Consider a supermarket chain and the use they may make of information systems in the running of their business. Some of the objectives they are faced with are: –

  1. Easy product identification;
  2. Fast customer processing at the cash tills;
  3. Extremely efficient stock control;
  4. Rapid bulk replacement of goods from suppliers.


Describe in detail how Information Systems can help supermarket chains with these specific objectives. Your answer should outline the systems involved, the hardware that might be

required and an indication of how the various systems might interact with each other.

(5 marks for each, total marks 20)


Supermarket use of IS

  1. Product ID:– The development and agreement on a universal product codes has brought about the wide range of applications for product identification. The associated optical bar code reader in conjunction with bar codes has led to the adoption of this system in many applications, notably supermarkets.


  1. POS: – The use of bar codes and optical bar code readers has meant that customers in a supermarket can have the contents of their shopping basket scanned and using the bar code product identification, the local computer can then provide a price and product description which is printed out at the POS position. A bill with totals and sales messages can then be given to the customer for checking purposes. This speeds up the payment process and is more reliable and faster than the check-in person keying in the data. In some supermarkets, an individual bar-code reader is incorporated into a small hand-held computer allowing the customer to carry out the scanning themselves and providing a running total of the goods purchased in a small screen.. This is downloaded at the POS check-out making the process even quicker.


  1. Stock Control: – Using the POS system, a running total of stock levels is immediately available, if required, as goods are sold through the POS system reflecting the stock level at a given point in time.


  1. Stock Replacement: – As stock levels are obtained on-line, it is possible to make these levels available to a supermarket‘s warehouse, or a product supplier. Setting minimum and maximum stock levels could automatically trigger orders for replacement products replacements. Often a batch system of overnight replacement is implemented from a supermarkets local warehouse or supplier to reduce logistical costs.


Theoretically, with a known starting stock level, a known through-put of products, the stock level at any instant in time should be available which could be used to place stock replenishment orders. However in practice considerations of breakages, pilfering, errors, sudden changes in weather affecting the sale of certain products, shortage of supply causing panic buying can affect the theoretical system.



The development of powerful desktop computers coupled to telecommunication networks  has revolutionized the way organizations may carry out their business.

The following are some alternatives for an organization‘s internal and external communications: –

  1. Client-Server(8marks)
  2. Internet (6marks)
  3. Intranet (3marks)
  4. Extranet (3marks)

(Total marks 20)



Alternative communication systems: –

a. Client-Server: –

A very popular form of distributed processing which splits the required processing between clients and servers‘. The client is normally the user interface between a user and a desktop computer, workstation or a laptop computer. The user interacts with the user interface to enter or receive data or carry out some form of calculation or analysis of data. The server provides the client with the services required and may be anything from a super computer, mainframe or another desktop computer, usually with a large amount of additional RAM and hard disk capacity.


The subdivision of the processing function and the allocation of storage depends on the requirements of each application. Generally all or the majority of the data storage is in the server whilst the application logic may be split between the server and the client, the precise

Revision Question and Answers

division depending on the application and asynchronous data transmission speeds. In some applications more in the client and in other applications more in the server.


  1. Internet:

A world-wide network of interlinked networked computer systems enabling the exchange of information between individuals and organisations on a global scale. Connection to the internet is made through Internet Service Providers (ISP). The internet has no ownership and no formal management organization.


There are number of internet tools for communication such as e-mail, news groups etc. Information retrieval where access to library catalogues, corporations, governments, and non-profit organisation databases is possible. The World Wide Web (WWW) is a universally accepted standard of storing, retrieving, formatting and displaying information using a client server architecture.


  1. Intranet:     

By the use of internet technology, organizations are creating internal networks for use within an organisation on an enterprise basis. Intranets use internet standards of connectivity and software developed for the WWW on the existing organisational network. As a result the networked applications can run on many different kinds of computers in use in the organisation giving greater flexibility of hardware. Intranets are private to the organisation and are protected from the public internet by firewalls which are security systems with specialized software to prevent outsiders from gaining access to the private network.


  1. Extranet:

Extranets are a mixture of internet and intranets whereby an organisation allows outside people or organisations limited access to their own private internal intranets. Extranets are useful in linking an organisation with its customers or business partners allowing them to access such items as stocks levels, products and prices.



