CPA Section 4

CCP  Section 4

CS    Section 4






Revised on: January 2019



TO GET COMPLETE NOTES, CALL|TEXT|WHATSAPP +254728 – 776 – 317 or Email info@masomomsingi.com






This paper is intended to equip the candidate with knowledge, skills and attitudes that will enable him/her to apply information systems effectively in solving business problems and decision making.


A candidate who passes this paper should be able to:

  • Investigate on existing technologies about software and hardware to solve problems
  • Display proficiency in decision making using contemporary Information systems tools
  • Apply the principles of information systems development
  • Use various information systems in an organisation
  • Apply the knowledge of information systems for competitive advantage
  • Use data communication networks, the Internet and e-commerce in optimising business opportunities
  • Implement information systems’ governance and risk management principles in business
  • Implement information systems legal, ethical and social issues.



  1. Introduction to information communication technology (ICT)
  • Overview of ICT
  • Introduction to computer systems
  • Computer hardware
  • Computer software
  • Programming languages and tools
  • Information systems personnel and hierarchy
  • Role of ICT in business environments
  • Information centres
  • Impact of ICT in business
  1. ICT governance
  • Corporate governance and ICT governance
  • Policies and procedures
  • ICT management practices
  • Monitoring of controls and risks
  • Impact on ICT compliance with professional standards and codes
  1. Systems development
  • General systems theory
  • Role of management in systems development
  • Systems development approaches
  • Systems development life cycle (SDLC)
  • Rapid applications development (RAD)
  • Systems development constraints
  1. Information systems in an enterprise
  • Overview of information systems
  • Components of an information system
  • Types and characteristics of information systems
  • Systems in a functional perspective
  • Enterprise applications and the business process integration
  • Management information systems resources
  1. Enterprise Data Management
  • Nature and types of information
  • Attributes of information
  • Files and file structure
  • File organisation methods
  • Database management systems
  • Characteristics, importance and limitations of database systems
  • Data warehousing
  • Transaction processing phases in business systems
  • File processing modes
  • Role of data professionals in an organisation
  • Business Intelligence and analytics
  1. Data communication and computer networks
  • Principles of data communication and computer networks
  • Data communication devices
  • Data transmission characteristics
  • Types of networks
  • Network topologies
  • Network/internet architecture protocols
  • Benefits and challenges of networks in an organisation
  • Limitations of networks in an organisation
  • Network security
  • Cloud computing concepts, features and models
  • Internet of things (IoT)
  1. e-Commerce
  • e-commerce concepts and features
  • Models of e-commerce
  • Impact of the internet on business
  • E-commerce enabling software
  • Business opportunities in e-commerce
  • E-commerce infrastructure and platforms
  • E-commerce payments methods
  • Challenges of e-commerce
  • Securing e-commerce transactions
  • M-commerce and applications
  • Digital marketing methods
  1. Information systems strategy
  • Overview of business strategy hierarchy
  • The strategic process and information systems planning
  • Development of information systems strategy
  • Aligning information systems to the organisation’s corporate strategy
  • Managing information systems strategy
  • Information systems for competitive advantage
  • Measuring organisational information systems performance
  • Business process reengineering
  1. Information systems risk and security management
  • Risk management overview
  • Risk assessment and analysis methodologies
  • Controls and countermeasures
  • Risk monitoring and communication
  • Disaster recovery and business continuity planning
  • Information systems security management
  1. Legal, ethical and social issues in management information systems
  • Management information systems ethical and social concerns
  • The moral dimension of management information systems
  • The legal issues in management information systems
  1. Emerging issues and trends



Topic 1: Introduction to information communication technology(ICT)…..6

Topic 2: ICT governance……………………………………………………………….……54

Topic 3: Systems development………………………………………………… .………….60

Topic 4: Information systems in an enterprise……………………………………….92

Topic 5: Enterprise data Management……………………………………………….….114

Topic 6: Data communication and computer networks…………………………….136

Topic 7: E-commerce……………………………………………………..…………….……….170

Topic 8: Information systems strategy………………………………………………..….…190

Topic 9: Information systems risk and security management…….………………..259

Topic 10: Legal, ethical and social issues in management information systems.…310

Topic 11: Emerging issues and trends………………………………………………………..326







Information technology (IT)is a technology which uses computers to gather, process, store, protect, and transfer information. Today, it is common to use the term Information and communications technology (ICT)because it is unimaginable to work on a computer which is not connected to the network.

