Académique Documents
Professionnel Documents
Culture Documents
Matija Varga
Case Study: an Information
Predrag Oreški System Management Model
Summary
Article Info:
This article presents the purchase management information system, finance
Management Information Systems, management information system and security information system, their
Vol. 7 (2012), No. 1, interdependence and tight correlation. Furthermore, we state the goals of the purchase
pp. 013-024 management information system that must be achieved in any organisation, as the
Received 28 December 2011 purchase (sub)process is carried out in every organisation. P-K matrix gives a detailed
Accepted 24 January 2012 presentation of a public organisation, and data classes and sub-processes within the
observed organisation. Other companies involved in similar activities can perform their
UDC 007:005]:004
processes in accordance with the presented business technology matrix. The business
technology matrix was used for designing a data flow process diagram comprising
data flow, warehouses, processes and the external entity which can also be used in
such companies. The article also deals with the duration of the sub-processes. The
duration of sub-processes must be reduced as much as possible in order to achieve
the planned result at the process output point. A hypothesis was set in the article, for
the period from the beginning of 2009 until the end of 2010. We observed whether the
total cost-effectives coefficient in the company would fall under the threshold value of
1. The article has proven that, based on the sample (profit-and-loss account), there is
no reason to discard the H0 hypothesis, as the company’s total cost-effectiveness
coefficient did not fall below the permitted value of 1 for two years. The third section of
the article presents the possible threat to organisations’ information systems, and
describes methods of protecting electronic information in processes, and recovering
electronic databases in finance management information systems.
Keywords
purchase management information system, finance management and security
information system, P-K matrix, data flow diagram, financial report analysis, cost-
effectiveness indicators
generating profit within purchase sub-processes. Ćurko, 2010, p. 93) One cannot dispute the thesis
The additional tasks of the acquisition process that the purchase management system is the most
include cost-cutting when purchasing resources important. It is used for gathering information
and capital goods, thus enabling efficient operation required for seamless performance of all processes
of the entire system. The article demonstrated in organisations.
possible threats to the organisation’s information
systems, ways of protecting the information and
retrieval of electronic data in the finance
management information system. Within the
finance management information system, the
article will demonstrate a decision making support
system, and indicators for measuring the progress
flow in the information management information
system. These three information system were taken
into consideration due to the fact that are highly
significant for overall management and
administration, and because the purchase Figure 1 Connections between information systems and
management is of key importance for seamless their parts
process flow in organisations. The information (Varga et al., 2007 based on condsiderations on connections between the
presented information systems)
system is essential for recording events and
changes in business, and analysing financial reports.
The purchase process and its sub-processes are
The security management information system takes
used for purchasing or commissioning information,
care of he protection of relevant and reliable
commodities, other capital goods, services and
information, and protection of electronic
labour. One cannot dispute Vilim Ferišak’s (2006)
information of importance for the organisation.
thesis that profit is generated in purchase.
1.2. Employed Research Methods
Purchasing better capital goods at prices lower than
thear real value generates profit, and cuts purchase
The research methods employed here inlude: case costs.
study, modelling (data flow diagram and business This is another piece of evidence that the
technology matrix), interview, measurement purchase and finance management systems are
(determining the exact time), statistical methods closely connected (Figure 1). Finance management
(indexes), observation, perception, analysis information system is also very important, as it
(content analysis, business system analysis and records all business events occurring in the
other indicator system), which will be used for organisation, and takes care of the availability of
determining business objects, processes, events, funds. Security management information system
information, documents and information system cannot function without finance management
protection measures. information system out of which it is financed, nor
can the information management system function
2. Purchase Management Information without security management information system
System and its Significance which protects it constantly. Figure 1 shows the
interconnectedness of the above mentioned
It is a well-known fact that an information system information systems and parts of the segments of
is a data image of processes from objective reality. information system (program segment, hardware)
The aim of any information system is to provide segment, organisation segment, human resource
the system with all necessary and relevant segment, network and data segments required for
information for seamless execution of processes seamless operation of business processes.
