ACCA PM知识点：Sources of information

Sources of information

A company has many sources of information to draw upon,which can be traditionally be categorised as internal vs.external.Internal information is easier to source,while external information can be more challenging to acquire.External information is particularly useful for strategic planning,when a company needs to consider market share,industry trends,and customer behaviours.

Internal sources can include,for example,the company’s accounting and production records,HR records,website traffic,and call centre data.Information gained from these sources can enable a company to understand product profitability,production efficiency,and employee utilisation.A retailer analysing customer shopping behaviour with information from their CRMS would be using internal information.

External sources of information come from the environment in which a company operates and can include competitor’s websites,social media,credit rating agencies,and internet news,for example.A company that analyses feedback from social media sites and uses internet research to identify new customer segments would be using external information.

Cost vs benefit

Companies should ensure that the benefit received from management information exceeds the costs of gaining that information.For example,the implementation of an ERPS can bring many benefits,such as improved business intelligence,streamlined procedures,improved productivity,and lower cost per accounting transaction.

However,such a system also comes with costs.New software,hardware,testing,and other implementation costs will be incurred by the company,as well as potential disruption to people’s work routines,and the need to overcome resistance to change.

Controls over IS

You should ensure that you have a working knowledge of the following controls over information systems for your Performance Management exam:

Physical controls

These are controls that prevent unauthorised people from gaining physical access to computer systems.Locked doors,picture IDs,and security cameras are examples of physical controls.

Logical controls

Once someone has gained physical access to a computer system,the next level of security would be logical controls.Passwords and access rights are examples of logical controls.

Administrative controls

Administrative controls are those that are designed to influence peoples’behaviour toward IS systems and practices.IT training and certifications,implementation of new procedures and discipline policies are examples of administrative controls.

Anti-virus

Most computer users will be familiar with viruses:software intentionally created to harm your computer or data.Malware(malicious software)is considered to be master group heading for viruses,trojans and worms etc.While this is a complex topic which evolves quickly,the idea of anti-virus software is straight-forward:it is software designed to prevent,detect,and remove viruses.You will most likely run both anti-virus and firewall(see below)software on your personal computer.

Firewall

This term was first used to describe a physical wall in a building that keeps a fire contained.In IS,it describes a type of control that prevents access to a computer or computer network.A firewall is used to control the flow of data between an external source,such as the internet,and an internal network in order to protect it from malicious threats.It achieves this by use of access control rules which define the source and destination IP addresses and the ports being used for the connection.Your company probably uses a firewall to keep hackers out of their computer networks,and if you are using a Windows operating system there is firewall functional included.

Additional protection can be achieved by use of Intrusion Detection System(IDS)and Intrusion Prevention System(IPS)which inspects the data packet coming into the network and compares it to a list of approved and known data signatures in order to ascertain if the data contained within the packet is known to be dangerous or malicious.

Validation

Validation is a broad type of control used to ensure the accuracy,rather than security,of data.When you enter your birthday on a web form,you are usually asked to pick the date,month and year from pulldown menus or by clicking on a calendar tool.Moreover,you are probably not allowed to proceed to the next step of what you are doing if you left the birthday field blank.These are two examples of validation—the first control forces you to enter a valid date,and the second ensures you don’t leave the field blank.

Encryption

This is a control whereby your data is encoded in a way that makes it extremely difficult for people to decode and then use your data if they were to gain access to it.Flash drives often come with encryption software included;this doesn’t prevent loss of the flash drive but,if it falls into the wrong hands,it prevents unauthorised access.

Dial-back security

This is an older type of control that comes from the era of dial-up networking when computer users often used a physical phone line to dial-in access the internet.This system works by calling the user back on a pre-determined phone line to ensure that access is being granted from an authorised location.

Confidentiality agreements

This is an example of an administrative control that spells out the responsibilities,duties,and potential penalties of employees in terms of ensuring that they keep data private,secure and safely stored away.Confidentiality agreements are commonly used in many larger companies.

Conclusion

Information systems are becoming an ever-increasingly important aspect of performance management.Gaining knowledge in this area will add to your employability if you are not yet working,and help you advance faster in your career if you already are.ACCA recognises this importance which is why it’s an important part of your PM syllabus–make sure you study this often overlooked area and be ready for it in your upcoming PM exam.