Key terms used in ICT

  • Computer – It may be defined as a device that works under the control of stored programs, automatically accept, store and process data to produce information that is the result of that processing.
  • Input devices – Enters programs and data into a computer system
  • Central Processing Unit (CPU) – This is the part of the computer that processes data.
  • Output devices – They display information processed by the computer system.
  • Hardware – Refers to the physical, tangible computer equipment and devices
  • Software – This is a detailed step-by-step sequence of instructions known as programs which guide computer hardware
  • Multiprogramming – Multiprogramming is a rudimentary form of parallel processing in which several programs are run at the same time on a uniprocessor. Since there is only one processor, there can be no true simultaneous execution of different programs. Instead, the operating system executes part of one program, then part of another, and so on. To the user it appears that all programs are executing at the same time.
  • Multiprocessing – Multiprocessing is the coordinated (simultaneous execution) processing of programs by more than one computer processor. Multiprocessing is a general term that can mean the dynamic assignment of a program to one of two or more computers working in tandem or can involve multiple computers working on the same program at the same time (in parallel).
  • Multitasking – In a computer operating system, multitasking is allowing a user to perform more than one computer task (such as the operation of an application program) at a time. The operating system is able to keep track of where you are in these tasks and switch from one task to the other without losing information. Microsoft Windows XP, Vista , IBM’s OS/390, and Linux. are examples of operating systems that can do multitasking (almost all of today’s operating systems can). When you open your Web browser and then open word at the same time, you are causing the operating system to do multitasking.
  • Multithreading – It is easy to confuse multithreading with multitasking or multiprogramming, which are somewhat different ideas. Multithreading is the ability of a program or an operating system process to manage its use by more than one user at a time and to even manage multiple requests by the same user without having to have multiple copies of the programming running in the computer





TO GET COMPLETE NOTES, CALL|TEXT|WHATSAPP +254728 – 776 – 317 or Email info@masomomsingi.com



From relative obscurity a few years ago, several factors have come together to make the concept of formal ICT governance a good idea for virtually every company, both public and private. Key motivators include the need to comply with a growing list of regulations related to financial and technological accountability, and pressure from shareholders and customers. Here’s a quick primer on the basics of ICT governance:

What is ICT governance?

Simply put, it’s putting structure around how organizations align ICT strategy with business strategy, normally known as corporate governance ,ensuring that companies stay on track to achieve their strategies and goals, and implementing good ways to measure ICT’s performance. It makes sure that all stakeholders’ interests are taken into account and that processes provide measurable results. An ICT governance framework should answer some key questions, such as how the ICT department is functioning overall, what key metrics management needs and what return ICT is giving back to the business from the investment it’s making.

Is it something every organization needs?

Every organization—large and small, public and private—needs a way to ensure that the IT function sustains the organization’s strategies and objectives. The level of sophistication you apply to ICT governance, however, may vary according to size, industry or applicable regulations. In general, the larger and more regulated the organization, the more detailed the ICT governance structure should be.

Drivers that motivate organizations to implement ICT governance infrastructures? Organizations today are subject to many regulations governing data retention, confidential information, financial accountability and recovery from disasters. While none of these regulations requires an ICT governance framework, many have found it to be an excellent way to ensure regulatory compliance. By implementing ICT governance, you’ll have the internal controls you need to meet the core guidelines of many of these regulations.

What are the major focus areas that make up ICT governance?

According to the IT governance setters, there are five areas of focus:

  • Strategic alignment: Linking business and IT so they work well together. Typically, the lightning rod is the planning process, and true alignment can occur only when the corporate side of the business communicates effectively with line-of-business leaders and IT leaders about costs, reporting and impacts.S








System analysis and design is a series of processes for analyzing and designing computer-based information systems. Systems design allows a development team to roughly see what and how their system will look like. An important result of systems analysis and design is an application software, that is, software designed to support a specific organizational function or process.

Key terms

  • Critical path is the longest-duration path through the network.
  • Activity is a task that must be performed.
  • Event is a milestone marking the completion of one or more activities.
  • Program Evaluation and Review Technique (PERT) is a network model that allows for randomness in activity completion times.
  • Structured walkthrough – It is a planned review of system by people not involved in its development effort.


  1. Systems concepts

A system is a set of interacting components that work together to accomplish specific goals. For example, a business is organized to accomplish a set of specific functions. Any situations, which involve the handling or manipulation of materials or resources of any kind whether human, financial or informative, may be structured and represented in the form of a system.

