Lecture Note

MODULE 1
INFORMATION FOR MANAGEMENT

Motivation
Large number of jobs today for computer science and engineering graduates is in creating information systems for managing organizations. Students should know what is information and how it is different from data, should know nature of organizations and their structure to design appropriate information system, should know management structure and needs of each level of management & should know functional areas of management and information needs for each area
LEARNING UNIT 1
Data and Information, types of information : Operational, tactical, strategic, Statutory
DATA AND INFORMATION
DATA is a raw material with which we begin. Collecting data costs money and hence one must collect necessary and sufficient data. Data is generally used by machines and is useless unless it is processed to create INFORMATION. INFORMATION is Processed data, used by managers to initiate actions and to run the organization efficiently. The data processed by machines gives information
TYPES OF INFORMATION
STRATEGIC : Needed for long range planning and directions. This is less structured. TACTICAL : Needed to take short range decisions to improve profitability and performance. OPERATIONAL : Needed for day to day operations of the organization. Eg: Daily Sales, Billing. STATUTORY : Needed by law to sent to government authorities. Eg: Sales tax return.
MANAGEMENT HIERARCHY AND INFORMATION NEEDS
Volume of Information Low condensed Medium moderately processed Large Detailed Reports
Type of Information Unstructured StrategicLong range planning
Top Managers Middle Managers Line managers
Moderately structured Highly structured
Tactical Short range improvement Operational Day to day policies
LEARNING UNIT 2
Why do we need information systems, management structure, requirements of information at different levels of management
NEED FOR INFORMATION SYSTEMS Information systems are needed when timely processing for fast action is needed, same data has to be processed in different ways and when organizations require innovative processing. MANAGEMENT STRUCTURE
Chief Executive (Strategical)
Production manager
Marketing manager
Materials manager
Finance manager
Human Resource manager
Line managers
Functional areas of management are as follows:
PRODUCTION MARKETING MATERIALS purchase, stores FINANCE Accounts HUMAN RESOURCE DEVELOPMENT(HRD) RESEARCH AND DEVELOPMENT (R&D)
INFORMATION FOR MANAGEMENT
A Production Management
The following type of information is needed in production management:
Strategic Information: 1)Yearly and monthly production quotas and alternate schedules 2)Policies on machine replacement, augmentation and modernization. 3)Identifying best product mix.
Tactical Information 1)Identifying and controlling areas of high cost. 2) Identifying critical bottlenecks in production. 3) Identifying alternate production schedules based on tools, machines etc. 4) Performance measures of machines to decide replacement.
Operational Information 1)Monitoring up to date production information by examining assemblies, detecting likely shortages and giving early warning. 2) Scheduling better production dynamically. 3) Preventive maintenance schedules. 4) Monitoring tool, machine and personnel availability
B Marketing Management
Strategic Information: 1) Search for new markets and marketing strategies. 2) Analysis of competitors strategy 3) Technology and demographic forecasts and product changes Tactical Information: 1)Advertising techniques and analysis of their impact. 2)Customer preference surveys. 3)Correlation of prices and sales. 4)Sales force deployment and targets. 5)Exploring alternate marketing channels. 6)Timing of special sales campaigns.
Operational Information: 1) Sales analysis by regions, customer class, sales person. 2) Sales target versus achievement. 3) Market share and trends. 4) Seasonal variations. 5) Effect of model changes. 6) Performance of sales outlets 7) Costs of campaigns and benefit.
C Material Management
Strategic Information: 1) Developing vendors for critical items 2) Determining optimal levels of inventory 3) Determining proportion of material needed 4) Reducing varieties of inventory
Tactical Information: 1) Developing vendor performance measures. 2) Determining optimal reorder levels. 3) Determining issues of items to shops versus 4) standard needs. 5) Controlling high value of inventory. 6) Determining impact on material cost and 7) procurement with design changes and new 8) product introduction.
Operational Information: 1) List of excess & deficient items received. 2) List of items rejected. 3) Critical items received. 4) Stores in transit and in inspection. 5) Value of inventory in hand. 6) Goods received, rejected and issued.
D Finance Management
Strategic Information: 1) Methods of financing. 2) Pricing policies 3) Tax planning. Tactical Information: 1) Variations between budget and expenses. 2) Large outstanding payments/Receipts. 3) Credit and payment status. 4) Cost increases and pricing. 5) Impact of taxation on pricing
Operational Information: 1) Periodic financial report. 2) Budget status to all functional managers. 3) Tax returns. 4) Share transfers. 5) Profit and loss account. 6) Payments and receipts. 7) Payroll,provident fund accounts.
E Human Resource Management

