bring down the operations of an organization.
- Poor management of data stores – could result in the theft of companies‘ diskettes containing sensitive data.
- Quality assurance – involves the entire software development process. It is the monitoring and improving the process making sure that any agreed procedures are followed and problems are found and dealt with. The characteristics are: –
- Reliability – the software should fit the users requirement and perform the functions they are designed for.
- Documentation – the software should be accompanied by a manual which is easy to This helps in use and maintenance of the software.
- User friendliness – the software should be easy to use with clear on screen prospects, menu driven and extensive screen help facilities.
- Controls – it should have in-built controls which may include passwords, options, validation checks.
- Up-to-date- the software should be up-to-date..
- Modification- the software should be modifiable to fit the requirement of users.
- Compatibility of software- it should integrate easily with other software in use in the system.
- Graphical User Interface (GUI) – refers to the interaction between end users and the computer based upon a graphical display. These are tools which are designed to enhance personal computing work. They are mostly fitted on work stations or personal computers with graphical adaptors able to support high resolution graphics.
- Limitations of Graphical User Interfaces:
- System slow down – when you open so many windows which have the GUI
facility, the system will slow down. ii) Too much information – the user cannot focus on all the information presented
to him on the GUI
Inflexible icons – the icons take you to specific location and if you want to change your cursor you have to go back to the first window which is
cumbersome in a way.
Information System – refers to a collection of components which collect, process, store analyse and disseminate information for specific purposes. The factors influencing its structures are: –
- Cost – a complex information system is expensive so a firm will design a system they can afford to run.
- Requirement – the information requirement will determine the structure or the information system of an organization.
- Level of training – the knowledge of users will also determine the structure of an information system. A complex system structure will require more training
thus a company may decide to have a less complex one to limit training costs.
- Existing software – the availability of software that can support a system will have an impact on the structure of the system.
- Availability of staff – the number of staff with knowledge to run a system will have an impact on the structure of the system.
- Availability of hardware to support the system. If such hardware is unavailable then the company will search far an alternative structure.
Transaction processing systems capture and process data resulting from the occurrence of business transactions, to update organizational databases in order to produce a variety of information products.
Explain the five stages of a transaction processing cycle. (10 marks) (b) A data dictionary is a repository of information about data.
Explain the characteristics of a data dictionary. (4 marks)
The concept of an intelligent workstation is a combination of a personal computer and access to a local or wide area network. The hardware, software and communication are integrated into one facility.
Define and differentiate functional integration and physical integration in a workstation
environment. (6 marks) (Total 20 marks)
ANSWERS TO QUESTION FOUR
Stages of a transaction processing cycle.
- Processing of inquiries – the system processes the inquiries made using the database.
- Processing the transaction – depending on the outcome of the inquiries, the system processes the activity such as buying or selling
- Making decisions – the system uses application to support systems for planning, analysis and decision making. Decisions are made on the transaction e.g. at what price to sell.
- Update master file – the system then stores the information relating to the transaction. (v) Produce reports – the system winds up by producing a report on the transaction.
Data dictionary is an automated manual tool for storing and organizing information about the data maintained in a database. A data dictionary is a file which defines the basic organization of a database. It contains a list of all files in the database, the number of records in each file and the name and types of each field. All data elements contained in data dictionary are accompanied with a short description on what they are.Its characteristics are:
- A query facility:- this is both for administrators and casual users. It helps users to perform searches on items like business definitions, user descriptions or even
- Automated input facilities:- this are to enable loading of records
- Security features:- to help in protecting the information contained in the data dictionary
- Comprehensive data reporting language for user designed reports.
- Language interphase, to allow, for example standard record layouts to be automatically incorporated into programs during the compile process.
- Help facility – this helps to instruct users on how to use the data dictionary.
Functional integration – this is the dividing of the functions among individuals in a work station. Once an individual is only allowed to perform particular duties and not others. It differs from physical intergration in that one machine can be used by different persons. In functional integration, only that the individuals will be involved in different duties. (ii) Physical integration – this is the allocation of work machines to individuals to use in the firm. A particular person is assigned a machine to work on and no sharing of
machines takes place. However people can perform the same functions. Under this form of intergration.
- The company you work for intends to computerize its payroll application.