In the context of Information Systems Security, write short notes on ALL of the following  headings:-

  1. Why are computer systems more vulnerable to destruction, error, abuse and misuse than manual systems?
  2. What is meant by the term Risk Assessment?
  3. What are Worms and Viruses?
  4. Outline the process of Public Key Encryption. (5 marks for each, total marks 20)



Information Systems Security is the safeguarding of the computer system from attacks or  destruction. Computer systems are vulnerable due the following reasons.  a. Destruction/error/abuse/misuse: –

  1. Hardware failure due to natural causes; electrical failure; etc.
  2. Software failure; bugs; poor design etc.
  • Human errors.
  1. Theft/corruption of data.
  2. System penetration by illegal access.
  3. Complex computer system difficult to replicate manually. vii. As data is more compact, potential loss is greater.
  • As data is more compact potential damage by abuse/misuse greater.
  1. Advent of networks has greatly increased the potential of unauthorised access. Paper based systems are less compact and intercommunication is much harder.


  1. Risk Assessment:   

Risk can be defined as the product of the amount that may be lost due to a security exposure and the probability or frequency that such a loss will occur. Potential threats may be identified by past experience, use of experts or brainstorming techniques as well as their anticipated frequency (once per month etc.) and potential monetary cost. The controls that might be necessary to counter the threat are also estimated and a judgment made whether the control costs are more or less than the threat and if so should the control procedures be implemented. Controls  may be general or application controls.

]General controls are those controls which are not specific in nature. This may include things like authorization of use and the general awareness of the risks by the employees.


Application controls are those controls over the inputs, processing and the output. This may includes things such are validation checks and maintenance of data.


  1. Worms & Viruses: –

A worm is a program that transfers itself from computer to computer over a network and plants itself as a separate file on the target computer. This program is destructive in nature and may destroy data or utilize tremendous computer and communication resources but  does not replicate like viruses.

A worm does not change other programs but can run independently and travel from machines to machines over the network. Worms can also have portions of themselves running on many different machines.


A virus is contagious and is a set of illicit instructions which are passed onto any other programs or documents with which it comes into contact. Viruses are malicious computer programs. Traditional viruses attach themselves on other executable code, infect the user‘s computer, replicate themselves on the user‘s hard disk and then damage data, hard disk or

files. Viruses attack the following parts of a computer:-

  • Executable program files o File directory systems o Boot and system areas that start the computer
  • Data files


  1. Public Key Encryption (PKE): –

Encryption means encoding a message into some form of code so that only the person receiving the message can decode the message. PKE uses two keys, a public key and a private key. The sender uses the public key to encrypt a message which is transmitted over the internet. When the message is received the recipients use their own private key to decode

the message.

In encryption the message is converted from the plain text into a secure code called cipher  text and cannot be understood before decryption to plain text again.

Encryption key is piece of information that is used within the encryption logarithm to make encryption or decryption process unique making the user to require a correct key to decipher

the meaning.

Encryption logarithm is a mathematically based function or calculation which encrypts or  decrypts.

In the PKE the two keys work together as a pair. The public key is known to everyone but the private key is known to an individual thus the only person who can decrypt the message.



Organizations are now moving from Strategic Management systems towards Enterprise systems and yet further to Industrial Networks and Extended Enterprise systems.


  1. Describe the features of Enterprise computing and industrial networks;
  2. What are the business and technological reasons for this move?
  3. Outline the key elements required to build an enterprise information technology structure



    • Outline potential organisational problems in the creation of these enterprises systems. (5 marks for each, total marks 20)QUESTION FOUREnterprise systems are business  systems. a. Features: – o Enterprise computing considers the firm as a whole and integrates key business processes into single software systems so that information can flow seamlesslythrough the enterprise. As a result co-ordination and efficiency of functions should be improved (e.g. sales/stock control/accounts/production/logistics all working          from the same data).

      o Decision making based on the same information should be improved. An enterprise view is taken of business strategy and processes, technology, and communication            networks.

      qAre mostly predefined and perform structured tasks e.g. recording cash received and paid out..

      • These systems also summarizes information for use by the higher management.


      • These systems are characterized by high input and output levels and are considered strategic for the survival of the enterprise.



      Revision Question and Answers

      1. Business and technological reasons:          

      The global market is highly competitive so organizations must look to methods to improve their business performance. The business reasons for moving are:          –

      1. llegal copying of software and possible distribution on the WWW. This is unethical A change to more complicated technology from traditional legacy systems, large The availability of consultancy services with appropriate experience, custom software developers,
            • Local or global communication service providers are all essential elements as well.
              • Reduction in data storage costs and elimination of paper work. o Expanded public communication networks thus enable the business tovailability of cash to support the venture. organisational problems: – o Enterprise systems require significant organisational change in the ownership of Need to reduce the operations costs of the business as automation results in reduced costs.
                • Need for competitive advantage which comes with the new systems.
                • Need to increase market and improve sales through e-commerce which is viable through the new systems.