and system administration. Purchase management
information system is a complicated system
2.1. Purchase Management Information
enabling communication of the company with its System Decomposition
buyers and suppliers, keeping track of capital goods
flow, all condition for monitoring business Purchase management information system
relationships, preparing and transferring data into decomposition is segmenting the system to
the finance management information system, more information subsystems according to a defined
precisely, into process accountancy. (Panian & order and in an appropriate manner, observing the
2.3. Purpos
se and Tasks
s of Purchase
Management Informatioon System
The purposee of the purcchase managem ment system
is to achievee the set goals related to suupplying the
organisationn it belongs tot with all caapital goods,
services, eneergy and labouur. In this theyy must make
sure to obtaiin a sufficientt amount of capital goods,
at the mostt reasonable prices possib ble, with on-
time.in-full- right-place delivery, from reliable
sources, i.e. suppliers wh ho fulfill theirr abilities on
time and co onscientiously,, and providee appropriate
pre-sale andd aftersale servvice. In the caase of public
procurement, it is necesary to pay atteention to the
suppliers buusiness abilties, which is pro
oven through
financial repports and refferences. The purpose of
Figure 2 Deco
omposed aims o of the purchase management
m the purchaasing process is to co onnect and
information n syste, harmonise the organisaation’s requirrements for
(The author’s oown design) capital goodds, services, laabour and en nergy on the
one hand, anda the interrests of the suppliers of
Firgure 2 illustrated deecomposing th he goals of those comm modieties on th he other.
the purchase management information system.s The
goals
g presentted here con nmprise their own sub- 2.3.1. Internall and External Document
D Flow
w in the
goals,
g which is obvious frrom the graph hic models: Information, Purchase
P and In
nformation Sysstems
gather
g informmation on purrchase conditiions; gather
information
i o the best suuplier; gather information
on The business technology matrix is a strrictly defined
on the possiible cuts in purchase co osts; gather 2D1 mathem matical struccutre, subjectt to formal
information
i o storage co
on osts; gather information mathematicaal operationss such as verifying
v the
on handling cost
c cuts; to rresearch the market
m and consistency of businesss technology or system
gather
g field data
d based onn an appropriaate sample; optimisation n, and describ bes reslationsh
hips between
gather
g inform
mation on the optimum order quality; various factors. (Brumec, 2007) The matrix is so
gather
g inforrmation on delivery terms t and structured th hat there is no
o process solelly generating
conditions; to t gather in nformation on o training data classes,, without usin ng any of them. The P-K
requirements
r for purchasing staff; and a gather matrix is th he mathemattical presentaation of the
information
i o the purchasse risk levels.
on number of processes,
p subb-processes, activities
a and
data classes. A process is a set of activvities flowing
2.2.
2 Purchas
se Strategy in a given order.
o A data class is a logiically shaped
and conned dted data set, related to a given
Purchase
P stattegy forms a plan set in suchs a way phenomenon n or entity. The businesss technology
that it will enaable the organ
nisation to acccomplish its matrix for the supply management
m w partially
was
set goals. Purchase
P is an executivve process used for creating the dataa flow diagram m. P-k matris
consisting off numerous aactivities. Thee purchase is more appropriate for presen nting large
strategy sho ould be incorporated in the information systems, duee to clearer reepresentation
organisation’ss overall businness strategy. Purchasing of relationshhips, and deteermining which process or
can be regarrded as an organisation’s subsystem, sub-process creates, reaads, updates and deletes
and its activvities can maake an impacct on cost strictly deterrmined data cllasses.
cutting and performancee improvent.. For the
purchase
p prossess to functio
on well, it is neecessary to:
1. establish good relatio onships with h business
partners products are puurchased fromm,
2.