Strategic Information:
1) Long range human resource requirements at different levels. 2) Policies on human resource development and training 3) Policies on personnel welfare and facilities Tactical Information: 1) Performance appraisal. 2) Demographic make-up of personnel and its impact on retirement. 3) Production incentives. 4) Morale of personnel. 5) Absentee reduction. 6) Leave and overtime policies. 7) Personnel deployment policies.
Operational Information: 1) Routine assessment. 2) Skills inventory. 3) Loan/advances and recoveries. 4) Leave record.
MODULE 2 SYSTEMS ANALYSIS AND DESIGN LIFE CYCLE
Contents
1. MOTIVATION AND LEARNING GOALS 2. LEARNING UNIT 1 Systems Analysis and Design life Cycle: Requirements determination, requirements specifications
3. LEARNING UNIT 2 Feasibility analysis, final specifications, hardware and software study, system design, system implementation, system evaluation, system modification.
4. LEARNING UNIT 3 Role of systems analyst, attributes of system analyst, tools used in system analysis 5. References
SYSTEMS ANALYSIS AND DESIGN LIFE CYCLE
MOTIVATION
Students should know how to logically divide a complex job into smaller manageable steps. Each step must have a logical beginning and end and must be self contained. Division of large jobs into logical steps will enable one to assess progress at the end of each step, each step may be assigned to persons with specialized competence, and allocation of human and financial resources appropriate for each step can be planned.
LEARNING GOALS At the end of this module u will know: 1. 2. 3. 4. 5. Nine Steps in designing Information Systems. Tasks performed in each step. Nature of tasks performed by Systems Analysts. The attributes of Systems Analysts. The tools used by Systems Analysts.
LEARNING UNIT 1 Systems Analysis and Design life Cycle: Requirements determination, requirements specifications
LIFE CYCLE OF SYSTEMS ANALYSIS AND DESIGN Steps involved in Analysis and Design 1.Requirements Determinations 2.Requirements Specifications 3.Feasibility Analysis 4.Final Specifications 5.Hardware Study 6.System Design 7.System Implementation 8.System Evaluation 9.System Modification
1.Requirements Determination: This is arrived at by a consensus reached among managers in the organization. Priorities among applications are determined and high priority applications are selected.
2.Requirements Specifications This is known as System Requirements Specification (SRS). Applications where a system is required are listed, and specifications of the users requirements are arrived at after discussion with the user.
LEARNING UNIT 2 Feasibility analysis, final specifications, hardware and software study, system design, system implementation, system evaluation, system modification.
3. Feasibility Analysis Formulate Goals of the system and quantify them. Find alternative methods of meeting the goals and for each alternative assess resources needed like Human Resources, Time and Money, Equipment needed etc. Assess cost of each alternative and find the best alternative
4.Final Specifications Specifications would state what the system would achieve. Specifications drawn up are then improved for implementation. SRS is written, which is then given to user and agreement is reached
5.Hardware Study Determine Hardware and Software required to execute the application. Determine Response time, Volume of data to be processed, Frequency of reports etc & then pick the hardware.
6.System Design A logical Design of the System is implemented. Objects are identified, Database is designed, and program specification and implementation plan is drawn up.
7.System Implementation In this phase programs are written, Database is created, user operational document is created, users are trained and the system is tested with operational data
8.System Evaluation Find out from Users whether the System meets the specified requirements. List areas of dissatisfaction and find reasons, suggest if there has to be any improvements to the system
9.System Modification Fix the errors, add/delete features as required by users, tune the system and continuously monitor system and assess performance.
LEARNING UNIT 3
Role of systems analyst, attributes of system analyst, tools used in system analysis
ROLE OF SYSTEMS ANALYST
The following are roles of systems analyst:
1. Defining Requirements: Involves Interviewing Users 2. Prioritizing Requirements: Obtain Users Consensus 3. Fact Gathering: Data, Facts and opinions of Managers are gathered, Lower level Users should also be consulted 4.Analysis and evaluation -Arrive at appropriate system 5. Solving problems: Hazy requirements converted into specific requirements, suggest many alternative solutions, and quantify cost and benefits 6.Drawing up specifications: Draw up specifications which are understood by users and programmers, which are accepted by users and which are precise and detailed. 7. System design: Logical design of system is implemented and the design must be modular 8.Evaluating Systems: Evaluate the system after it has been used for sometime, Plan the periodicity for evaluation and modify the system as needed
ATTRIBUTES OF A SYSTEMS ANALYST
Knowledge of organisation Knowledge of computers and software Good interpersonal relations Ability to communicate Analytical mind Breadth of knowledge
TOOLS USED BY SYSTEMS ANALYST Data Flow Diagram Decision Tables Modeling Language such as UML Normalization of Databases Testing tools ISO/CMM procedure manuals
REFERENCES
Most of the material in the module is adapted from Chapter 3 of Analysis and Design of Information Systems by V.Rajaraman published by Prentice Hall of India 2002 with permission from publisher. 1. Information Systems Today by L.Jessup and J.Valacich. Topics in this module treated from a slightly different perspective in Chapter 8, pp.240 to 256. 2. K.E.Kendall and J.E.Kendall, Systems Analysis and Design, Pearson Education Asia, Indian Reprint 2002. pp.16-17 have a very brief treatment of Systems Analysists role and Systems Development life cycle.
3. Modern Systems Analysis and Design by J.E.Hoffer, J.F.George and J.Valacich treat life cycle in pp.18-25. Role of various stake holders in systems development is covered in pp.11 to 15. 4. Information Systems, S.Alter, Pearson Education Asia 2000 looks at life cycle from a different perspective on pp. 4 to 16.
MODULE 3
INFORMATION GATHERING
Contents
1. MOTIVATION AND LEARNING GOALS
2. LEARNING UNIT 1 Information gathering, strategies, methods
3. LEARNING UNIT 2 System requirements specification, classification of requirements as strategic, tactical, operational and statutory 4. References
INFORMATION GATHERING
MOTIVATION The Information system designed for an organization must meet the requirements of the end users of the organization. To obtain what an end user expects from the Information System the designer must gain complete knowledge of the organizations working. It is important for the student to know the information gathering techniques so that no information is overlooked and the nature and functions of an organization are clearly understood. The main purpose of gathering information is to determine the information requirements of an organization. Information requirements are often not stated precisely by management. It is the analysts responsibility to prepare a precise Systems Requirements Specifications (SRS), which is easily understood (SRS) by users, as SRS document is a vital document before starting a project
LEARNING GOALS At the end of this module you will learn: Strategy to gather information for computerization. Various sources of information. Methods of searching for information. Interviewing techniques to gather information from line managers to top management. Methods of consensus for formulating requirements.
LEARNING UNIT 1
Information gathering, strategies, methods
INFORMATION GATHERING STRATEGIES A strategy should be evolved by the analyst to gather information. The strategy consists of identifying information sources, evolving a method of obtaining information from the identified sources and using an information flow model of organization
INFORMATION SOURCES The main sources of information are users of the system, forms and documents used in the organization, procedure manuals, rule books etc, reports used by the organization and existing computer programs(If Any).
INFORMATION GATHERING METHODS Searching for information Information can be gathered by interviewing top-level management, middle level management and operational staff. Besides Interviews group discussions also help the analyst to gather information. It is not possible to obtain all information in a single interview, more than one interview is thus required.
PLANNING AN INTERVIEW
Before starting the interview the analyst must make a list of people to be
interviewed and in what order, plan and note down a list of questions to be asked, plan several interviews with same person-mainly to clarify doubts and interview groups as appropriate. INTERVIEWING TECHNIQUE There are some guidelines to ensure a successful interview: Make an prior appointment with the person to be interviewed and meet him at the allotted time. Read background material and go prepared with the checklist. State purpose of interview. Be punctual and pay attention to what user says. Do not use computer jargon. Obtain both quantitative and qualitative Information. Discriminate between essential and desirable requirements. State what you understand and get it confirmed. Do not prolong interview and summarize the information gathered by you during the interview and verify this with the user USE OF QUESTIONNAIRES Questionnaires are useful for collecting statistical data. Sometimes the questionnaires are not promptly replied and several follow-ups/personal interviews may be required to get questionnaires back from respondents But if the questionnaires are short the probability of getting the reply is high When data has to be collected form large number of people questionnaires are useful. OTHER METHODS OF INFORMATION GATHERING Other methods of information search are: Systems used in other similar organization Observe workflow in workplace Repository of systems developed for similar organizations available.
LEARNING UNIT 2 System requirements specification, classification of requirements as strategic, tactical, operational and statutory
SYSTEM REQUIREMENTS SPECIFICATION (SRS)
SRS is obtained after excessive discussions with the user. System requirements specification specifies what Information requirements will be provided. It does not specify how the system will be designed. Developing SRS is most important and difficult task of a Systems analyst How SRS is developed Analyst examines the current system, finds out the shortcomings of the system as seen by the user. He then develops an SRS which is understandable by the user and which can be used for detailed design of the system.
Ideal characteristics of SRS Complete and Unambiguous. Specifies operational, tactical, and strategic information requirements Eliminates possible later disputes between users and Analyst Uses Graphical aids understood by users who are not computer literate and will also be useful in design. Jargon Free.
DEVELOPING A DOCUMENT FLOW DIAGRAM EXAMPLE WORD STATEMENT Our company receives many items from several vendors each accompanied by a delivery note. A receiving office receives the item and checks the delivery note with corresponding order. Any discrepancy is reported to purchase office. The items received along with items received note (with details of items) is sent to the inspection office. ENTITIES IDENTIFIED-Vendors, Receiving office, Inspection office DOCUMENTS IDENTIFIED-Delivery note, discrepancy note, Items Received note. Using these a document flow diagram is drawn Delayed Items
Delivered Items
Vendor Delivery note
Receiving Office
Discrepancy note Purchase Office
Items Received note
Inspection office
Indicates Physical flow of items
Indicates Documents
The diagram is interpreted as follows: 1) Vendors deliver items to receiving office accompanied by a delivery note 2) Receiving Office sends items to inspection office along with an items received note 3) Receiving office sends discrepancy note to Purchase office ENTITIES: Vendor, Receiving office, Inspection office and purchase office DOCUMENTS: Delivery note, Items received note and discrepancy note
DATA FLOW DIAGRAM (DFD)
DFD has entities and data flows, DFD specifies processing performed by some of the entities. It specifies which entities generate documents and also indicate their flow. Data stores which are referred while processing data and in which processed data may be written or stored are also represented in the Diagram
Vendor
Receiving Process Delivery note
Items Received note
Inspection Office
Orders Discrepancy note
Purchase Office
Entities are, originators of data and consumers of data Vendor, Inspection office and purchase office are entities in the above diagram Data flows are delivery note, items received note and discrepancy note A circle is used to depict a process A pair of parallel lines depict a store
Data elements in the data flow:
Delivery note: Order no,Vendor code,Vendor name and address,Item name, Item code,Delivery date,Quantity supplied,units.
Items Received note: Order no,Item name,Item code,Delivery date,quantity,supplied,units.
Discrepancy note: Order no,Vendor code,Vendor name and address,Item name, Item code,Order date, Delivery date,quantity supplied,units, excess/deficiency,No of days late/early.
Receiving office order file Order no,Order date,Item name,Item code,Vendor code,Vendor Name and address,Quantity ordered,delivery period.
PROCESSING RULE
The statements given below are shown to the user for his approval. English statement 1.Compare order no in delivery note with that in order file. If no match return item to vendor. 2.If order no matches then compare item codes, if no match return item to the vendor. 3. If order number matches compare qty delivered with quantity ordered. If excess or deficient send discrepancy note to purchase office. 4. If order number matches compare date of delivery with expected date. If late or early send discrepancy note to purchase office. 5.In case3 and case4 send items received note to inspection office
MODULARIZING REQUIREMENTS SPECIFICATIONS SRS Document now consists of Document flow diagrams(as many as needed), Data Flow Diagrams, Data elements of each data flow and Data store, processing rules carried out in each circle of DFD, a descriptive statement of operational,tactical,strategic information will be provided, a data dictionary which consolidates all data elements in the document and data store.
REFERENCES 1. Most of the material including the case study has been adapted from Chapter 4, Analysis and Design of Information Systems by V.Rajaraman published by Prentice Hall of India 2002 with permission from publisher. 2. Systems Analysis and Design, by K.E.Kendell and J.E.Kendell published by Pearson Education Asia 2002 discuss in detail fact gathering in pp.117-196. They cover interviewing, questionnaire use and observing an organization very thoroughly.
MODULE 4
FEASIBILITY ANALYSIS
Contents
1. MOTIVATION AND LEARNING GOALS 2. LEARNING UNIT 1 How to formulate project goals and quantify them 3. LEARNING UNIT 2 Examining alternative solutions and evaluating proposed solutions a) Technical feasibility b) Operational feasibility c) Economic feasibility
4. LEARNING UNIT 3 Cost benefit analysis. Documenting feasibility report
5. REFERENCES
FEASIBILITY ANALYSIS
MOTIVATION
Before a management decides to implement a computer based system they should know the goals which will be met by the system. These goals should primarily be quantitative goals so that when the system is implemented it is possible to compare quantitatively the achievements with the original goals set. Analysts should be able to estimate what hardware and human resources will be needed to implement a system to meet the goals. Analyst must examine alternative methods to implement the system and their resource needs. A cost-benefit analysis should be carried out for each alternative and given to the management. This analysis will be essential for a management to decide which solution they would like to implement. Feasibility of meeting goals with available technology and human resource and cost/benefit are important parameters for informed management decisionmaking.
LEARNING GOALS At the end of this module you will know How to formulate the goals to be met by the information system to be designed How to quantify the goals How to obtain alternative solutions to satisfy the goals How to assess the feasibility of implementing alternative solutions. How to compute cost vs benefits of each alternative feasible solution How to prepare a system proposal for the potential users of the system
LEARNING UNIT 1
How to formulate project goals and quantify them
STEPS IN FEASIBILITY ANALYSIS
Note down deficiencies in current system found while preparing SRS Document Set goals to remove deficiencies Quantify Goals Find alternative solutions to meet goals Evaluate feasibility of alternative solutions taking into account constraints on resources. Rank order alternatives and discuss with user. Prepare a system proposal for management approval Quantify the goals and sub-goals from the verbal statement of goal For example: Send bill soon after month end Quantified statement of the same goal: Send bill within 5 days of month end Find out whether it is possible to meet these goals. Determine the cost of meeting each goal Find cost benefit if quantified
GUIDELINES FOR SEARCHING GOALS