                In parallel the technological reasons for moving include  o  Increased processing power which has led to increased output. Increased use of client/server and desktop systems which has also given the business a competitive advantage.

              communicate with their clients easily. Complex enterprise software packages are now available which increase the efficiency of operation of the business.


              1. Key elements: – The ability to integrate key legacy with client/server systems, internet, intranet and

              various other intercommunication systems is one key element.


          information bringing to the fore personnel problems.

        initial costs with difficult decisions on the quantification of long-term benefits.

        • Management has to take a long term view when the business world changes like

        shifting sand, which is very difficult.

        • The may be resistance from the employees who may view the change as a chance to

        lose their jobs.

        • Lack of qualified personnel to man the new system could also pose a major problem.



        In the context of ethical considerations: –

        1. Outline the  individual  ethical  issues  implied  when  a  person  joins  a  professional

        organization.                                                                                                  (10 marks)

        1. Describe some of the ethical dilemmas that are involved with Information Systems.

        (10 marks)

        (Total: 20 marks)



        Ethical issues

        1. Professional aspects: – Collins English dictionary definitions of: – Profession: – is an occupation requiring training in the liberal arts.

        Professional : – a person who engages in an activity with great competence.

        So a professional person takes on special rights and obligations because of their special claim to knowledge. This implies that such a professional person must keep the ethical standards that pertains the profession. The following are some of the ethical issues that have to be considered:             – Keep themselves up-to-date with all aspects of their profession. Each profession has its own ethical code which each individual in the profession has to comply with.

        • Any profession requires the practitioner to avoid harm to others.
        • The property rights have to be honoured by any professionals. The properties of

        other individuals have to be respected.

        • A professional is required by ethics to respect the privacy of the firm he is working with and that of his fellow professionals or employees.


        • He has to follow the Moral Imperatives of their Professional Code of Ethics. Each profession has its own code of ethics.


        1. IS ethical dilemmas: – IS puts so many firms in ethical dilemma as some of their actions go against the ethical Some of the actions which put an organization against ethics are as follows:-
        2. Monitoring individual‘s e-mail to ensure that it is work related in an organization contravenes individual privacy legislation. This denies the professional right to


        1. Using database information for purposes other than what it was set up for without prior consent. This is done by most professionals but in goes against the ethics of the respect

        of firm‘s property and its privacy.

        • Every effort must be made to ensure the correctness of the data stored in the course ofthis work the ethical question comes in as illegal methods may be used as long as the data

        is accurate.

      asgoes against respect of other people‘s property.

      1. Respect of Intellectual Property Rights and ownership particularly on the WWW. It maybe hard to respect other people property as with the WWW, it‘s hard to protect your

      property. vi. Other similar examples will be acceptable


      1. A major source of errors in computer systems is errors in the input data. What controls

      would you install for the control of such errors?                                            (6 marks)

      1. Describe four methods that would be used for fact finding during system investigation.

      (4 marks)

      1. Give the principal method of data capture in the following applications:
        • Banks; (2 marks)
        • Supermarkets; (2 marks)
        • Clothing and footwear retailing. (2 marks) d) What are the functions of a systems programmer?           (4 marks)

      (Total: 20 marks)


      1. a) Controls that need to be installed:


      • Use of appropriate input documents.
      • Use of turn-around documents. o Use of qualified data entry clerks.
      • Having computer supervision within the organization.
      • Rejection of transactions with errors. o Use of double-entry/repeated entry method. b) Methods that would be used for fact finding:


      1. Use of questionnaires

      A questionnaire is a special document that allows the analyst to ask a number of standard questions set to be asked to a large number of people in order to gather

               information from them.

      1. Interviewing

      This is a direct face-to-face conversation between a system analyst (interviewer) and  users (interviewees).

      1. Observation

      This requires the analyst to participate in performing some activities carried out by the user. He may choose to watch them as they perform their activities and gather the

               intended facts.

      1. Record inspection/document review

      This method involves perusing through literature documents to gain a better  understanding about the existing system e.g. sales orders, job description, etc

      1. Sampling

       This is the systematic selection of representative elements of a population. c) (i) Electronic Funds Transfer (EFT).

      • Electronic funds transfer point of sale system (EFTPOS).
      • Electronic funds transfer point of sale system (EFTPOS).