2 avoid depeendence on a single seller,
3. upskill th
he purchase department staff: and 1
2D denotes tw
wo demensions: (1) data classes and
a (2) number
motivate the
t staff. and names of processes.
p
Mana
agement Informa ation Systems
Vol. 7, 1/2012, pp. 013-024 15
Vladimir Šimović, Matija Varga, Predrag Oreški
Figure 3 shows a detail picture of the data on the purchase management information
information system of a public organisation, system, and all documents required to the purchase
divided into parts or subsystems, and its department for seamless process flow. Figure 3
functioning. The business technology matrix offers shows determined processes and data classes in
accordance of phases of public procurement of
goods, labour and labour for the purchase business technology matrix for the representation
management information system, and other of the information system model, or processes and
information systems tightly connected to it, and data classes are: matrix (Figure 3), giving a clear
collaborating on task performance. As purchase and systematic overview of all data processes and
management information system is tightly classes within the observed information system,
connected with other information systems within unlike the observed information system, unlike the
the organisation, Figure 3 shows a more complex data flow diagrams (Figure 4), which cannot be
business technology matrix. A business technology comprehensible for representing large and compels
matrix shows which documents, as data carriers, information systems. A matrix shows how many
are required by the purchase management times an individual process creates, reads, deletes
information system so that the suppliers can assure and updates a given data class. Based on the
purchasing organisation’s management that they business technology matrix, we can conclude which
can achiever the set goals and perform the work documents can be created as a result of individual
independently. When taking over the materials and processes. A business technology matrix gives a
capital goods within the purchase process, it is clear representation of the number of processes,
necessary to establish the state of the supplied subprocesses, activities and data classes, and the
product and control its condition. Several representation of how many times a given data
employees will participate in the takeover class is created, read, deleted and updated, but does
subprocess, as the takeover of a certain commodity not show the length of individual processes
requires strict controls. subprocesses and activities, which was the reason
The business technology matrix was analysed for showing in this article the time required to
with an analytical data processing tool. The tools perform the process, unlike the previously
facilitated determining how many suprocesses the published articles.
purchase and finance management information Table 1 shows the duration of individual
systems contain. The purchase management subprocesses in hh:mm:ss format. Duration of
information system was found to have 6 individual subprocesses could not be established,
subprocesses. A simpler combination of functions so they were marked “X”, Measuring the duration
used in this analytical data processing task for and progress of subprocesses in purchase, finance
analysing the business technology matrix looks as and security system management is significantly
follows: different than in the production information
system.
=SUM(SUM(COUNTIF(B14:V17;"R");COUNTI
Figure 4 shows a data flow diagram comprising
F(AM14:BC17;"R"));(SUM(COUNTIF(B14:V17;"
flows, data flows, subprocesses and external
RUD");COUNTIF(AM14:BC17;"RUD");(SUM(C
entities (sources or destinations). The data flow
OUNTIF(B14:V17;"RU");COUNTIF(AM14:BC17
diagram was compiled based ont he business
;"RU")))))).