Identify the deficiency by pinpointing missing functions, unsatisfactory performance and excessive cost of operations. Set Goals to remove deficiency and provide competitive advantage
CHARACTERSTICS OF A GOAL
Must be quantified, realizable with the constraints of the organization and the system, broken down into Sub-Goals, agreeable to all concerned, in general goals must not only remove deficiency but also give a system which is superior to those of the competitors of the organization.
CASE STUDY-HOSTEL INFORMATION SYSTEM
(For details of this Case Study see Chapter 5 page 46-58 of book Analysis and design of Information Systems, Prentice Hall of India, New Delhi,2002 by V.Rajaraman) MISSING FUNCTIONS 1.1 Stores requirement not forecast 1.2 Purchases not consolidated 1.3 Daily rate calculation not frequently updated 1.4 Menu not planned for balanced nutrition and low cost
UNSATISFACTORY PERFORMANCE 2.1 Billing not accurate and prompt 2.3 Student bills not itemized 2.3 Stores issue to cooks arbitrary 2.4 Payments to vendors not prompt 2.5 Large variations in mess bills every month
DEFICIENCIES (HIGH OPERATIONAL COST) 3.1Unpaid and long outstanding bills from students 3.2 Extras and rebates not reflected in stores issues 3.3 Frequent small purchases at high cost 3.4 High transport cost due to not consolidating stores requirements
FORMULATIOIN OF GOALS
MAIN GOALS
Ml . Send bill to students within 5 days of the end of month M2. Control inventory of items in stores & issues to cooks to bring down mess bill by 10% M3. Balance menu to meet nutritional requirements M4. Cost of new menu not to exceed current cost FORMULATION OF SUB-GOALS S1.1 Itemize bills showing extras and rebates with dates S1.2 Ensure less than 5% variations of bills from month to month SI.3 Bills not paid within 10 days of issue brought to the attention of chief warden S1.4 Update daily rates every day Main goals M1 and sub-goals S1.1,S1.2,S1.3 remove deficiencies 1.3,2.1,1.2.2,2.5,3.1 S2.1 Ensure payment to vendors within five days of supply of items S2.2 Maximum 4 trips per month for purchases. Cartage less than 1% of item cost S2.3 Reduce inventory level. Level not more than 10% of requirements in a month S2.4 Issue to cooks every day not to exceed 5% of calculated values Main goals M1& sub-goals above remove deficiencies 1.1,1.2,2.3,2.4,3.2,3.3,3.4
LEARNING UNIT 2 Examining alternative solutions and evaluating proposed solutions
EXAMINING ALTERNATIVE SOLUTIONS

HOSTEL INFORMATION SYSTEM ALTERNATIVE SOLUTIONS A: Improve manual system B: Use PC based periodic update system C: An on-line system with server and several clients
SOLUTION A: MANUAL SYSTEM Keep up-to-date running total of extras and rebates for each student, use look up table to find material needed each day based on number of extras, calculate standard quantities needed and use for vendor order, track student payments to find overdue payments. Solution does not ensure reduction in bill variations and prompt payment to vendors, solution not scalable to large student population SOLUTION B: USE PC BASED PERIODIC UPDATE SYSTEM Use a single PC to prepare students bills and to itemize bills, prepare a list of number of members who will eat for next two days, alert warden when bill is not paid within 10 days of issue. Use a PC to generate Vendor order, Inventory control of store and Menu planning. The PC configuration needed based on data base sizes is: PC with 20 MB disk, 1.2 MB floppy is sufficient. However minimum configuration available today(2004) is PC with 128 MB main memory, 40 GB disk 1.2MB floppy & CD R/W costs Rs. 25,000.Systems software (Windows XP, MSOffice, anti-virus) will cost around Rs.25,000. So, the Total cost is Rs 50,000. But a PC with printer and uninterrupted power supply costs Rs. 70,000
SOLUTION C: AN ON-LINE SYSTEM WITH SERVER AND SEVERAL CLIENTS Use a server which is accessed by 3 clients one each in the mess, the stores and the accounts sections; perform on-line transaction processing. The advantage is up to the minute status can be found
EVALUATING ALTERNATIVE SOLUTIONS

Determine Technical feasibility of each solution, in other words is technology mature to implement a solution. Determine Operational feasibility of each solution. In other words, for a given organizational structure will the solution fit in. Will it provide right information at the right time to users? Determine Economic feasibility of each solution. In other words, are finances available to implement system? Will it be cost effective? Will the money spent be recovered by savings or by better services to users.
TECHNICAL AND OPERATIONAL FEASIBILITY

Solution B is rejected, as it does not meet most of the requirements. Solution C is rejected, as it is a high cost solution. Solution B is selected for further consideration. It is technically feasible as PC of necessary configuration is easily available. It is also operationally feasible as clerks in hostel office can be easily trained to use a PC. System analyst/ programmer hired for this purpose will write the necessary problems.
LEARNING UNIT 3
Cost benefit analysis. Documenting feasibility report.
COST-BENEFIT ANALYSIS
This is done to find economic feasibility of proposed solution and to find whether returns by implementing a system justify the cost. This is found by listing direct and indirect costs Direct cost- Cost of computer, software, space, human resource, material, travel, training etc. Indirect cost- Time spent by persons and data gathering
BENEFITS
Tangible benefits are measurable. Direct benefits are savings due to reduced inventory, early collection of outstanding payments, reduced wastage, faster production, increased production. Indirect benefit is increased work done with same human resource. Intangible benefits are like better service to customers, superior product quality, accurate, reliable, timely and up-to-date strategic, tactical and operational information to management
COST BENEFIT ANALYSIS CASE STUDY OF HOSTEL INFORMATION SYSTEM COST : PC,UPS,Printer+Systems analyst+programmer Capital 70,000 +60,000 =1,30,000 Cost(Recurring) : Stationery, maintenance,floppy etc. Rs. 2000 per month Benefits : - Inventory reduction 5% of mess bill of 400 students Daily rate=Rs 45 Savings= 45*0.05*30*400=Rs 27,000 - Transport cost saving=Rs 800 per month - Savings due to early payment =material cost*1.2%=37.5*400*30*0.012=Rs 5400 - Savings due to early collection =40*1350*0.01=Rs 540 Direct saving=33740 Indirect benefit : student satisfaction due to itemized bill, predictable daily rate, better menu Net Direct Saving per month= 33740-2000 = 31740 Total capital cost=l,30,000
PAY BACK PERIOD

SIMPLE: Cost 1,30,000 Saving 31,740 per month Cost recovered in 130000/31740 = 4.1 months Using interest on capital: Monthly interest=0.015* 1,30,000 =Rs 1950 per month Saving per month=31740-1950=29790 Cost recovered in 130000/29790 = 4.4 months
PRESENT VALUE METHOD
Accounts for the fact that a benefit accruing n months later will be lower today as the money if available today would have earned interest If r = Interest rate in % per month. n = number of months x = benefit Present value of benefit accruing n months later is: Present value = x/(1+r)n
COST-BENEFIT
Present Value method This accounts for the fact that benefits each month will also earn interest Month Cost Net-Benefit present value of Benefit 0 1,30,000 0 0 1 31,740 31271 2 31,740 30809 3 31,740 30354 4 31,740 29905 5 31,740 29463 cumulative Benefit
31271 62080 92434 122339 151802
This also give us less than 5 months as pay back period
STRUCTURE OF EXCUTIVE SUMMARY
Feasibility report What the proposed system will achieve Who will be involved in operating the system Organizational changes to implement system List of benefits of the system Cost of system - Capital +Recurring Cost-benefit analysis
SYSTEM PROPOSAL STRUCTURE

Introduction with outline of proposal Data flow diagram of existing system Modified DFD of proposed system Discuss alternative solutions List new equipment to be installed (if any) Technical,operational feasibility of analysis Cost- Benefit analysis New procedures, human resources and training needed Anticipated problems Implementation plan
REFERENCES
1. This module is based on Chapter 6, Feasibility Analysis, of the book Analysis and Design of Information Systems by V.Rajaraman, Prentice Hall of India. Parts of the the book have been used in case studies.
2. J.E.Kandall and J.E.Kandall, Systems Analysis and Design, 5th Edition, Pearson Education (Asia) 2003. Part of Chapter 3 pp.55-63 deal with feasibility analysis. It is reasonably well treated but does not have any quantitative examples.
3. R.Schultheis and Mary Summer, Management Information Systems, Tata McGraw Hill, 1999. Very short treatment of feasibility analysis as part of system Life Cycle (pp.544-545). 4. S.Alter, Information Systems, 4th Edition, Pearson Education Asia, New Delhi, 2002. A brief discussion of feasibility analysis presented on pp.481 as part of traditional life cycle method. In the same chapter there is a brief discussion of prototype method which is used when users are not able to state their requirements clearly.
5. K.C.Laudon and J.P.Laudon, Management Information Systems, Pearson Education Asia, New Delhi, 2004. Very brief discussion (one para only) on p.390) 6. J.A.Hoffer, J.F.George and J.S.Valacich, Modern Systems Analysis and Design, Pearson Education Asia, New Delhi 2002. Has a good discussion of feasibility. study on pp.168 to 181. Besides Technical, operational and Economic feasibility they also include other parameters which are schedule, legal/contractual and political feasibility which arise when one tries to develop a system.
MODULE 5
DATA FLOW DIAGRAMS
Contents
2. LEARNING UNIT 1 Developing Data Flow Diagrams(DFD) a) What are DFDs? b) Symbols used in DFD c) Rules of data flow d) Good style in drawing DFD 3. LEARNING UNIT 2
Describing systems with DFD & Levelling DFDs
4. LEARNING UNIT 3
Logical & Physical DFDs
5. References
DATA FLOW DIAGRAMS

MOTIVATION DFD provides an overview of what data a system processes, what transformations are performed, what data are stored, what results are produced and where they flow. Graphical nature makes it a good communication tool between -User and analyst -Analyst and System designer Structure of DFD allows starting from a broad overview and expands it to a hierarchy of detailed diagrams LEARNING GOALS
At the end of this module you will know
1.What are Data Flow Diagrams (DFDs)? 2.Why they are useful? 3.How are they developed? 4.How to level DFDs? 5.Good style conventions in developing DFDs 6.Difference between Logical and Physical DFDs 7.Tools available to draw DFDs
LEARNING UNIT 1 Developing Data Flow Diagrams(DFD)
DATA FLOW DIAGRAMS DFDs models the system by depicting external entities from which the data flows and where results terminate, processes which transform data flows, data stores from which the data are read or into which data are written by the processes.
SYMBOLS USED IN DFD