Characteristics of a System

  1. Purpose – Systems exist to fulfill some objective or satisfy a need. A system may accomplish more than one task. The purpose of a system is closely tied to its rationale.
  2. Rationale – This is the justification for a system’s existence.
  3. Efficiency – This is how well a system utilizes its resources, that is, doing things right using the least amount of resources.
  4. Effectiveness – How well a system fulfills its purpose, assuming that its purpose is the right one. Involves a system doing the right things.
  5. Inputs– Entities that enter the system to produce output or furnish information.
  6. Outputs– Entities that exit from the system either as interfaces or for end-user They may be used to evaluate system’s efficiency and effectiveness.
  7. Transformation rules – They specify how the input is processed to produce output.
  8. Throughput – Measures the quantity of work a system accomplishes. Does not consider the quality of the output.
  9. Boundary – Artificially delimits a system for study or discussion purposes. System designers can only control those system components within the boundary.







An information system is a set of interrelated components that collect, manipulate, process and transform data into information and provide feedback to meet a specified objective. A computer based information system is one that uses computer technology to perform input, processing and output activities. Due to the massive computerization of manual information systems, computer based information systems are simply referred to as information systems. They are the subject of discussion in this chapter.

Common examples of information systems include: Automated Teller Machines (ATMs), Point of Sale (POS) terminals used by supermarket checkout clerks, airline reservation systems or flight schedule systems used by airlines, student registration systems used by colleges, etc.

Key terms

  • Computer Hardware – Refers to physical computer equipment and devices.
  •  Computer Software – Refers to the instructions that direct the operation of the computer hardware.
  •  Electronic Funds Transfer (EFT) – is the exchange of money via telecommunications without currency actually changing hands.
  •  Databases – Contains all data utilized by application software.



Components of an information system include:

  • People – These use the system to fulfill their informational needs. They include end users and operations personnel such as computer operators, systems analysts,
  • programmers, information systems management and data administrators.
  • Computer Hardware – Refers to physical computer equipment and devices, which
  • provide for five major functions.
  • Input or data entry
  • Output
  • Secondary storage for data and programmes
  • Central processor (computation, control)
  • Communication
  • Computer Software – Refers to the instructions that direct the operation of the computer







Information is data that has been processed into a form that is meaningful to the recipient and is of real or perceived value in current or prospective actions or decisions. It is important to note that data for one level of an information system may be information for another. For example, data input to the management level is information output of a lower level of the system such as operations level. Information resources are reusable. When retrieved and used, it does not lose value: it may indeed gain value through the credibility added by use.

The value of information is described most meaningfully in the context of making a decision. If there were no current or future choices or decisions to be made, information would be unnecessary.

The value of information in decision-making is the value of change in decision behaviour caused by the information less the cost of obtaining the information. Decisions, however, are sometimes made without the “right” information. The reasons are:

  • The needed information is unavailable
  • The effort to acquire the information is too great or too costly.
  •  There is no knowledge of the availability of the information.
  •  The information is not available in the form needed.

Much of the information that organisations or individuals prepare has value other than in decision making.

The information may also be prepared for motivation and background building.



Desirable qualities of information

  • Availability – It should be available and accessible to those who need it.
  • Comprehensible – It should be understandable to those who use it.
  • Relevance – Information should be applicable to the situations and performance of organizational functions. Relevant information is important to the decision maker.
  • Secure – It should be secure from access by unauthorized users.
  •  Usefulness – It should be available in a form that is usable.
  • Timeliness – Information should be available when it is needed.
  • Reliability – Reliable information can be depended on. In many cases, reliability of information depends on the reliability of the data collection method use. In other instances, reliability depends on the source of information.
  • Accuracy – It should be correct, precise and without error. In some cases, inaccurate information is generated because inaccurate data is fed into the transformation process (this is commonly called garbage in garbage out, GIGO).
  • Consistency – It should not be self-contradictory.






Data is useful once it has been transferred from the source to the recipient. The transfer of such data involves various techniques and technology of essence to facilitate fast, efficient and effective data transfer so that delays and eavesdropping by unintended recipients is avoided.

Key terms

  • Modem is a hardware device that converts computer signals (digital signals) to telephone signals (analog signals) and vice versa.
  •  Bandwidth is the bits-per-second (bps) transmission capability of a communication
  •  Protocols are sets of communication rules for exchange of information.
  • Computer network is a communications system connecting two or more computers that work to exchange information and share resources.