Explain the functional capabilities that the system should have for it to serve the intended
purpose. (8 marks)
- Outline four features of a word processing software package.(4 marks)
- Explain the importance of documenting and agreeing on the information systems
requirements. (6 marks)
- Name the basic requirements for internet connectivity. (2 marks)
(Total 20 marks)
Functional requirements required
- User requirements – the system should be able to meet the need of the firm and its users as closely as possible.
- Processing time – it should have a short response time. A faster system will be very
- User friendliness – the system should be easy to use with clear on screen prompts menu driven and extensive on screen help facilities.
- Controls – the system should have in built controls which may include passwords, validation checks, audit trails etc to boost information and data integrity.
- Flexibility – the system should allow for future modification in case of requirement
- Compatibility – the system should be compatible with other system to allow simulations with user systems
- Portability – the software should be able to run on the firms different machines.
Four features of a word processing software package:
- A drawing tool bar to enable one to accommodate various shapes and lines in word processed documents.
- Automated formatting such as bolding, italizing, underlining, capitalizing indenting and paragraphing of text.
- Print previews which enable one to see the output and identify areas of improvement in the formatting and layout.
- CV, letter, memo and other document wizards which guide one through the document creation process.
- Help to provide assistance to users.
- Documentation – this is the description of a software in written form after its development.
The importance are:-
- It guides the development team at various stages of the development life cycle.
- Can be used as a system back up copy should something happen to its implementation
- It aids or assists during system maintenance since it guides in identification of system modules to be changed.
- Effectively provides a check list of items to be covered during subsequent system audit a maintenance.
- Guides against loss of system understanding particularly when the author leaves the company or dies
- Act as a training guide for users.
Importance of agreeing on the information system requirement.
- Improves relationship between users management and developers. It ensures that potential dispute areas are reduced.
- Lowers the cost of system development by defining the requirement time completely and correctly.
- Increases team satisfaction, confidence and support.
- It makes it easier to plan to project as the total costs can be estimated with more accuracy.
Basic requirement for the internet connection
- Modem – a transmitter which ecodes the information.
- Computer – the source and destination for the data.
- Wire a complex network – this is the transmission system (iv) Internet service provider (ISP) – provides access to the internet at a periodic cost.
- Wanjeshi Sacco Ltd. is intending to introduce a corporate database to support a variety of its information needs.
List two organizational, technical and human factors to be considered in the process of
establishing the corporate database environment. (6 marks)
Propose two database models that can act as design alternative options. (2 marks)
Explain four database areas in which the company would be justified in restricting employee access. (8 marks)
- Explain four network management functions. (4 marks)
(Total 20 marks)
ANSWERS TO QUESTION SIX
Factors to be considered in the process of establishing the corporate database. (i) Requirements by the organization.
- Effect of the system on the existing organization structure.
- Redundancy or retrenchment. Implication to the company as a result of the new
- Effect on the current working practise. Technical
- Hardware and software requirement of the system.
- The current technology and whether it can support the system. (iii) Whether there are specialized persons to handle the system once installed.
- Redundancy or retrenchment, implication to the company as a result.
- The reaction of individual both from within and without the organization. (iii) Necessity of training.
- Hierarchical Data Model –it presents data to users in a tree like structure.
Network Data Model –a logical database model that is useful for depicting many tomany relationship.
Relational Data Model –a type of model that treats data as if they were stoned in twodimensional tables. Related data is stored together or near each other.
- Database areas which needs to be restricted.
Sensitive data –applies to information that requires special precautions to assure theintegrity of the information, by protecting it from unauthorized modification or deletion. It is data that requires a higher than normal assurance of accuracy and completeness e.g. passwords, on encryption parameters.
Confidential data –applies to the most sensitive business information that is intendedfor strict use within and organization. Its unauthorized disclosure could seriously and adversely impact the organizations image in the eyes of the public e.g. application program same code. Project documentation etc.
Private data –applies to personal data intended for use within the organization. Itsunauthorized disclosure could seriously and adversely impact the organization and/or its customers e.g. customers account data, e-mail messages etc.
Public Data –applies to data that can be assessed by the public but can beupdated/deleted by authorized people only eg company web pages, monetary transaction limit data.
Network management functions include: –
- Resolving conflict between users and technical people when using the system.
- Overseeing the network security
- Evaluating the network performance to see whether it meets the organizational needs.
- Ensuring compliance to rules by the network. (v) Maintaining the network and ensuring its operation is up to date.
- Give four reasons that may make an organization abandon an information systems
project. (8 marks)
- List four problems that are faced when using standard files for data processing systems.