PROCESS
Stores demand note
1. STORES
Issue Advice
Delivery slip
A circle represents a process Straight lines with incoming arrows are input data flows Straight lines with outgoing arrows are output data flows Processes are given serial numbers for easy reference Labels are assigned to Data flow. These aid documentation
EXTERNAL ENTITIES Invoice Order Bill
VENDOR
Customer
A Rectangle represents an external entity. They either supply data or receive data. They do not process data
DATA STORES
Inventory
Writing
Reading
A Data Store is a repository of data Data can be written into the data store and this is depicted by an incoming arrow. Data can be read from a data store and this is depicted by an outgoing arrow External entity cannot read or write to the data store. Two data stores cannot be connected by a data flow
RULES OF DATA FLOW Data can flow from -external entity to process -process to external entity
-process to store and back -process to process Data cannot flow from -external entity to external entity -external entity to store -store to external entity -store to store
GOOD STYLE IN DRAWING DFD Use meaningful names for data flows, processes and data stores. Use top down development starting from context diagram and successively levelling DFD Only previously stored data can be read A process can only transfer input to output.It cannot create new data Data stores cannot create new data
LEARNING UNIT 2 Describing systems with DFD & Levelling DFDs
An entire system is represented by one DFD which gives the systems overview . It is called a context diagram. It gives little detail & is also known as the top level DFD.
Context diagram of mess management is shown
Extras Note Students Requisitions Supplies Mess Manage ment Mess Secretary Vendors Payments Payments
Bills
Perishable Items
Mess manager
Daily rate Menu
Item needed Each day Overdue Payments
Overdue Bills Chief warden
Note: This diagram gives very little detail
LEVELLING DFD A context diagram gives an overview, it should be split into major processes which give greater detail. Each major process is further split to give more detail. Each major process is further split to give more detail
WHY LEVEL DFD? If a DFD is too detailed it will have too many data flows and will be large and difficult to understand. Therefore start from a broad overview. Expand the details - Idea similar to using procedures and linking these with a main program. Each DFD must deal with one aspect of a big system
EXPANDED DFD FOR HOSTEL MESS MANAGEMENT
Students
Mess Secretary Update daily rate 1 Billing
Chief Warden
Payments
Unpaid bills
Itemized bills at end of month
Items used each day
Extras/Rebates Expenses No of meals (today +3) Student billing Information + bills Mess manager
Going to next process (Continued in next page) Continued

Low stock (today+2)
Vendor supplies Vendors Order nonperishable
2 Stores issue and Control system
Items to be issued (today +2)
Mess Manager
Items used today
Menu (today +2) Vendor data Stores inventory Order data
Mess Secretary
Perishable order
3 Perishable ordering
Vegetables and perishable requisition
Orders (perishable)
Vendor data (perishable)
LEVELLING RULES If process p is expanded, the process at the next level are labeled as p.1,p.2 etc. All data flow entering or leaving p must also enter or leave its expanded version. Expanded DFD may have data stores
No new external entity can appear in expanded DFD Keep the number of processes at each level less than 7.
ILLEGAL CONSTRUCTS IN DFD No loops are allowed in DFD A process cannot be a pure decision
Actual daily rate Compare Standard daily rate
Actual rate > Standard rate
Actual rate <= Standard rate
A single data flow should not be split into many flows with different labels No data flow allowed between data stores
Record Get students extra/rebates record Ask for next record
Calculate Bill
Extra/rebate store
Above DFD not correct as loop is formed
LEVELLING EXAMPLES
Ext A
Top Level process
Ext B
Ext A
2 F1
4 F4
Ext B
3 Process 1 Ext A
1.1 1.2 1.4 2.1
Process 2
2.2 2.3
F1
1.3
3.1
3.2
3.4
Ext B
4.3
4.1
4.2
LEARNING UNIT 3
3.3
F4
Logical & Physical DFDs
LOGICAL AND PHYSICAL DFD DFDS considered so far are called logical DFDs. A physical DFD is similar to a document flow diagram. It specifies who does the operations specified by the logical DFD. Physical DFD may depict physical movements of the goods. Physical DFDs can be drawn during fact gathering phase of a life cycle.
PHYSICAL DFD FOR ENCASHING CHEQUE
Cash
Token
Clerk Verify A/C Signature Update Balance Cashier Verify Token Take Signature
Customer
Cheque Token
Cheque with Token number
Store cheques Bad Cheque Customer Accounts
Entry in Day Book
LOGICAL DFD FOR CHEQUE ENCASHMENT
Retrieve Customer Record
Cheque
Check Balance, Issue token
Cheque with Token
Store Token no & cheques
Token Slip Or cheque Cheque Customer accounts Search & match token Update Daily cash book
Cheque store With token no.
Customer
Cheque with token
Token Slip Cash
Day book
REFERENCES
1. This module is based on Chapter 7 of Analysis and Design of information systems, V.Rajaraman, Prentice Hall of India, New Delhi, 2002. 2. Ian Sommerville, Software Engineering, 5th Edition, AddisonWesley, 1996, has a brief discussion of Data Flow Models on pp.101 to 103. 3. T.DeMarco, Structured Analysis and System Specification, Yourdon Press, 1978. this book written by the original developer of DFD modeling is a well written book. It is a good reference book. 4. E.Yourdon, Modern Structured Analysis, Prentice Hall of India, New Delhi, 1996. Chapter 9 (pp.139 to 187) is a good treatment of Data Flow Diagrams. All the topics covered in this module are discussed in this chapter. 5. Hoffer, J.A., George, J.F. and Valacich J.S., Modern Systems Analysis and Design, 3rd Edition, Pearson Education Asia, New Delhi, 2002. Chapter 8 (pp.241 to 271) has a good treatment of
DFDs with a running example of a quick service restaurant. Different types of DFDs and logical checking of DFDs are discussed well. 6. K.E.Kendall and J.E.Kendall, Systems Analysis and Design, 5th Edition, Pearson Eduation Asia, New Delhi, 2003. Chapter 9 is devoted to Data Flow Diagrams (pp.241 to 285). Has a number of problems at the end of the chapter which are quite interesting.
MODULE 6
PROCESS SPECIFICATION
Contents
2. LEARNING UNIT 1 Structured English specification
3. LEARNING UNIT 2 Decision table based specifications 4. LEARNING UNIT 3 Detecting -Incompleteness -Ambiguity -Contradictions -Redundancy in decision table specification 5. LEARNING UNIT 4 Eliminating redundancy in specifications 6. LEARNING UNIT 5 Decision trees for specifications 7. REFERENCES
PROCESS SPECIFICATION MOTIVATION
Before designing a system an analyst must clearly understand the logic to be followed by each process block in a DFD. An analysts understanding must be crosschecked with the user of the information system. A notation is thus needed to specify process block in detail, which can be understood by a user. Notation used must be appropriate for the type of the application to be modelled. Different notations are needed to represent repetition structures, complex decision situation and situations where sequencing of testing of conditions is important. For complex logical procedures a notation is needed which can also be used to detect logical errors in the specifications. This is called Decision Table. A tabular structure for representing logic can be used as a communication tool and can be automatically converted to a program.
LEARNING GOALS At the end of this module you will know 1.How to use structured English to precisely specify processes 2.The terminology used in structured English 3.Terminology of decision tables and how it is used to specify complex logic 4.How to detect errors in decision table specifications 5.Terminology and use of decision trees 6.Comparison of structured English, decision tables and decision trees
LEARNING UNIT 1
Structured English specification