Written by Steve Willis,finance and accountancy trainer

翻译参考

信息来源

一家公司有许多信息来源可供利用，传统上可以将其归类为内部与外部。内部信息更容易获得，而外部信息的获取可能更具挑战性。当公司需要考虑市场份额、行业趋势和客户行为时，外部信息对于战略规划特别有用。

例如，内部来源可以包括公司的会计和生产记录、人力资源记录、网站流量和呼叫中心数据。从这些来源获得的信息可以使公司了解产品盈利能力、生产效率和员工利用率。使用来自其CRMS的信息分析客户购物行为的零售商将使用内部信息。

外部信息来源来自公司运营的环境，可以包括竞争对手的网站、社交媒体、信用评级机构和互联网新闻等。分析来自社交媒体网站的反馈并使用互联网研究来确定新客户群的公司将使用外部信息。

成本与收益

公司应确保从管理信息中获得的收益超过获取该信息的成本。例如，ERPS的实施可以带来许多好处，例如改进的商业智能、简化的程序、提高的生产力和降低每笔会计交易的成本。

然而，这样的系统也伴随着成本。公司将承担新的软件、硬件、测试和其他实施成本，以及对人们日常工作的潜在干扰，以及克服变革阻力的需要。

对IS的控制

您应该确保您对绩效管理考试的以下信息系统控制有一定的了解。

物理控制

这些控制措施可防止未经授权的人员物理访问计算机系统。上锁的门、图片ID和安全摄像头是物理控制的示例。

逻辑控制

一旦有人获得了对计算机系统的物理访问权限，下一个安全级别将是逻辑控制。密码和访问权限是逻辑控制的示例。

行政控制

行政控制是那些旨在影响人们对IS系统和实践的行为的控制。IT培训和认证、新程序和纪律政策的实施都是行政控制的例子。

防病毒

大多数计算机用户都会熟悉病毒：故意创建的软件来损害您的计算机或数据。Malware（恶意软件）被认为是病毒、特洛伊木马和蠕虫等的主要群体。虽然这是一个快速发展的复杂主题，但防病毒软件的概念很简单：它是旨在防止、检测的软件,并清除病毒。您很可能会在个人计算机上同时运行防病毒软件和防火墙（见下文）软件。

防火墙

该术语最初用于描述建筑物中用于控制火势的物理墙。在IS中，它描述了一种防止访问计算机或计算机网络的控制。防火墙用于控制外部源（例如Internet）和内部网络之间的数据流，以保护其免受恶意威胁。它通过使用定义源和目标IP地址以及用于连接的端口的访问控制规则来实现这一点。您的公司可能使用防火墙来阻止黑客进入他们的计算机网络，如果您使用的是Windows操作系统，则包含防火墙功能。

可以通过使用入侵检测系统(IDS)和入侵防御系统(IPS)来实现额外保护，该系统检查进入网络的数据包并将其与批准和已知数据签名列表进行比较，以确定数据是否包含已知数据包内是危险的或恶意的。

验证

验证是一种广泛的控制类型，用于确保数据的准确性而非安全性。当您在网络表单上输入您的生日时，通常会要求您从下拉菜单中或通过单击日历工具来选择日期、月份和年份。此外，如果您将生日字段留空，您可能无法进行下一步操作。这是验证的两个示例-第一个控件强制您输入有效日期，第二个控件确保您不会将该字段留空。

加密

这是一种控制，您的数据以某种方式进行编码，如果人们要访问它，那么人们很难解码并使用您的数据。闪存驱动器通常附带加密软件；这并不能防止闪存驱动器丢失，但是，如果它落入坏人之手，它可以防止未经授权的访问。

回拨安全

这是一种较旧的控件，来自拨号网络时代，当时计算机用户经常使用物理电话线拨入访问互联网。该系统的工作原理是通过预先确定的电话线给用户回电，以确保从授权位置授予访问权限。

保密协议

这是一个行政控制的例子，它阐明了员工在确保数据保密、安全和安全存储方面的责任、义务和潜在处罚。保密协议通常用于许多大公司。

结论

信息系统正在成为绩效管理中越来越重要的一个方面。如果您还没有工作，获得这方面的知识将增加您的就业能力，如果您已经工作，则可以帮助您在职业生涯中更快地发展。ACCA认识到这一重要性，这就是为什么它是您PM教学大纲的重要组成部分的原因——确保您学习这个经常被忽视的领域，并在即将到来的PM考试中做好准备。

史蒂夫·威利斯(Steve Willis)撰写，财务和会计培训师

【ACCA PM例题：Relevant cost of machinery】