systems analysis pertemuan 7 s.d 12
DESCRIPTION
SYSTEMS ANALYSIS Pertemuan 7 s.d 12. Matakuliah: A0554/Analisa dan Perancangan Sistem Informasi Akuntansi Tahun: 2006. Models and Techniques. Systems analysis Workflow table Activity diagram Use case diagram Use case description Risks analysis Types of internal control. - PowerPoint PPT PresentationTRANSCRIPT
1
SYSTEMS ANALYSISPertemuan 7 s.d 12
Matakuliah : A0554/Analisa dan Perancangan Sistem Informasi Akuntansi
Tahun : 2006
2
Models and Techniques
• Systems analysis– Workflow table– Activity diagram– Use case diagram– Use case description– Risks analysis– Types of internal control
3
The UML Activity Diagram
The UML activity diagram plays the role of a ‘map’ in understanding business process by showing the sequence of activities in
the process.
4
Overview & Detailed Activity Diagrams
• The overview diagram presents a high level view of the business process by documenting the key events, the sequence of these events & the information flows among these events.
• The detailed diagram is similar to a map of a city or town. It provides a more detailed representation of the activities associated with one or two events shown on the overview diagram.
5
Preparing Overview Activity Diagrams
Preliminary steps:• Read the narrative & identify key events• Annotate the narrative to clearly show event
boundaries & event names
Steps for preparing the activity diagram:• Represent agents participating in the business
process using swimlanes• Diagram each event. Show the sequence of these
events• Draw documents created & used in the business
process draw tables (files) created & used in the business process
6
Preparing Detailed Activity Diagrams
Steps for preparing overview activity diagrams:• Annotate narrative to show activities• Prepare a workflow table• Identify necessary detailed diagrams• For each detailed diagram, perform the following
substeps:– Set up swimlanes for the agents participating in the
event or events represent in the detailed diagram– Add a rounded rectangle for each activity in the
events) being documented in that detailed diagram– Use continuous lines to show the sequence of the
activities
7
– Set up any documents created or used by the activities in that diagram
– Use dotted lines to connect activities & documents
– Document any tables created, modified or used by the activities in the diagram in the computer column
– Use dotted lines to connect activities & tables
8
WORKFLOW TABLE
• The actors performing specific activities are listed in the column on the left.
• The corresponding activities are listed on the right. The activities have been listed using verbs in active voice (e.g., arrives, records, etc).
9
USE CASE DIAGRAM
A use case is a sequence of steps that occur when an ‘actor’ is interacting with
the system for a particular purpose.
Use case diagram is A list of use cases that occur in an application and that indicate the actor responsible for each use case.
10
USE CASE DESCRIPTION
• A description of a use case, typically represented as a sequence of numbered steps.
• Use case descriptions may also be used for documenting internal control.
11
RISKS ANALYSIS
• Risk assessment is the identification & analysis of risks that interfere with the accomplishment of internal control objectives.
• Control activities are the policies & procedures developed by the organization to address the risks to the achievement of the organization’s objectives.
12
RISK TYPE
• Execution risks
• Information system risks
13
EXECUTION RISK
Execution risks : Risks that transaction will not be executed properly.
Five steps are useful in understanding & assessing execution risk:
• Achieve an understanding of the organization’s processes.
• Identify the goods or services provided & cash received that are at risk.
14
• Restate each generic risk to describe the execution risk more precisely for the particular process under study. Exclude any risks that are irrelevant or obviously immaterial.
• Assess the significance of the remaining risks.
• For significant risks, identify factors that contribute to the risk. The events in the process can be used to systematically identify these factors.
15
INFORMATION SYSTEM RISKS
IS Risks : Risks of improper recording, updating, or reporting of data in an information system.
2 categories of IS Risks :
- Recording risks
- Update risks
16
RECORDING RISKS
Recording risks : Risks that event information is not captured accurately in an organization’s IS.
3 steps are useful in identifying recording risks :• Achieve an understanding of the process under
study. Identify the events.• Review the events, and identify instances where
data are recorded in a source document or in a transaction file.
• For each event where data are recorded in a source document or transaction record, consider the preceding generic recording risks.
17
UPDATE RISKS
Update risks : Risks that summary fields in master records are not properly updated.
3 steps are useful in identifying update risks:• Identify recording risks.• Identify the events that include update
activity. Identify the summary fields in master files that are updated.
• For each event where a master file is updated, consider the preceding generic update risks.
18
TYPES OF INTERNAL CONTROL
Types of control activities:
• Workflow controls
• Input controls
• General controls
• Performance reviews
19
WORKFLOW CONTROLS
• Controls that help manage a process at it moves from one event to the next.
• Include : segregation of duties, required sequence of events, prenumbered documents, reconciliation of records with assets, and others.
20
INPUT CONTROL
• Used to control the input of data into computer systems.
• Include : drop down or look up menus, format checks to limit data, validation rules, confirmation of data, and others.
21
GENERAL CONTROLS
• Broader controls that apply to multiple processes.
• Include : IS planning, organizing the IT function, and others.
22
PERFORMANCE REVIEW
• Activities involving analysis of performance including the comparison of actual results with budgets, forecasts, standards and prior period data.