technology matrix. Apart from the finance and
The marks in this business technology matrix purchase information system, it also shows other
are: C(retaing), R (eading), U(pdating), D(eleting) information systems so as to point out the
or their combination. The advantages of the interconnectedness and information exchange
Table 1 Duration of individual processes and subprocesses
(The author's own design, based on information received from financial and commercial director, and calculated average)
0 kn 1 8 Inv oic e
Other 40 D aily log
2.3.1. Claims 1 book k eeping R aw mater ial
s ettlement 15 D ec is ion to es tablis h
doc uments rec or ds 4 C ash flow rep ort 51
ex pert repres entation
0 kn 9
39 Wor k or der
9 R eport for tax author ities 2.1.1. Es tablis hing
0 kn 2 29 Enquiry
c urr ent inv entories
3 Bank s tatement
Pay ment
2.3.2. Keeping ledger rec or ds order s Other s tatis tic al Ex penditr e lis ts
22 10 C all for 0 kn 20
rec apitulation repor ts 30 for
repor t propos als 48
R aw mater ial public
15 2.2.1. Cons umption
recor ds proc ur ement
D oc uments upload
Profitability and own
from Public 11 0 kn 10
46 c apital utilis ation
N otes w ith financ ial H ealth Bid r ec eption
13 2.1.2. Announc ing 49
War ehous e repor t Authority ques tionnaire
16 public c all pro pos als
entry note
Employ ee
26 C ontr ac t
R ec ords of w ork ing 0 kn 3 25 main data 31 Bid R ecords of
5 list
hours 32 s elec ted
R aw mater ial
15 2.3.3.Pay rol bids
rec or ds
c alc ulations
0 kn 11
6 Pay ment c alc ulations 26 C ontr ac t Financ ial
2.1.3.Proc es s ing bids 50 38 C ons umption lis t
repor ts
War ehous
27
ex it note 0 kn 15
D oc uments on 7 R -S for m 7 R -S for m 0 kn 22
c ourt and Other Independent 2.1.4. Proc ure ment of
C as h 45 24 47 s ubc ontrac tin g mater ials and energy 2.2.2. Cons umed
14 adminis trativ e repor ts
s tatement c onjunc tions repor t gas pric e c alc ulation
21 PK for m
1
N otific ation of
Env ironment, financ ial and Liquidity and 33
23 Money trans fer or der c ontract Pay ment s lip
c ommer c ial s ec tor, 18 Balanc e s hee t 12 c os t-effec tiv eness 41
R ec eipt s lip
andproc es s e s of other repor t
s ec tors within the s ame
enterpris e
Profit- and-los s 0 kn 4
19 0 kn 23
ac c ount
2.2.3. Cons umption
c alc ulation control
C omplaints
42
book
44 Surv ey
0 kn 17
between them. The only problem in the proesented making in the purshasing process. Decision makin
model is its complexity, so that it takes more time is impossible without alternative solutions.
to study thus presented detailed model. Unlike Decision-making is always related to uncertainty
models displayed earlier, the model in Figure 4 has and risk.
several data flows added. As well as the P-K
matrix, the data flow diagram will change 3. Finance Management Information
depending on the change in rules of the business System
rules of the observed company and documents,
and changes in numerous laws pertaining overall The purpose of the finance management
business operations. information system is recording all businessevents
in companies, in financial and value expression.
2.3.2. Decision-making Within the Purchase Finance management information system and its
Management Information System event-recording modules are similar in numerous
organisations, given that, at the end of the process,
Seamless decision-making in the purchase process
they must meet all the rules defined by the
requires the use of certain tools and expert system
provisions of the Accounting Las. The software of
making decision based on knowledge database and
the finance management information system
fact base, with the assistance of an appropriate
includes the following set of modules (Figure 5):
decision-making mechanism. The approach to
the ledger module, the analytic bookkeeping
decision in the purchasing process based on
module (and other auxiliary books) comprising
intiuition is quite erroneus. Decisions based on
submodules such as accounting records of long-
experience and intuition are connected with high
term assets, acconting records of invntories, raw
risks. Decisions are made more easily in repeat
materials, payroll, human resources receords,
purchase. When deciding on new supplieres, it is
submodules of customers’ and suppliers’ balance
necessary to consider all the information available
accounts, and account records of stationery and
on the supplier, so thatthe best decision is made.
spare parts.
Several persons should be involved in decision
3.2. The Financial Reports Analysis 2006, 2008, 2009 and 2010, whereas the company
Subprocess was cost-ineffective in 2007. as the coefficient is
The financial reports analysis subprocess is used lower than the threshold indicator 1. In 2006, the
for the business analysis of the company, and is overall business co-efficient dropped by 0.0055 in
performed with the aim with of getting familiar comparison with 2005. In 2007, overall business
with the company’s financial strength. The co-efficient dropped by 0.03166 in comparison
company’s success is measured so as to derive with 2006. In 2008, overall business co-efficient
useful information for making financial decisions. increased by 0.031166 in comparison with 2007. In
The financial reports analysis subprocess is 2009 overall business co-efficient increased by
peformed for the purpose of monitoring the 0.000284 in comparison with 2008. Table 2 shows
movement of the business success over given and spells out the comment whether the business
periods of time. The purpose of financial reporting was cost-effective or not (in green cells). The
is to meet the users needs for all required formula and condition used in MS Excel 2007 are.