Data communication systems are the electronic systems that transmit data over communication lines from one location to another. End users need to know the essential parts of communication technology, including connections, channels, transmission, network architectures and network types. Communication allows microcomputer users to transmit and receive data and gain access to electronic resources.

  • Source – creates the data, could be a computer or a telephone
  •  Transmitter – encodes the information e.g. modem, network card
  •  Transmission system – transfers the information e.g. wire or complex network
  • Receiver – decodes the information for the destination e.g. modem, network card
  •  Destination – accepts and uses the incoming information, could be a computer or telephone



The transmission media used in communication are called communication channels. Two ways of connecting microcomputers for communication with each other and with other equipment is through cable and air. There are five kinds of communication channels used for cable or air connections:

  • Telephone lines
  • Coaxial cable
  • Fibre-optic cable
  • Microwave
  • Satellite







Electronic commerce is perhaps the most promising application of information technology witnessed in recent years. It is revolutionalising supply-chain management and has enormous potential for manufacturing, retail and service operations.

Definition of key terms

Electronic commerce (e-commerce) is the buying and selling of goods and services over the Internet. Businesses on the Internet that offer goods and services are referred to as web storefronts. Electronic payment to a web storefront can include check, credit card or electronic cash.

Electronic Data Interchange (EDI) – is an electronic means for transmitting business transactions between organisations.

Outsourcing is a contractual agreement whereby an organization hands over control of part or all of the functions of the information systems department to an external party. Software house is a company that creates custom software for specific clients Hacking – Gaining unauthorised access to computer programmes and data.

Mobile computing – a technology that allows transmission of dat, voice and video via a computer or any other wireless enabled device without having to be connected to a fixed physical link.



Here are the common features of ecommerce software:

  • The checkout process including accurate computation of pricing, taxes, shipping rates, and handling costs are automated to give customers an immediate idea of how much they’ll be paying on items they select for purchase.
  • Website builder. If you don’t have an existing website, e-commerce software can help you build one from the ground up. It provides design templates for you to quickly create a professional-looking website and storefront based on your preferences without the need to hire commercial designers.
  • Central database. You get a centralized location for easy storing, access and retrieval of product information, customer data, accounting transactions, product listings, browsing histories, and payment and shipping status.
  • Search function. Sophisticated search functions make it simple for shoppers to find the items or products they’re looking for. E-commerce platforms are capable of listing, categorizing, and updating new products together with descriptions, pictures, and feature lists.







Through in-depth analyses of the business environment and the strategy of the business as well as an examination of the role that information and systems can and could fulfill in the business, a set of known requirements and potential opportunities can be identified. These needs and options will result from business pressures, the strategy of the business and the organization of the various activities, resources and people in the organization. Information needs and relationships can then be converted into systems requirements and an appropriate organization of data and information resources.

To enable these ‘ideal applications to be developed and managed successfully, resources and technologies will have to be acquired and deployed effectively. In all cases, systems and information will already exist, and, normally, IS resources and technology will already be deployed.

Any strategy, therefore, must not only identify what is eventually required and must also understand accurately how much has already been achieved.

The IS/IT strategic plan must therefore define a migration path that overcomes existing weaknesses, exploits strengths and enables the new requirements to be achieved in such a way t h a t it can be resourced and managed appropriately.

A strategy has been defined as ‘an integrated set of actions aimed at increasing the long-term well-being and strength of the enterprise.’

The IS/IT strategy must be integrated not only in terms of information, systems and technology via a coherent set of actions but also in terms of a process of adaptation to meet the changing needs of the business as they evolve. “Long term’ suggests uncertainty, both in terms of the business requirements and the potential benefits that the various applications and technologies will offer. Change is the only thing that is certain. These changing circumstances will mean that the organization will have to be capable of effective responses to unexpected opportunities and problems.

Prior research on IS strategy has been heavily influenced by the treatment of strategy in the field of strategic management.

Strategy in Management Studies

Strategy researchers have spent significant effort discussing the strategy construct from various angles. Several streams of strategy research receive considerable attention, including research dedicated to defining strategy, distinguishing the characteristics of strategic and understanding


TO GET COMPLETE NOTES, CALL|TEXT|WHATSAPP +254728 – 776 – 317 or Email info@masomomsingi.com







There could be distinct controls for each separate resource, with separate identifiers for each user on each application. This will be determined in part by the relative sensitivity of the data and the resources, but this progressive approach can be difficult to manage and administer, with users having to remember different passwords, and probably being out of compassion with the underlying philosophy.