PROCESS SPECIFICATION Once a DFD is obtained the next step is to precisely specify the process. Structured English, Decision tables and Decision Trees are used to describe processes. Decision tables are used when the process is logically complex involving large number of conditions and alternate solutions. Decision trees are used when conditions to be tested must follow a strict time sequence. STRUCTURED ENGLISH Structured English is similar to a programming language such as Pascal. It does not have strict syntax rules as in programming languages as the intention is only to give precise description of a process. The structured English description should be understandable to the user. Example: if customer pays advance then else if purchase amount >=10,000 then if the customer is a regular customer then else end if DECISION TABLE-EXAMPLE else No Discount end if Same structured English procedure given as decision table end if Give 5% Discount No Discount Give 5% Discount
CONDITIONS Advance payment made Purchase amt >=10,000 Regular Customer? ACTIONS Give 5% Discount Give No Discount
RULE1 Y -
RULE2 N Y Y
RULE3 N Y N
RULE4 N N -
X -
X -
DECISION TABLE-EXPLANATION Conditions are questions to be asked Y is yes,N is no & - is irrelevant A X against the action says the action must be taken A - against the action says the action need not be taken Rule 2 in decision table DISCOUNT states: if no advance payment and purchase amount >=10000 and regular customer then give 5% discount In Structured English, imperative sentences, actions to be performed should be precise and quantified Good Example: Give discount of 20% Bad Example: Give substantial discount The operators and keywords in Structured English are as follows: Operators -Arithmetic : +, -, /, * Relational : >, >=, <, <=, =, != Logical : and, or, not Keywords : if, then, else, repeat, until, while, do, case,
until, while, do, case, for, search, retrieve, read, write Delimiters {, }, end, end if, end for The structured English procedure given above is expressed as a Decision tree below
Give 5% Discount Y
C1 C3
Y Y
C2
Give 5% Discount
No Discount No Discount
N
Y = Yes N = No
C1: Advance payment made C2: Purchase amount >=10,000 C3: Regular Customer
STRUCTURED ENGLISH-DECISION STRUCTURES If condition then { Group of statements } else { Group of statements }
end if
Example: if(balance in account >= min.balance) then honor request else reject request end if
STRUCTURED ENGLISH-CASE STATEMENT
Case (variable) Variable = P: { statements for alternative P} Variable = Q: { statements for alternative Q} Variable = R: { statements for alternative R} None of the above: { statements for default case} end case
Example : Case(product code) product code =1 : discount= 5% product code =2 : discount =7% None of the above : discount=0 end case
STRUCTURED ENGLISH-REPETITION STRUCTURE for index = initial to final do { statements in loop } end for Example : Total =0 for subject =1 to subject =5 do
total marks=total marks +marks(subject) write roll no,total marks end for
STRUCTURED ENGLISH-WHILE LOOP while condition do { statements in loop } end while Example : while there are student records left do read student record compute total marks find class write total marks, class, roll no end while
EXAMPLE Update inventory file for each item accepted record do { search inventory file using item code if successful then { update retrieved inventory record; write updated record in inventory file using accepted record} else { create new record in inventory file; enter accepted record in inventory file} end if end for LEARNING UNIT 2 Decision table based specifications
ADVANTAGES OF DECISION TABLE
Easy to understand by non-computer literate users and managers. Good documentation of rules used in data processing. Simple representation of complex decision rules. Tabular representation allows systematic validation of specification detection of redundancy, incompleteness & inconsistency of rules. There exist algorithms to automatically convert decision tables to equivalent computer programs.
METHOD OF OBTAINING DECISION TABLE FROM WORD STATEMENT OF RULES EXAMPLE A bank uses the following rules to classify new accounts If depositor's age is 21 or above and if the deposit is Rs 100 or more, classify the account type as A If the depositor is under 21 and the deposit is Rs 100 or more, classify it as type B If the depositor is 21 or over and deposit is below Rs 100 classify it as C If the depositor is under 21 and deposit is below Rs 100 do-not open account Identify Conditions: Age >= 21 Cl Deposits >= Rs 100: C2 Identify Actions : Classify account as A, B or C Do not open account
DECISION TABLE FROM WORD STATEMENT
Condition Stub CODITIONS C1 : Age >= 21 C2: Deposit >=100 Rule 1 Y Y Rule 2 N Y Rule 3 Y N Rule 4 N N
ACTIONS A1: Classify as A A2: Classify as B A3: Classify as C A4: Do not open Account X X X -
Action Stub
DECISION TABLE NOTATION EXPLAINED CONDITION STUB
CONDITION ENTRIES
ACTION STUB
ACTION ENTRIES
4 Quadrants-demarcated by two double lines CONDITION STUB LISTS ALL CONDITIONS TO BE CHECKED ACTION STUB LISTS ALL ACTIONS TO BE CARRIED OUT LIMITED ENTRY DECISION TABLE:ENTRIES ARE Y or N or -.YYES,N- NO,-IRRELEVANT(DONT CARE) X against action states it is to be carried out. - against action states it is to be ignored. Entries on a vertical column specifies a rule order of listing actions important while order of listing conditions is not important actions listed first carried out first sequential execution of actions rules may be listed in any order
INTERPRETING DECISION TABLE-ELSE RULE
C1: Is applicant sponsored? C2: Does he have min Qualification? C3: Is fee paid? A1: Admit letter A2: Provisional Admit letter
Y Y Y X -
Y Y N X ELSE
Interpretation R1: If applicant sponsored and he has minimum qualifications and his fee is paid Send Admit letter R2: If applicant sponsored and has minimum qualifications and his fee not paid send provisional admit letter ELSE: In all other cases send regret letter.The else rule makes a decision table complete
DECISION TABLE FOR SHIPPING RULES
R1 C1: Qty ordered <= Quantity in stock? C2: (Qty in stock-Qty ordered)<=reorder level C3: Is the partial shipment ok? Y N X
R2 Y Y X
R3 N Y -
R4 N N -
A1:Qty shipped=Qty ordered
EXTENDED ENTRY DECISION TABLE
Condition Entries not necessarily Y or N Action entries not necessarily X or - Extended Entry Decision Tables(EEDT) more concise EEDT can always be expanded to LEDT
Example
C1 : Product code C2 : Customer code C3 : Order amount
R1 1 A <=500
R2 1 B <=500
R3 1 A >500
R4 1 B >500
R5 1 C -
R6 2 -
Discount =
5%
7.5%
7.5%
10%
6%
5%
MIXED ENTRY DECISION TABLE Can mix up Yes, No answers with codes
Rl Cl : Product code = 1? C2: Customer code = C3: Order amount < 500? Discount = Y A Y
R2 Y B Y
R3 Y A N
R4 Y B N
R5 Y C -
R6 N 5%
5% 7.5% 7.5% 10% 6%
Choice of LEDT, EEDT, MEDT depends on ease of communication with user. Softwares are available to translate DTs to programs.DTs are easy to check.
LINKED DECISION TABLE
Decision table 1
Salary point=6 Conduct OK? Diligence OK? Efficiency OK? Go to table 2 No promotion N Y Y Y X e l s e X
Decision table 2
Salary point>2 1 yr as class 1 officer Departmental test Passed? N Y Y N N N N Y -
Advance to next salary point No promotion Go to Table3 Y Y
X -
X -
X -
Decision table3
Complete departmental Course 1 yr since last increment else
1.Observe that one can branch between tables 2. Whenever complex rules are given it is a good idea to break them up into manageable parts
LOGICAL CORRECTNESS OF DECISION TABLE
Consider decision table DTI: Rl Y X R2 Y X
Cl: x>60 C2:x<40 Al A2 :
We can expand decision table by replacing each by Y & N
DT2:
Cl: x>60 C2:x<40 Al A2 :
R11 Y Y X -
R12 Y N X -
R21 N Y X
R22 Y Y X A rule which has no is an Elementary rule
DT2 is an Elementary Rule Decision Table (ERDT)
From this table we see that the rule YY has two contradictory actions. Thus we need to examine the table further and make sure it is not a serious mistake. Also the rule C1=C2=N is missing which needs further examination
LEARNING UNIT 3 Detecting- Incompleteness, Ambiguity,Contradictions & Redundancy in decision table specification
LOGICAL CORRECTNESS OF DECISION TABLE (CONTD) A decision table with 1 condition should have 2 elementary rules, each elementary rule must be distinct, each elementary rule must have distinct k action, if a decision table with k conditions does not have 2 rules specified it is said to be incomplete. For example : DT2 does not have the elementary rule C1:N, C2:N. It is thus incomplete. If the decision table has the same elementary rule occurring more than once it is said to have multiplicity of specifications For Example: In DT2 The rule C1:Y,C2:Y occurs twice. Thus it has multiplicity of specification. If action specified for multiple identical rules are different then it is called ambiguous specifications DT2 has an ambiguity. Rules R11 and R22 are identical but have different actions. Ambiguity may be apparent or real. It is said to be apparent if the rule leading to the ambiguity is logically impossible For example,(x>60)=Y and (x<40)=Y cannot occur simultaneously. Thus in DT2 rules R11 and R22 are apparently ambiguous rules Apparently ambiguous rules is not an error
If an apparently ambiguous specification is real then it is a contradiction For example : If C1:(X > 60) = Y and C2:(X > 40) = Y then X = 70 will satisfy both inequalities. As two actions are specified for (Cl = Y, C2 = Y) and they are different the rule is really ambiguous and is called Contradictory Specification.
If all 2k elementary rules are not present in a k condition decision table is said to be incomplete. DT2 is incomplete as rule C1:N, C2:N is missing Rule C1=N, C2:=N is logically possible as C1=N is X<=60 and C2=N is X >= 40. A value of X = 50 will make C1=N,C2=N Thus DT2 has a real incomplete specification A decision table which has no real ambiguities or real incompleteness is said to be logically correct. Decision table with logical errors should be corrected USE OF KARNAUGH MAPS KARNAUGH map abbreviated K-map is a 2 dimensional diagram with one square per elementary rule The k-map of DT2 is
C1 C2 N Y N Y
? A2
Al A1,A2
If more than one action is in one square it is an ambiguous rule If a square is empty it signifies incomplete specification. USE OF KARNAUGH MAPS Structured English procedure:
If carbon content<0.7 then if Rockwell hardness>50 then if tensile strength>30000 then steel is grade 10 else steel is grade 9 end if else steel is grade 8 end if else steel is grade 7 end if DT3:
Decision table-Grading steel C1:Carbon content <0.7 C2:Rockwell hardness>50 C3 tensile strength>30000
Y Y Y N Y N N N Y Y N N N Y Y N Y N N N Y Y N Y 10 9 8 7 ? ? ? ?
Grade
KARNAUGH MAPS GRADING STEEL
C1 C2 NN C3
NY
? ?
YY
9 10
YN
8 ?
N Y
7 ?
Observe that the fact that the specification is incomplete is obvious in the Decision table whereas the structured English specification seems complete which is not.
DT4: DECISION TABLE-ARREARS MANAGEMENT
R1 R2 R3 R4 R5 R6 C1:Payment in current month >min.specified payment C2:Payment in current month>0 C3:Any payment in last 3 months C4: Actual arrears > 3(min. Specified payment per month) Y N Y Y N Y N N Y N Y N N Y Y
A1 : Send letter A A2 : Send letter B A3 : Send letter C A4 : Send letter D A5 : Send letter E
X -
X -
X -
X -
X -
KARNAUGH MAP
C1C2 C3C4 NN NN ? NY YY YN
A4 A4
NY
A3 A2A4+ A2
YY
A1 A1A4+ A1
YN
A1* A1A4* A1A4*
C1 : x>m C2:x>0 C3:y>0 m>0 A5 A3 C4:z>3m A1 A1A5* C3,C4 independent of C1,C2 C1,C2 dependent C1: Y C2: Y x>m, x>0 possible C1: Y C2: N x>m, x<=0 not logically possible C1: N C2: Y x<=m,x>0 possible C1: N C2: N x<=m,x<=0 possible Thus C1,C2,C3 C4:NNNN incomplete specification BOXES MARKED * NOT LOGICALLY POSSIBLE Rules C1 C2 C3 C 4 : NYNY and YYNY logical errors Errors to be corrected after consulting users who formulated the rules
CORRECT DECISION TABLE If users say that for rules C1C2C3C4:NYNY AND YYNY (marked with + in k-map) the action is A4 and for C1C2C3C4:NNNN also it is A4, the corrected map is
C1C2 C3C4 NN NN A4 NY YY YN
A4 A4 A5
NY
A3 A4 A2 A3
YY
A1 A4 A1 A1
YN
IMPOSSIBLE RULES
CORRECTED DECISION TABLE DT4
C1 C2 C3 C4
Y Y N N
Y Y Y Y
Y Y Y N
N Y Y N
N Y N Y
Y Y N Y
N N Y Y
N N N Y
N N N N
N N Y N
Y Y Y Y N N
Question: Can the number of rules be reduced? Answer : Yes, by combining rules with the same action Action A1 can be represented by the Boolean expression: C1C2C3C4 + C1C2C3C4 + C1C2C3C4 = C1C2C3C4 + C1C2C3 (C4+C4) =C1C2C3C4+C1C2C3 = C1C2C4 + C1C2C3
LEARNING UNIT 4
Eliminating redundancy in specifications
REDUNDANCY ELIMINATION
Redundancy can be eliminated by systematically applying four identities of Boolean Algebra These identities are
KARNAUGH MAP REDUCTION NN A1 A1 A1 YY A1 YN A1 YN NY YY YN A1 A1 NY A1 YY A2 A2 A2 A2 C1C2 C3 C4 NN NN A2 A2 NN NY YY YN
C3 C4 NN NY
NY YY YN A2 A2
C3 C4 NN
A3 NY A3 YY YN
A3 A3
A3=C1C2C3C4+C1C2C3C4+C1C2C3C4+C1C2C3C4 =C2C3C4(C1+C1)+C2C3C4(C1+C1) =C2C4(C3+C3)=C2C4
REDUCING DECISION TABLES-USE OF K-MAP C1C2 C3C4 NN NY YY YN NN NY YY A4 A4 A4 A3 A4 A2 A1 A4 A1
A5 A3 A1 YN Boxes marked X correspond to impossible rules. They can be employed if they are useful in reducing rules Using k-map reduction rules we get A1 : C1C4+C1C3 A2 : C1C2C3C4 A3 : C1C2C4 A4 : C3C4+C2C3+C2C4 A5 : C2C3C4
REDUCING DECISION TABLES C1: Payment in current month > min specified payment C2: Payment in current month>0 C3: Any payment in last 3 months C4: Actual arrears> 3(minimum specified payment per month)
Y N
Y Y -
N N Y Y Y - N Y N Y
N N -
N N - Y Y N
X X - - - A: Send letter A B: Send letter B X - C: Send letter C X - EXAMPLE-REDUCTION OF RULES-IN WORD STATEMENT D: Send letter D - X X Rules : Insure E: Send letter E Driver if following rules are - satisfied - - 1.Drivers annual income > 20000 & is married male 2.Drivers annual income > 20000 & is married and over 30 3.Drivers annual income <= 20000 & she is married female 4.Driver is male over 30 5.Driver is married and age is not relevant Else do not insure Conditions: C1 : Annual income > 20000 C2 : Male C3 : Married C4: Age > 30 Action: Insure or do not insure
X - X
DECISION TABLE FOR INSURANCE RULES
Cl : Annual income> 20000 C2: Male C3: Married C4: Age > 30 A1:Insure A2 :Do not insure
Y Y Y X -
Y Y Y X -
N N Y X -
Y Y X -
E L Y S N E X X
C1C2 C3C
NN NY YY A1 YN REDUCED DECISION TABLE NN NY YY YN
A1 A1 A1
A1 A1 A1 A1 A1
A1=C3+C2.C4
A1
C2 : Male C3 : Married C4 : Age > 30 Al : Insure A2 : Do not Insure
Y X
Y Y X -
ELSE
LEARNING UNIT 5 -
Decision trees for specifications