information on the company’s business success. To = IF(En>1; “The company operated cost-
complete a successful financial reports analysis, it is effectively”; “The company did not operate cost-
necessary to know the company’s complete effectively”. Based on the formula presented, the
operation, applied accounting techniques, and the “more than” (>) comparison operator was used. If
company’s development strategy. Performing the the condition was met, the result was true, i.e. the
reports analysis subprocess produces the output operation was cost-effective, while in the opposite
documents presenting the amounts of companies’ case, i.e false, the operation was cost-ineffective,
business success. One of the company’s operation for the coefficient was less than 1. The overall
success indicators is the total cost-effectiveness. business cost effectiveness index is calculated
The cost-effectiveness indicators show how much under with the following formula:
revenue the company has earned per unit of
expenditure. Cost-effectiveness indicators are OBCEn
OBCEIn * 100
calculated based on data from the profit-and-loss OBCEm
account3 created within the ledger records, i.e where
ledger module. OBCEIn = overall business cost-effectiveness
index
Table 2 Cost effectiveness indicator of the observed OBCEn =overall business cost effectiveness for a
company (Indicator name: total business opearations cost-
effectiveness)
given period
periods, i.e. years, whereas Y axis shows the value value than the computers and computer
in Croatian kuna for total revenues and infrastructure. Physical protection encompasses a
expenditures. Total expenditure that the company set of methods and means used for protecting the
had are marked blue, whereas total revenues of the information system’s hardware in the broadest
observed company are marked dark blue. sense, from unauthorised approach to the system
itself and using its resources, to protecting it from
4. Security Management Information the impact of external events whose occcurence is
System unpredictable. (Dragičević, 2009, p. 81) The
physical protection includes protection from
The role of the security management information thunder, rain, flood, hail, show, low temperatures,
system is to protect information systems within the enemy forces at wartime, excessive dust, explosive
organisation itself, their processes, and employees devices, theft, unauthorised approach to computer
participating in process execution. Physical security assets, earthquakes, volcanic eruptions, power cuts,
is of utter importance in the security information or possible impact of the computer itself or the
system of any organisation. storage media on hard floors. The listed
It is common knowledge that the most protections are highly significant, as these threats
common assaults on information systems originate may cause great material and financial marm ot the
from the employees themselves. In their research managing information systems.
conducted and published in Seger & von Stroch, Kensington locks are security systems used for
Computer Crime: a Crimefighter’s Handbook, O’Reilly & protecting mice and other entry and ouptput
Associates prove this fact. The book states that the devices from theft. If a perpetrator wants to steal
highest ratio of security issue is caused by human the mouse, he cannot do it due to the Kensington
error. In most cases, human errors result from lock, attaching the mouse to the portable
inadequate alertness and employees’ inadequate computer. To protect the data in portable
edcation. The second largest source of errors in computers, and the computers themselves, one
information system is hardware malfunction, the needs to consider the places where computers are
third place belongs to empolyees using their left. Portable computers with important data
position in the institution for their own personal should not be left in public places accessible to
gain, or employees using this to express their everyone, i.e. auditoriums, cabinets, offices and
dissatisfaction or hostility to the firm or their similar places, especially when these places are not
superiors.(Kovačević, 2008) provided with locks or otherwise secured against
theft. Nowadays, there are clamps for locking
4.1. Data Protection With Physical Procedures portable computers in such a way that a
and Passwords perpetrator cannot open or move them, and special
Physical protection measures include all defense lockers made of solid material, where portable
measures taken to ptorect the computer computers are stored so that nobody except
instrastructure and data. Physical security is an authorised persons can open them. Quite often
essential part of any defence of computer firms have separate and specially protected rooms
infrastrcture and data. When examing computer for keeping computers and media for storing
crime, one has to take the following into account: if confiedential information. Apart from specially
the criminal act was committed at the computer allocated rooms, storage media with important
centre, without cracking passwords from the information can be stored in protectivee storage
outside, it means that physical security was lockers.