      1. d) A systems programmer is one who codes the software in an information system. He performs the following roles:







      • Encodes the procedures detailed by the analyst in a language suitable for the specified computer.
      • Liases very closely with the analyst and the user to ensure logical correctness of programs. o Tests the program to see whether it solves the problems it was intended to solve.
          • One of the current developments in information technology, which has strategic implications for business firms, is the move towards open systems. 


            1. Explain the meaning of the open systems concept. (8 marks)
            2. Discuss the implications of the move towards open systems for organizations that have

            already invested in proprietary information systems.                                       (8 marks)

            1. Outline two potential benefits to information technology due to the move towards open      (4 marks)

            (Total: 20 marks)

            QUESTION SEVEN


            1. Open systems are systems that have been designed according to certain standards that have been set by the ISO (International Standards Organization). The issue of open systems is predominant in hardware area as well as software. The ISO came up with the OSI (Open systems interconnections) model which has seven layers. Each of these layers address certain aspects in the design of equipment once these standards are followed then the resulting system is said to be an open system. The aim of coming up with standards is to allow for compatibility of different equipment which may be from different vendors. Having open systems will therefore be easy to communicate or transmit data from one piece of equipment to another irrespective of the manufacturer.


            1. The move towards open systems brings about a problem to those organizations that had invested heavily in proprietary systems i.e. vendor specific systems. This is due to the fact that these organizations are locked by the supplier and as such the major issue to them is how to move from the proprietary systems without losing their investments in the systems. This issue is also compounded by the fact that there is no way of being able to recognize the systems that are open as such organizations are left to think that the organizations with the term ‗open systems‘ are rarely open.


            1. Potential benefits:
              • Open systems enable organizations to buy equipment from many different vendors because they favour interoperability among vendor products.
              • Open systems help to reduce costs due to competition and mass production.
              • Open systems help enhance compatibility of various components i.e. they help

            facilitate communication.

            • Open systems bring about scalability meaning that organizations can keep on increasing their system‘s size as need arises.
              • QUESTION EIGHT
              • Computer systems which process financial data for a company should be audited to evaluate the reliability of information and also the efficiency and effectiveness of the system. The main problem with auditing a computer system is that processing operations are invisible. 


                1. a) State five systems checks and controls that should be built in the system at the design stage to reduce the problem and weaknesses that auditors frequently detect. (5 marks) b) Discuss the audit trail in computerized accounting information systems.      (6 marks)
                2. c) Explain each of the following computer auditing approaches and techniques:

                (i.)        Auditing around the computer;    (3 marks)           (ii.)       Auditing through the computer;         (3 marks)

                (iii.) Auditing packages.                                                                              (3 marks)

                (Total: 20 marks)

                QUESTION EIGHT


                1. System checks and controls that should be built into the system:


                • Input authorization- where particular people are allowed to handle certain       o Batch controls and balancing-which reduces the auditor‘s work. o Data validation and editing facilities.
                • Error identification facilities.
                • A program to keep track of audit trails.


                1. Audit trail


                Audit trails can be defined as a record of file updating that takes place during a specific transaction. It enables a trace to be kept on all operations on files i.e. audit trail refers to the ability to trace output back to the inputs. The loss of audit trail has an implication in auditing of computer based systems e.g. the auditor will have to be concerned whether the controls within the system have always been operating.


                1. (i) Auditing around the computer


                Here, one is not concerned about the accuracy only but should be concerned if there is any weakness being abused i.e. check the process being undertaken. In this approach, the system is assumed to be a black box and the concerned will be whether one given input will give rise to the right outputs. This type of audit does not check for weaknesses in the system as one is only concerned with the correctness of output.


                • Auditing through the computer


                It involves an examination of processing procedures or routines within the system and also the controls incorporated within the system in order to ensure that the system is capable of providing complete and accurate processing of all data.


                • Auditing packages


                These are computer programs that can be used for audit purposes to examine the content of business computer files. These audit programs can be: –


                o  Generalized packages. o  Specific packages- written packages (tailored packages).


                Generalized packages


                These are programs written by auditors/specialists that can be used in different types of systems. Given that there are general programs, they can therefore be applied in different organizations. This means that these programs can be tailored by designing the format of the files to be interrogated and by specifying the parameters of output data

                that is required.

                Specifically written packages


                These are specific software that is written so that they can interrogate or be used in a given organization.












(Visited 31 times, 1 visits today)
Share this:

Written by 

Leave a Reply

Your email address will not be published. Required fields are marked *