- Name four modern computer -based information systems‘ structures that support the sharing of data or information and other resources. (4 marks)
- Differentiate between deterministic and random systems giving examples in each case.
(Total 20 marks)
- Failure to establish upper-management commitment to the project.
- Lack of organizations commitment to the system development
- Taking shortcuts through or around the system development methodology can lead to system failure and hence abandonment.
- Insufficient resources both financial and otherwise
- Failure to adhere to the set budget, time and finances.
- Premature commitment to a fixed budget and schedule.
- Obsoleteness of the system under development
The standard files are inflexible hence may not adapt to your requirements (ii) It limits creativity as you have to adhere to set rules.
- Does not give competitive advantage over rivals, as the features are same.
- Its hard to get standard files which fit all your requirements. (v) Its security controls are not so effective thus can be infiltrated easily.
Problems faced when using standard files for data processing systems:-
Data redundancies and confusion in data storage (ii) Difficult to effectively secure data.
Difficult to modify data due to data redundancies. (iv) They require a lot of storage resources due to data redundancies.
- Management Information System (MIS) –provides continuous information todecision makers to make structured, recurring and routine decision.
- Decision Support systems –provides problem–specific support for non routinedynamic and often complex decisions a problem.
- Expert system –it is knowledge system which provides information when
- Data Management system – it‘s a system which stores data for use by
- Virtual Reality System –it is a 3–dimensional simulation software where the user isimmersed in a simulated environment using special hardware.
Deterministic systems – it‘s a system in which various steps/activities follow on form eachother in a totally predictable way e.g. A will happen, then B then C.Examples of such systems are :-
- Fully automated production process
- Computer program
In such a system there is predictable input and output as the system reacts in a predictable way. Random systems –also known as probabilistic or stoichastic system. It is one in which somesteps/activities can be predicted with certainty and other will occur with varying degrees of probability. There are many probabilistic systems in a business organization e.g. provision of bad debts.
- The owner of a chain of auto-accessory shops in five different towns inputs sales figures into a computer model that displays the selling trends of each store. She uses her own observation form visits to the shops and information gained from the model to make ordering decisions for each store.
Are the ordering decisions she makes structured, semi-structured or unstructured? Briefly explain the reasons for your choice and outline what product related variables are involved in the ordering decisions. (10 marks)
- Certain financial problems such as simplified bread-even analysis models for predicting profits can be computerized.
P = (Sp – Vc) U – F c Where:
|Selling price per unit
|Variable cost per unit
|Number of units of sales
Using the above model, describe any three decisions that management can make form the break-even analysis model. (6marks)
Why do organizations automate reasoning or decision-making tasks which human beings are naturally better able to perform than computers? (4 marks)
(Total: 20 marks)
ANSWERS TO QUESTION EIGHT
Structured decisions –these are repetitive and defined decisions. A standardized preplannedapproach is used to make the decision and a specific methodology is applied routinely.
Semi structured decision –the information requirement and the methodology to be applied areoften known, but some aspects of the decision still rely on the manager. As such the manager can exercise some discretion in the making of decisions.
Unstructured decisions –tends to be unique. The information needed for decision–making isunpredictable and no fixed methodology exists. Here the manager exercises a lot of discretion.
From the above definitions its clear that the decision made by the owner of this classic stone is semi-structured. She incorporates the information from the computer which is automated and uses judgment to make decision. The product related variables in making ordering decisions are :- (i) The quality of the products.
- The quantity to be ordered.
- The availability of the products needed.
- The availability of supplies and reliability. (v) Availability of cash to purchase.
Decisions that management may make from the break even analysis model:
- Decision on the selling price of the products in order to obtain certain profit.
- Marketing decision in order to make the required sales.
- Determining the variable costs of the products in order to make required profits. This could be by buying cheaper raw materials.
- Decide the number of unit to be produced
) An expert system is a system that acts as an expert consultant to users. Reason for its use include: –
- For consistency in the decision being made
- Speed- the expert system is faster than a human being expert.
- Permanence – the experts can die or leave but an expert system can be used for a long time, use will only stop if it is changed.
- Remote areas – expert system can be used in areas where human being fear going eg. Arid areas, bad climate area etc
- Objectivity – decisions made by expert systems are not guided by passions or feelings as such decisions are always for the best interest of the organisation.
- Experts are costly to maintain, expert systems on the other hand involve only one off costs, the acquisition.