compromised, or that security measures were Modern era has seen the development of
cracked physically, or thatthere were none. What is sysems whose purpose whose aim is to raise the
vital is establish exactly how the physical security of level of physical security, such as protectors, sensor
the compute environment was cracked. If the lights, surveillance cameras, special systems for
perpetrator has bypassed the technically locking rooms and lockers used for storing
sophisticated protection systems, it is necessary to computer equipment, alarm systems, and locators.
seek the help of experts for a precisely defined Table 3 shows types fo security threats to the
area. (Bača, 2004, p. 139) If the computers or data information system. The table presents sources of
storage media are severely damaged, the data on threat, descriptions of domains, and specific
the media are also highly likely to be lost. In most threats, showing specifically who can harm the
cases, data and programs nowadays have greater information system security.
Table 3 Types of security threats to information systems An optimal password should contain a minimum
of seven characters – a combination of lower and
Source of
threat
S of domain Specific threat upper case letters and numbers. The use of first
Neglecting to names, surnames, names of parents, children, dates
adhere to corporate of birth, places of redince, street names etc. A
Current employees
security policy chain of identical characters is also not
Employees Former employees
Employees’ errors recommendable.
Novices
(intentional or When it comes to office work, the password
unintentional)
must not be written on a paper and place in a
Lack of clearly
defined procedures drawer, to prevent third parties from accessing
Employees confidential data.
Lack of clearly
Clients
established The most common assault at passwords is by
Suppliers
sequence of probing or blind guesses. Blind guesses is a type of
Processes Service providers
activities assault where the perpetrator tries to access a
Business partners
Failure to adere to
procedures Other public from certain system by random guesses, with trial-and-
Extended process
the surroundings error as the most used method. Althought this
performance period assault may seem somewhat naive, it can
Technical sometimes be effective, especially if we are familiar
malfunction of with the person who set the password.
Unforeseen systems within When one opts for a limited number of
hardware intended use
attempts to access the computer system, the system
malfunction Technical
Systems must be set in such a way to limit the number of
Inadequate malfunction in the
robustness of system due to possible access attempts. If the user tries to access
technical systems inappropriate the system with a wrong pasword and username,
design or poor the system should reject this person. The next
implementation option that should be plased is a message about the
Natural disasters
(thunder, rain,
latest approach to e-mail, i.e. record of the latest
snow, flood, Natural events access to data in the form of date, time and name
earthquake, dust, Accidents of internet service provider. CARnet Webmail is an
storm etc.) Malicious exernal example of such service.
Disasters due to actors
External
human error Negligent external 4.2. A Case of Database Damage and recovery
events
Malicious actions actors in Finance Management Information System
by external actors Conflicts between
Negligence of corporate interests Database damage may occur for several reasons,
external actors and external actors such as hardware malfunction (HDD and other
Legitimate actions
storage media), or an error in the system-based
of external actors
program suppot. Databases can also suffer damage
(Author’s own design based on the table from Klaić, 2010.) by malicious persons, usually referred to as hackers,
by incident or accident.