  • Authorisation – Involves determining the access rights to various system objects/resources.
  • Data diddling involves changing data before or as it is being entered into the computer.
  • Trojan horses involve hiding malicious, fraudulent code in an authorised computer
  • Viruses are malicious programme code inserted into other executable code that can self-replicate and spread from computer to computer.
  • Encryption is the process of converting a plaintext message into a secure coded form of text called cipher text.
  • Firewall – is a set of hardware and software equipment placed between an organisation’s internal network and an external network to prevent outsiders from invading private networks.

Definition of computer security – threats, hazards and controls

Information is a strategic resource and a significant portion of organisational budget is spent on managing information. A security system is a set of mechanisms and techniques that protect a computer system, specifically the assets. They are protected against loss or harm including unauthorised access, unauthorised disclosure and interference of information.


Assets can be categorised into:

  • Resources – all instances of hardware, software, communication channels, operating environment, documentation and people
  • Data – files, databases, messages in transit, etc.








Information technology is a powerful tool that can be used to further organizational goals, pursue national interest, or support environmentally sustainable development. The same technology has also made it easier to engage in ethical or unethical business practices electronically anywhere in the world. The way the technology is deployed in organizations depends on our decisions as managers, computing professionals, and users of information systems. All of us therefore, should make these decisions guided not only by the organizational and technological aspects of information systems, but also in consideration of their effects on individuals.

Ethic refers to the principles of right and wrong that individuals use to make choices to guide their behaviors. IT can be used to achieve social progress, but it can also be used to commit crimes and threaten cherished social values. Ethical Issues – is governed by the general norms of behaviour and by specific codes of ethics. Ethical considerations go beyond legal liability.

Knowledge of ethics as it applies to the issues arising from the development and use of information systems helps us make decisions in our professional life. Professional knowledge is generally assumed to confer a special responsibility within its domain. This is why the professions have evolved codes of ethics, that is, sets of principles intended to guide the conduct of the members of the profession.

End users and IS professionals would live up to their ethical responsibilities by voluntarily following guidelines set in the code of conduct. For example, you can be a responsible end user by:

  1. Acting with integrity
  2. increasing your professional competence
  3. Setting high standards of personal performance
  4. Accepting responsibility for your work
  5. Advancing the health, privacy, and general welfare of the public

Computer ethics

Although ethical decision-making is a thoughtful process, based on one’s own personal fundamental principles, we need codes of ethics and professional conduct for the following reasons:

  1. Document acceptable professional conduct to:
  2. Establish status of the profession
  3. Educate professionals of their responsibilities to the public
  4. Inform the public of expectations of professionals
  5. Judge inappropriate professional behaviour and punish violators






Information technology is a field that changes day-in-day out. Invention of complex technology is facilitated by sophisticated systems required by different firms. This is also enhanced by competition of organisations for clients’ satisfaction.


Electronic commerce (e-commerce) is the buying and selling of goods and services over the Internet. Businesses on the Internet that offer goods and services are referred to as web storefronts. Electronic payment to a web storefront can include check, credit card or electronic cash.

Web storefronts

These are also known as virtual stores. This is where shoppers can go to inspect merchandise and make purchases on the Internet. Web storefront creation package is a new type of programme to help businesses create virtual stores. Web storefront creation packages (also known as commerce servers) do the following:

  • Allow visitors to register, browse, place products into virtual shopping carts and purchase goods and services.
  • Calculate taxes and shipping costs and handle payment options.
  • Update and replenish inventory.
  • Ensure reliable and safe communications.
  • Collects data on visitors.
  • Generates reports to evaluate the site’s profitability.

Web auctions

Web auctions are a recent trend in e-commerce. They are similar to traditional auctions but buyers and sellers do not meet face-to-face. Sellers post descriptions of products at a web site and buyers submit bids electronically. There are two basic types of web auction sites:

  • Auction house sites
  • Person-to-person sites

Auction house sites

Auction house owners present merchandise typically from companies’ surplus stocks. Auction house sites operate in a similar way to a traditional auction. Bargain prices are not uncommon on this type of site and are generally considered safe places to shop.


TO GET COMPLETE NOTES, CALL|TEXT|WHATSAPP +254728 – 776 – 317 or Email info@masomomsingi.com


(Visited 1,291 times, 1 visits today)
Share this:

Written by 


Leave a Reply

Your email address will not be published. Required fields are marked *