Reduced rules : Insure if married or male over 30 DECISION TREES to 2 and 1 condition removed Observe 5 rules simplified Decision Trees is used when sequence of testing condition is important. It is more procedural compared to Decision tables. EXAMPLE DECISION TREE TO BOOK TRAIN TICKET Book by II AC on 4/8/04 if available else book by II AC on 5/8/04.If both not available book by sleeper on 4/8/04 if available else book on 5/8/04 by sleeper. If none available return.
Book II AC
C1
N Y
Book II AC
C2
N
Book sleeper Book sleeper
C3
N
C4
N Return C1: Is II AC ticket available on 4/8/04 C2: Is II AC ticket available on 5/8/04 C3: Is sleeper available on 4/8/04 C4: Is sleeper available on 5/8/04 Observe in the tree sequencing of conditions which is important in this example CONDITIONS Decision trees are drawn left to right Circles used for conditions Conditions labelled and annotation below tree Conditions need not be binary For example:
>=60
C
GRADE A GRADE B GRADE C GRADE F
>=50 >=40 else
Sometimes Decision trees are more appropriate to explain to a user how decisions are taken
COMPARISON OF STRUCTURED ENGLISH, DECISION TABLES AND DECISION TREES CRITERION FOR COMPARISON STRUCTURED ENGLISH DECISION TABLES DECISION TREES
ISOLATING CONDITIONS & ACTIONS SEQUENCING CONDITIONS BY PRIORITY CHECKING FOR COMPLETENESS, CONTRADICTION
NOT GOOD
BEST
GOOD
GOOD
NOT GOOD
BEST
NOT GOOD
BEST
NOT GOOD
WHEN TO USE STRUCTURED ENGLISH,DECISION TABLES AND DECISION TREES
Use Structured English if there are many loops and actions are complex Use Decision tables when there are a large number of conditions to check and logic is complex Use Decision trees when sequencing of conditions is important and if there are not many conditions to be tested
REFERENCES
1. V.Rajaraman, Analysis and Design of Information Systems, 2nd Edition, Prentice Hall of India, New Delhi, 2002. Most of the material in this module is based on Chapter 8 and 9 of the above book. The book is perhaps the only one which has extensive discussion on error detection in Decision Tables. 2. K.E. Kendall and J.E.Kendall, Systems Analysis and Design, 5th Edition, Pearson Education Asia, Delhi, 2003. Has a brief discussion of structured English, Decision Tables and Decision Trees (pages 353 to 369). Website www.prenhall.com/kendall has a lot of support material and case study for students. 3. J.A.Hoffer, J.F.George, J.S.Velacich, Modern Systems Analysis and Design, Third Edition, Pearson Education Asia, 2002. Chapter 7 (pages 282 to 303) cover the topics in this module. The book has a number of interesting case studies and a good problem set. The web site http://prenhall.com/hoffer has material to assist students who use this text book.
4. E.Yourdon Modern Structured Analysis, Prentice Hall of India, 1996. Chapter 11 (pages 203 to 232) describes structured English and Decision Tables. There is a larger set of exercises at the end of the chapter.
MODULE 7
DATA INPUT METHODS
Contents
2. LEARNING UNIT 1 Data Dictionary : its development and use
3. LEARNING UNIT 2 Data input methods : Batch and Interactive
4. LEARNING UNIT 3 Coding technique for unique data representation.
5. References
DATA INPUT METHODS
MOTIVATION
During systems analysis it is essential for an analyst to decide the necessary and sufficient data for designing an application. DFD gives the dataflows and stores of a system. Individual data elements of dataflows and stores can be catalogued. Such a catalogue with description of each element and their types will be an invaluable aid while designing a system. A catalogue will also bring out if any data is duplicated/missed. A catalogue will also be an invaluable documentation of a system. Such a catalogue is called Data dictionary-It is actually metadata, i.e., data about data. After data dictionary is designed one needs to determine how the data is to be input. Data input methods depend on whether the data is filled in by customers in forms manually and later input by data entry operators or data is directly input by users on PCs. We thus need to understand both these methods. Unless data input is correct, results will be unreliable. Information systems normally have a large volume of data. Because of large volume special controls are needed to ensure correctness of data input - otherwise it is difficult to find which data is incorrect. Thus it is important to design appropriate data input methods to prevent errors while entering data. Key data elements are important to identify records. They need to be unique, concise and understandable by users. Thus we need to study methods of coding key data element LEARNING GOALS At the end of this module you will know 1.The need for a data dictionary for an application 2.How to develop a data dictionary for an application 3.Design of forms and screens for data input. 4.Need and methods of coding data elements. 5.Coding schemes for automatic error detection while inputting data 6.Need for and design of input data validation methods.
LEARNING UNIT 1
Data Dictionary : its development and use
WHAT IS DATA DICTIONARY Data dictionary is a catalogue of all data used in an application, their names, type and their origin. In other words it is data about data which is called metadata. Data dictionary gives a single point reference of data repository of an organization. It is thus an important documentation which would be useful to maintain a system
HOW IS DATA DICTIONARY DEVELOPED?
The Starting point of developing a data dictionary is a DFD. Example: Consider the Receiving office DFD.
Vendor
Delivery note
Receivin g Process
Items Received note
Inspection Office
Orders
Purchase Office Discrepancy note
WORD STATEMENT OF REQUIREMENTS FOR THE ABOVE DFD Vendor sends items with a delivery note while fulfilling an order (along with the physical items) to a receiving office. Receiving office compares a delivery note against order placed. If there is a discrepancy a discrepancy note is sent to purchase office. Actual items received note is sent to the inspection office along with items received. DATA ELEMENTS IN DATA FLOW From word statement we derive data elements in each data flow. Order no,Vendor name,Vendor address,item name,delivery date,quantity supplied,units Item name and Vendor name may not be unique. To ensure uniqueness we assign unique codes for them. Name of item is however still kept as it is to aid people. Thus delivery note is: Delivery note = Order no + Vendor code + Vendor name + Vendor address + item code + item name + delivery date + quantity supplied + units. Discrepancy note : Order no + Vendor code + Vendor name + Vendor address + item code + item name + delivery date + quantity supplied + units + excess/deficiency + no of days late/early. Items received note = Delivery note Data in data store Order records = order no + vendor code + vendor name + vendor address + item code + item name + order date + qty ordered + units + delivery period.
TYPICAL CHARACTERSTICS OF DATA ELEMENTS(CONTD) Data dictionary gives in detail the characteristics of a data element. Typical characteristics are: Data name : Should be descriptive and self explanatory.This will help in documentation and maintenance Data description : What it represents Origin : Where the data originates e.g. input from forms, comes from receiving office, keyed in by user etc. Destination : Where data will flow and will be used (if any) Data Type : numeric, alphanumeric,letters(or text),binary(0 or 1; True or False), Integer, Decimal fixed point, real(floating point), currency unit, date Length : no of columns needed Limits on value : (if relevant) e.g. upper and lower bounds of value (age>0,<100) Remarks : (if any)
EXAMPLE OF DATA DICTIONARY ENTRY