In companies, employees aproach to certain Regardless of the causes of and reasons for
applications is organised as follows: the head of the damage, a database must be recovered to the state
department where the new employee is coming of preserved physical identity. Database integrity
sends a request for opening a user account with refers to true and accurate information, i.e. data
data on the access level access and rights. In contained in the base. In a broader sense, problems
addition to other basic daa, the application should with database integrity include all protective
also include the position, job description and measures aimed at preventing the entry of incorrect
required access rights. When the user has received data in the electronic database. Inaccuracies and
the password from the department head, he or she incorrect information in the database result from
can change it so that he/she and the administrator errors occurring during data entry or updates,
can have access to certain data. Every employee program or system error, or even deliberate entry
meeds a password to access a specific section of of wrong data with the intention of database
the application, i.e. a spedific module. The damage. Databases are protected by limitations.
password is usually changed monthly, and if Integrity rules are database limitations on permited
necessary, it should be done several times a month. states allowing mutual harmonisation between the
database and data that is entered, updated or experts dealing with bank information system
deleted. Financial organisations work with available securities, no case of cracking a bank’s information
data, and make important decisios in accordance system has been recorded. Banks’ information
with this. If the data dealt with in the finance systems are under constant, daily assault, but there
department are incorrect or have been tampered are no major difficulties or consequences of these
with by an invader, the consequences can be far- attempts. The greatest problem is the “pocket
reaching. If, for instance, a school lost all data impact” suffered by a banking service user if
stored in the computer system on the employees, someone finds their card number and password,
their years of work or salaries, the employee in the and can approach the bank account. When
accounts department would have to re-enter all the personal information, gossip or misinformation
data for each employeein the system. To retrieve about a person is published in the media, many
the database, it is first necessary to save the data people believe that a psychologically balanced
from the database on a separat medium and record person will not be too upset, unless it is about
all changes in the database in the log. (Varga et al., finance. When it comes to users’ personal property
2007, pp. 80-81) or private data on bank accounts and financial
Safeguarding the data from a database onto a assets, the same persons will be more vulnerable,
medium is done by some companies every five especially if an unprofessional employee discloses
days on the average, but this may be too seldom. It their personal data without the knowledge of the
remains an open questin what would happen if a persons themselves or senior personal of an
company stayed without important data in the base organisation (if it is about fabricated information).
for five days. Any amount smaller than data lost Banking information system managers must
would be profitable to invest in more frequent penalise such actions severely. Banking information
creation of backups. It is safer to create backups system is the second important by importance after
daily. It is recommendable for companies to hire the military information system. Hackers’ assaults
their own database administrator, who would take at banking systems are not as common in Croatia
care of backus and be resonsible for the data in the as in other countries. Banks are currently one step
base. Database management system in a given ahead of potential dangers, which makes the
company must be available every minute, so that citizens’ and companies money safe.
24-hour backups are possible. Backups can also be In order to have more effective security
created during work. measures in card transactions and raise the security
Temporary database copies can be created levels of their transactions, banks must introduce
within the database itself. Temporary databases can Payment Card Industry – Data Security Standard
be read-only, i.e. database views. Temporary (PCI-DSS) certificates, developed by the
database copies record changes made in the consortium of leading card companies (Visa,
original database. Only the values of modified American Express MasterCard etc.) for more
pages are stored in files used for creating effective protection of important card data,
temporary database copies. This process is decreasing the number of frauds, and raising
performed by using special files. If pages of the security standards in companies in companies that
original database are modified, the server records process or store credit card data, (PCI Security
original pages with data in a special database. This Standards Council, 2010) which means banks in
is a way of securing that only changed pages are most case. Meeting the requirements set by PCI
resorded on the disk’s physical space. (Lee & DSS equals effective information system risk
Bieker, 2008, p. 86) To protect all the electronic management.
data in the base, companies use antivirus
protection on personal computers and servers in 5. Conclusion
finance department. Upgrading antivirus software
is up-to-date. Each time a computer is used, the This article presents the manner of managing and
user must update the antivirus programme. functioning of the information systems of
Hackers find it most appealing to break into purchase, finance, information and security systems
banking information system, which is also a within an organisation, and their
segment of the finance management information interconnectedness in the observed company. The
system. The reason for this, of course is that banks presented models can be used by public companies
have large amounts of money on “their” accounts. involved in similar or identical activities.
However, as claimed by a vast majority of IT Viewing the results of the financial report
analysis process, according the overall cost-