CHAPTER 26: THE COMPUTER ENVIRONMENT

Data Processing- collecting, processing and distributing of information to achieve desired result.
Electronic Data Processing System (EDP) - when a machine performs most of the procedures,
most especially, when the machine is an electronic digital computer.
Computer System- composed of hardware (physical components of the system) and software
(computer programs)
Computer Hardware
Central Processing Unit (CPU) - principal hardware of a computer. It consists of the:
1. Main Storage Unit or Memory- used to temporarily store programs and
data for processing. Information that is stored in any element is referred to
as bit
2. Arithmetic and Logic Unit- performs arithmetic tasks, comparisons and
other types of data transformation. The data and instructions needed for
the operation are called from the computers main storage. After the
operation, the results are returned to the main storage.
3. Input Device- permits the computer to receive data and instructions for
processing. The data and instructions may be submitted through such
media as punched cards, magnetic tape and magnetic drums or disks.
4. Output Device- returns information from the computer to the user.
Computer Software
-provides series of programs or routines that provide information for operating the computer.
There are two broad categories of computer software:
1. Application Programs or User of Problems- designed to accomplish
specific objectives for users, such as processing payroll or pricing
inventory.
2. Systems Software- operate the computer software and perform routine
tasks for users.
Machine Language = object language or object code
Common Business Oriented Language (COBOL) and Report Program Generator
(RPG) programming in an English-like language
Compilers- programs that translate the application programs written in COBOL,
RPG and other high-level languages ( known as source code) into machine
language, which can be placed into main storage and executed.
Computer Installations
-facilities where the computer hardware and personnel are located. Computer installations are
generally organized into one of the following categories:
1. In-house or captive computer- the organization owns or leases the
equipment and hires necessary trained personnel to program, operate and
control the various applications processed with the equipment.
2. Service Bureau Computer- the computer used by an independent agency
which rents computer time and provides programming, key-punching and
other services. The user organization pays only for the computer time and
other services it uses.
3. Time-sharing- the organization acquires a keyboard device capable of
transmitting and receiving data and by agreement, the right to use a central
computer facility. This facility will furnish service to several users at the
same time. The user company does most of its own programming and
treats the computer as though the company were the only one using it.
4. Facilities Management- It falls somewhere between the captive computer
and the service bureau computer categories. The organization needing the
computer services may lease or purchase the necessary hardware and
install it on its own premises. Then by negotiation, an outside contractor
with the necessary staff of programmers and operators agrees to manage
facility. Usually, covered by long-term contract, typically of 3-6 years.
Unique Characteristics of Specific EDP Systems

1. Batch Processing- a common EDP system

a. Transactions flow through the system in batches. In any particular batch, transactions
may add, change or delete information in the master file.
b. If CRTs are used in batch processing, it may appear to the user that changes are
occurring immediately to the master file. Often a temporary batch file is a set up and
the transactions are processed later in the day.
c. Batch processing leaves a relatively easy to follow audit trail.
2. Direct Random Access Processing data are processed as the transactions occur and are
entered into the system. Transactions can be input in any order because master file
records are available in a random access fashion.
a. Transaction data is entered through on-line terminals and stored as direct access, disk
storage.
b. Edit routines immediately check the data for errors. Messages on the display prompt
the user to correct and re-enter the data.
c. Master files and programs are stored on-line so that updating can take place as the
edited data flows to the application.
d. Output comes in the form of CRT displays and hardcopy reports produced
periodically.
e. Direct access processing is often referred to as online real time (OLRT) because the
response by the system to data input can arrive back to the user in time to affect the
users decision process and files are updated immediately.
f. System security must be in place to restrict access to programs and data to authorized
persons only.
3. Database Processing- dependent on an on-line real time (OLRT) EDP system.
Database- set of interconnected files that users can access to obtain specific information.
It eliminates the need for separate and often repetitive, application-specific files.
The emphasis on controls shifts from batch type controls to OLRT-type controls which
include the following:
a. User-department- controls in this EDP system must start at the user department, with
strict controls over who is authorized to read and/or change the database.
b. Access controls- limit the user to reading and/or changing (updating) only authorized
sections of the database.
c. Backup and recovery- a magnetic tape backup of the database should be made at the end
of each day.
d. Database administrator- responsible for maintaining the database and restricting access to
authorized personnel
e. Audit software- usually tests a backup copy of a database that has been stored on
magnetic tape.
4. Small Computer Environments or End-user computing
The emphasis in this environment should center around the following points:
a. Security- access to the software diskettes should be controlled while in storage for the
night and in use during the day. Backup copies should be made with periodic
updating and storage at a different location.
b. Verification of processing- to prevent from being used for personal projects and
prevent errors in internally developed software from being undetected, resulting in
inaccurate records or erroneous management decisions.
c. Personnel- centralized authorization to purchase hardware and software should be
required to ensure that fly-by-night equipment and garage-developed software
are not purchased and that corporate-wide discounts can be obtained.
5. Service Bureau/Center- independent computer centers from which companies rent
computer time. These bureaus allow companies (users) to do away with most of their data
processing and/or computer hardware.
Certain controls should be maintained at both the user and the service bureau locations:
a. Contract- ownership and data files and records by the user should be explicitly stated.
b. Processing verification- either batch or on-line controls should be maintained at the
users location. This includes data transmitted, information received and database
information.

c. Backup and recovery- backup files and documented recovery procedures should be
under the control of the user, not the service bureau.
d. Timesharing system- if the service bureau has online access, many users may access
and use computers simultaneously. Data protection controls include the following
features:
1. Boundary protection- reserves a set of addresses for use by a particular job
2. Passwords on header labels- access is not allowed without the correct password
3. Physical security of library storage safeguards the files
4. Access Controls- unique identification and confidential passwords
6. Distributed Systems- represent a network of remote computer sites each having a small
computer connected to the main computer system. Distributed systems reduce the load on
the main computer system by transferring, edit or simple processing function to the
remote sites. Faster turnaround of information is also a feature of distributed systems.
Controls in this system includes:
a. Audit unit- each remote location should be well controlled and audited as separate unit
to verify the integrity of the data processed.
b. Segregation- compensating controls over each location should exist as users may have
both authorization and recording functions.
c. Uniform standards- a set of uniform standards should be established. The auditor should
review the document and perform compliance tests on it.
Major Types of Computer Fraud
1. Salami Technique- computer programs are modified to inappropriately round off
calculations to benefit the perpetrator. The amounts available from rounding are then
placed in an account controlled by the perpetrator.
2. Trojan Horse- an unauthorized program placed within an authorized one. It is designed to
wait until a specific time, when they act and then erase all evidence of their existence.
(e.g. logic bomb)
3. Virus Programs- programs with unauthorized information or instructions. They can
spread by the electronic transfer of information between systems or the physical
exchange of media.
4. Trapdoors- unauthorized entry points into programs or databases. Through trapdoors
individuals can change data or instructions without approval.
5. Theft of computer time- employees were discovered operating their own computer
businesses illegally by using their employers computers.