1)
Name : Order number Description : Used to identify order given to vendor Origin : Part of delivery note from vendor Destination : Receiving process Data type : Numeric Integer Length : 8 digits Limits on value : >000,<=99999999 Actual value not relevant.Used only as unique identifier Remarks: It is a key field.
2)
Name : Delivery date Description : Date item is to be delivered Origin : Part of delivery note from vendor.Is also in orders data store which is input to receiving process Destination : Receiving process Data type : Numeric Integer Length : 8 digits Limits on value : Date field in the form DDMMYYYY. Should satisfy constraints of a date in calendar Remarks: Blank fields not allowed. e.g.05082004 is ok but not 582004 DATA DICTIONARY USES Data dictionary can be enormous in size. Requires careful development. However, it is centralized reference document. It is an invaluable resource to design input forms, screens, data checking programs, process specification and database. It is very useful in understanding and maintaining system
LEARNING UNIT 2
Data input methods : Batch and Interactive
ON-LINE - User directly Enters data using screen prompts OFF-LINE -Forms filled by users- for example-candidates for admission to a college fill forms
ERROR SOURCES Errors in on-line data entry due to poor screen design. System should inform the user immediately when wrong data is input Errors in off-line data entry due to bad form design and human errors by users and data entry operator. Using a form which leaves enough space for writing legibly and has clear instructions prevents user from making mistakes. OFF LINE DATA ENTRY PROBLEMS It is not always possible for the machine to give message when input is wrong, error may be found after elapse of time period. Therefore good controls to automatically detect and if possible correct errors is required.
BATCH DATA ENTRY

Data entered in forms
Keyboard Data entry Error batch
Input file
Data validation program
Input batch
Error report
Update program
Output report
Data processing program
Data store
Name
Address Bad design : Tendency will be to fill name on top line. Not enough space for letters of address
Bad design : Choices are not codified. Tick as applicable Individual Hindu undivided family Parent/Guardian of minor Data entry operator will be confused
Enter date Day month Year (Good design)
Enter date
(Bad design)
Enter time Enter time Enter name and address using capital letters Use one box for each alphabet Hr Min Sec Tick any of the following design) Shri (Good Smt 1 2 Name Only address (do not Repeat name) I am applying as: Tick one of the boxes below Clear instructions. Enough space for entry manually. Individual Hindu undivided family COMPUTER READABLE FORMS Parent or guardian Of minor
Kum 3
(Bad design)
Pin
As manual data input from forms are slow and expensive, attempts have been made to automate form reading using scanners, but this needs hand writing recognition and correct form alignment, which is not always successful. However, if forms require just darkening some pre-defined areas they can be machine read and interpreted. Example Multiple choice questions in exams where specific boxes are darkened based on the choice.
INTERACTIVE DATA INPUT Advent of PCs and client/server model in computer networks, interactive data input is now widely used Advantages are instant response when data is input so that errors are immediately corrected, flexibility in screen design which minimizes manual effort. And use of mouse and icons simplifies pre-determined choices of data Three main models of interactive data input : Menus Templates Commands MODELS OF DATA INPUT MENUS User presented several alternatives and asked to type his/her choice EXAMPLE SELECT ALTERNATIVE Type 1 For entering new student record Type 2 For deleting student record Type 3 For changing student record Your choice
TEMPLATE Template is analogous to form. It has features to reject incorrect data input using built-in program and is user friendly Example Roll no Name
FIRST NAME/INTIALS LAST NAME
Dept code
CE
CS
ME EE IT
Year Hostel code
Pre-programmed to reject incorrect Roll no,Dept code,Year, Hostel code Interactive commands guides user through alternatives Example Computer : Did you request deletion of record ? Type Y or N User :Y Computer : Give student roll no User : 56743 Computer : Is name of the student A.K.Jain? Type Y or N User :Y Computer : Is he 1st year student Type Y or N User :Y Computer : Shall I delete name? User :Y
Normally all three models will occur together in application .In other words Menu, Forms and Commands are not mutually exclusive. In Graphical user interface design use of languages such as Visual Basic simplifies design of user interface.
LEARNING UNIT 3
Coding technique for unique data representation.
WHY DO WE NEED CODES? UNIQUE IDENTIFIER -Example Roll no instead of name CROSS REFERENCING BETWEEN APPLICATIONS -unique Roll no may be used in examination records, accounts, and health centre EFFICIENT STORAGE AND RETRIEVAL - Codes concise- a long name will have a shorter roll no
WHAT ARE THE REQUIREMENTS OF A GOOD CODE? CONCISE - Smallest length to reduce storage and data input effort EXPANDABLE - Add new members easily MEANINGFUL- Code must convey some information about item being coded COMPREHENSIVE - Include all relevant characteristics of item being coded PRECISE - Unique, unambiguous code
WHAT METHODS DO WE USE TO CODE 1) SERIAL NO: Assign serial number to each item 2) BLOCK CODES: Blocks of serial numbers assigned to different categories. 3) GROUP CLASSIFICATION CODE- Groups of digits/characters assigned for different characteristics
Roll no
87
1 Term admitte 1
05
2 Status UG/PG UG
465 Serial no In dept 465
Year admitte (use meaningful characters) 87
Dept CS
4) SIGNIFICANT CODES - Some or all parts given values Roll no BA

Banian
1
Male
95
Chest size cms
C
Cotton
B
Color (blue)
R
Style (Round neck)
CHARACTERSTICS OF CODES
Characteristics
Codes Concise Expandable
Meaningful
Comprehensive
Precise
SERIAL NO
Yes
Moderate
Yes Yes Yes
No
No
Yes Yes Yes
BLOCK CODES
No
No
GROUP CLASSIFICATION CODE
No
Yes
Yes
SIGNIFICANT No Yes CODEERROR DETECTION CODE
Yes
Yes
Yes
Incorrect data entry can lead to chaos.Mistakes occur as volume of data processed is large. Therfore its necessary to detect and if possible correct errors in data entry. Error can be detetected by introducing controlled redundancy in codes.
MODULUS 11 CHECK DIGIT SYSTEM Error detection digit added at the end of a numeric code Code designed in such a way as to detect all single transcription and single transposition errors which is 95% of all errors Single transcription error- 49687 48687
Single transposition error 45687 48657 Given code 49687 modulus check digit obtained as follows: Multiply each digit by Weights of 2,3,4 etc starting with least significant digit 7*2+8*3+6*4+9*5+4*6=131 131/11=11,remainder 10; or 131 mod (11) =10; (11-10)=1 append it to the code The code with check digit=496871 If remainder is 1 then append(11-1)=10 code as X WHY DOES MODULUS 11 CHECK DIGIT WORK Given dn,dn-1,..d1 where d1 is the check digit
n (Widi )mod N=0 by design i=1

n n (Widi )= (Widi ) + t Wk - Wk dk i=1 i=1
What should be the values of N & Wis Single transcription error: dk become t
As (Widi ) mod N=0 (t- dk ) Wk mod N = 0

