Alipao, Angelica Barbin, Roselie Dreo, Demi Joanna Vejano, Rachell-Ann

Airlines

Company Name: Accenture Inc., Navitaire Intl. LLC Client: Cebu Pacific Airlines Name of the Interviewee: Angelica Berico Position: Software Quality Assurance Engineer

Accenture is a global management consulting, technology services and outsourcing company, with approximately 289,000 people serving clients in more than 120 countries. Navitaire, a wholly owned subsidiary of Accenture, delivers industry-leading technology services that enable growth, profitability and innovation to more than 70 airlines worldwide, including many of the worlds most successful airlines. It offers a full suite of proven solutions focused on revenue generation and streamlining costs in the areas of reservations, ancillary sales, distribution, planning, revenue management, revenue accounting, business intelligence and operations management and recovery.

Description of the computer information system of the company As a technology driven organization, it is a standard to know and be up to date with industry mandated processes, information systems and security because it helps improve our day-to-day processes especially in our line of work, which revolves around software development and maintenance releases. Some of the software that we use includes electronic email, Microsoft test managers, and Microsoft Visual Studio Team Foundation Server, which helps us track all our day to day tasks instead of using a pen of paper, therefore helps save the environment.

Portion of the business that utilize the use of the CIS Everyone in the office uses it from badges, communications like emails and phones, to team foundation servers that we utilize to track down all our activities. Even the usage of networks and internet to deliver our client's needs.

Did the entity develop its own CIS? If not, what separate company did? As a business solutions provider the company develop airline systems to help improve and utilize revenues. Also, the company partners and buys licensed products from other business solution companies.

GENERAL CONTROLS are those control policies and procedures that relate to the overall computer information system. This affects multiple application systems (payroll, accounts payable and accounts receivable).

1. Organizational and Operations Controls All departments use CIS since everything has their own accounts, deliverables and its kind of services that needs to be addressed. Information that it usually process includes tasks, revenue accounting, communications and software development related. The IT department is allowed to provide input data transactions. There is a clear assignment of authority and responsibility in the IT department. The entity has a large IT department and to maintain orderliness, data privacy and integrity from our clients, tasks are assigned to different employees. Systems analyst and programmers use the programs they developed. Computer operators who run the program participate in program design.

2. Systems development and documentation controls Triage teams, project managers, business analysts, developers, quality assurance and most importantly the client approve the development and changes in the software, all have their opinion on the changes. The changes or specifications are written and documented for each system. The user departments ask for changes in the program and they participate in the testing of the program.

3. Hardware and Systems Software Control Computer hardware, operating system and other supporting software are controlled and monitored by the IT department. To detect and prevent equipment failures, the company values the saying, "Plan Ahead, Be Ahead, Plan BCM" so they always have the risk and strategies planned beforehand. For example: the use of UPS (an external power supply) to make sure business is not interrupted even in power interruptions. 4. Access controls Access to the computers and the program depends on what are allowed and set by the IT. Unauthorized persons cant have physical contact with the computers, they are only allowed to enter until the receiving area. Programs require usernames and passwords. The password is required to be changed often. If the employee feels that the password is compromised, he/she must change it immediately. 4. Data recovery controls The entity has back-up files in case of loss of data and is secured off-site and within the entity itself. The files copied to tapes/disks for back-up for every transaction.

5. Monitoring controls The CIS evaluated for its adequacy and effectiveness every month. The evaluation and monitoring of the adequacy and effectiveness of the overall CIS operations are performed by the internal and external inspectors, and certification programs set by the industry.

APPLICATION CONTROLS are those policies and procedures that relate to specific use of the system. The company develops the New Skies Airline reservation system that is widely used by carriers around the world. The business function it performs includes all airline industry carrier needs; said functions include, but are not limited to: scheduling, airport operations, booking, GDS messaging, fares, and revenue accounting.

1. Controls over input The company aims to create an industry and a production like environment especially in developing and creating systems. To prevent inaccurate or incomplete data entry, validation controls are recommended. Some transactions require higher authority before it is processed and there are transactions that only specific employees are allowed to process. 2. Controls over processing The program detects errors in the processing of transactions through different validation controls and conditions set in the system codes. These controls and conditions are based on industry standards and client business scenarios. 3. Controls over output The program normally produces outputs for bookings, revenue reports, ledgers, board passes. The only people who are authorized to receive such outputs are the ones directly assigned in each functionality. Other user departments are allowed to receive the output data of other user departments The output data is checked for accurateness and completeness.