OTHER CHECKING SYSTEMS ( t- dk ) W k =p.N where p is any integer Use modulo n check with n prime > largest code character value Conditions For hexadecimal codes symbols = 16, n =17 For 0<Wk<N alphanumeric codes 26 letters As [t-dk] < 10 and Wk < N, N>10 10 digits Product of integer not a prime => N a prime Smallest prime > 10 =11 => N=11 36 symbols Therefore n=37.
VALIDATING INPUT DATA When large volume of data is input special precautions are needed to validate data validation checks methods: sequence numbering - detects missing record batch control - use batch totals data entry and verification-dual input record totals-add individual values for checking modulus 11 check digit CHECKS ON INDIVIDUAL FIELDS Radix errors - For example seconds field cannot exceed 60,month field cannot exceed 12 Range check - Fields should be within specified range Reasonableness check - Telephone bill cannot be more than 10 times average bill of last few months Inconsistent data - For example : 31-04-99 Incorrect data- Batch total checks this Missing data - Batch control data checks this Inter field relationship check For example - Student of 8lh class cannot have age > 25 REFERENCES 1. Most of the material in this module has been adapted from the book Analysis and Design of Information Systems, 2nd Edition, by V.Rajaraman, Prentice Hall of India, 2003. Chapter 5 (pp. 49-52) and Chapter 11 (pp.154-170). 2. Good material on Data Dictionary is found in K.E.Kendall and J.E.Kendall , Systems Analysis and Design, 5th Edition, Pearson Education Asia, 2003.Chapter 10 on Data Dictionaries. Chapter 16 Designing Effective Input.
MODULE 8 LOGICAL DATABASE DESIGN
Contents
2. LEARNING UNIT 1 Entity-relationship(E-R) modelling of data elements of an application.
3. LEARNING UNIT 2 Organization of data as relations
4. LEARNING UNIT 3 Normalization of relations
5. LEARNING UNIT 4 Creation of logical relational database
6. LEARNING UNIT 5 Objectives of database management system(DBMS) 7. LEARNING UNIT 6 Overview of DBMS 8. References
LOGICAL DATABASE DESIGN
MOTIVATION When a DFD is developed we have knowledge of all data elements required by an application,data dictionary lists all data elements but does not say anything about relationships between data elements. Relationships are needed to logically group data elements into related sets or tables. Such an organization reduces data duplication, simplifies adding, deleting and updating data and simplifies retrieval of desired data Database management systems achieve the purpose of mapping the logical database to a physical medium which is transparent to an application program. LEARNING GOALS At the end of this module you will learn 1.The Entity-Relationship(ER) modelling to develop a conceptual model of data. 2.How to organize data required in an application as relations 3.The need for normalizing relations 4.The various normal forms and their relevance 5.How to normalize relations to successive higher normal forms to form a relational database 6.The need for an integrated database in organizations 7.The goals of Data Base Management systems (DBMS) 8.The structure and organization of DBMS.
LEARNING UNIT 1
Entity-relationship(E-R) modelling of data elements of an application.
LOGICAL DATABASE DESIGN-INTRODUCTION Loosely one may call organization of related data, put in a table as a RELATION. Systematization by which related data are put in a table is called NORMALIZATION. A method called entity-relationship analysis facilitates creation of relations. ENTITY-RELATIONSHIP MODEL ENTITY: Specifies distinct real world items in an application For example: vendor, item, student, course, teachers RELATIONSHIP: Meaningful dependencies between entities For example: vendor supplies items teacher teaches courses Relationships are underlined above
ENTITY SETS An entity set is collection of similar entities Examples : * Set of all vendors of an organization is a vendor set * Set of all items in a store is an item set Every member of an entity set is described by its attributes
ATTRIBUTES Attributes specify properties of members of entity set & also specify properties of relationships Examples: Entity : Vendor Attributes : vendor code, vendor name, address Relationship : supplies Attributes : vendor code, item code,order no., qty. supplied,date of supply,price/unit ENTITES AND ATTRIBUTES Example Entity : Teacher Attributes : Teacher code,teacher name,department,building,room no,phone no. Relationship : Teaches Attributes : Teacher code,Course no,course name,semester offered, credits, prerequisites ENTITY-RELATIONSHIP DIAGRAM Some entities depend on one another, for example, entity vendor and entity items are related as vendors supply items. These relationships are described by entity-relationship diagrams (or ER diagrams). In an ER diagram entities are represented by rectangles and relationships by diamond shaped boxes
VENDOR
ORDERS
ENTITY SUPPLIES RELATIONSHIP PLACED WITH
ENTITY
ITEMS
VENDOR
HOW TO IDENTIFY ENTITIES AND RELATIONSHIPS When a word statement is used to describe applications, nouns normally are entities and verbs relationships.
Students attend courses Noun ENTITY
Noun ENTITY
Verb RELATIONSHIP
Teachers teach Courses
Noun ENTITY
Verb RELATIONSHIP
Noun ENTITY
ENTITY-RELATIONSHIP DIAGRAMS One entity may be related to many other entities by multiple relationships Order no Order date Order no Vendor code Item code Qty ordered Price/unit
ORDERS
Order no Item code
Placed for
Placed with
RELATION CARDINALITY Item code Vendor code Item name items vendors Relation cardinality - number of relationships in which an entity can appear. Vendor name An entity may appear in- Only one relationship or in fixed number of address relationships or in a variable number of relationships .
V1 V2 V3 Vendor supplies
i1 i2 i3 i4 i5 items
Vendor1 supplies items il,i3,i5 Vendor2 supplies items il and i2 Vendor3 supplies items i4 and i5
Observe a vendor can supply many items, and also that many vendors can supply the same item RELATION CARDINALITY REPRESENTATION
A vendor can supply upto M items
A vendor cannot supply more than 6 items N vendors can supply a given item
vendor
vendor
N
supplies supplies
N
N vendors can supply a given item
M
items
6
items
vendor
2
supplies
An item cannot be supplied by more than 2 vendors A vendor cannot supply more than M items
M
items
WHY IS FINDING CARDINALITY NECESSARY 1. The identifier of the relationship will be composite if cardinality is N:M 2. It will be single if cardinality is 1:M 3. Will be useful later in designing data base
LEARNING UNIT 2
Organization of data as relations
RELATIONS Entity sets and relationship sets are useful in designing data bases. Entity - relationship sets may be put as a table of values. This is called a Relation. Relation name is entity name. A row of a relation has members of its attributes. The column headings are the names of the attributes. EXAMPLES OF A RELATION VENDOR CODE 1456 1685 1284 1694 VENDOR NAME Ram & co Gopal & sons Sivaraj brother Gita ltd ADDRESS 112, 1st cross Bangalore-12 452,4th main, Delhi-8 368 M.G Road, Pune-8 495 N.S.C Road,Calicut
RELATION name:Vendor(same name as entity name) RELATION ATTRIBUTES: vendor code, vendor name, address Row of relation is called a tuple. In a RELATION rows and columns can be in any order. No two rows and two columns are identical.
RELATION NOTATION Relation is an entire table Vendor relation: Vendor (Vendor code, Vendor name, address )
Relation name
Relation Identifier
Relation attributes
WHY RELATION ? Entity set can be easily stored as a flat file in a computer's storage Sound theory of relations allows systematic design of relational data base, reduces duplication of data, tries to eliminate errors in adding, deleting, altering items in a data base and simplifies retrieval of data.
LEARNING UNIT 3 Normalization of relations NORMALIZING RELATIONS Normalizing is the process of restructuring relations to a form which: Minimizes duplication of data in a database Operations of adding, deleting, modifying data in a database do not lead to inconsistent data in a database Retrieval of data simplified
WHY NORMALIZE ? Relations are normalized to ensure that, collection of relations do not unnecessarily hold duplicate data. It is easy to modify a data item as it gets modified in all relations where it appears and hence no consistency is there. When data is deleted accidentally, required data does not get deleted. It also simplifies retrieval of required data.
HOW ARE RELATIONS NORMALIZED ? UNNORMALIZED RELATION
Order no 1456
order date 26021999
Item lines Item code Qty 3687 4627 3214 52 38 20
Price/unit 50.40 60.20 17.50 20.25 60.20 60.20
1886
4629 45 4627 30 1.Observe order for many items 1788 2.Item lines has 04111999 4627 attributes40 many attributes-called composite
3.Each tuple has variable length 4.Difficult to store due to non-uniformity 5.Given item code difficult to find qty-ordered and hence called Unnormalized relation
04031999
FIRST NORMAL FORM Identify the composite attributes, convert the composite attributes to individual attributes. Duplicate the common attributes as many times as lines in composite attribute. Every attribute now describes single property and
not multiple properties, some data will be duplicated. Now this is called First normal form (1NF) also called flat file. FIRST NORMAL FORM 1NF
Order No 1456 1456 1456 1886 1886 1788
Order date 26021999 26021999 26021999 04031999 04031999 04111999
Item code 3687 4627 3214 4629 4627 4627
Qty 52 38 20 45 30 40
Price/unit 50.40 60.20 17.50 20.25 60.20 60.20
HIGHER NORMAL FORMS
First normal form is first essential step in normalization. Higher normal forms known as 2NF, 3NF, BCNF, 4NF, 5NF also exist. Each is an improvement of the preceding one. A higher normal form also satisfies requirements of a lower normal form
5NF 4NF BCNF 3NF 2NF 1NF
Higher normalization steps are based on : Detecting dependence between attributes Identifying key attributes Detecting multivalued dependency between attributes
FUNCTIONAL DEPENDENCY Given X,Y as two attributes in a relation Given X if only one value of Y corresponds to it then Y is functionally dependent on X X Y
e.g. Given Item code - Item name known Therefore Item code Item name
Functional dependence may be based on a composite attribute X,Z Y
composite attribute Order no. ,item code --------Qty , price
composite attribute
DEPENDENCY DIAGRAM Student (Roll no, name, address, dept., year of study )
Name Address Roll no Department Called relation key
Year of study
Roll no determines uniquely values of all other attributes in the relation, therefore it is called a key.
Qty.supplied Vendor Item code Date of supply Price/unit Composite key
WHY NORMALIZE RELATIONS-REVISITED We normalize relations to ensure the following: While operating on data base we do not lose data or introduce inconsistencies. Insertion of new data should not force leaving blank fields for some attributes. We do not delete vital information during update. In a normalized relation it is possible to change the values of the attribute without exhaustively searching all tuples of the relation. EXAMPLE TO SHOW NEED FOR NORMALIZATION
FIRST NORMAL FORM 1NF Order No 1456 1456 1456 1886 1886 1788 Order date Item code Qty Price/unit
26021999 3687 52 50.40 26021999 4627 38 60.20 26021999 3214 20 17.50 04031999 4629 45 20.25 04031999 4627 30 60.20 INSERTION : 04111999 Enter new item with code 3945 and price 30.50 for which no 4627 40 60.20 order has been placed. Inserted tuple will have no values (i.e have to be left blank) for order no and order date DELETION: If order no1886 is deleted the fact that item code 4629 costs 20.25 is lost UPDATE: If price of item 4627 is changed, all instances of this item code have to be changed by exhaustive search-errors possible
IDEAL NORMALIZATION At the end of normalization a normalized relation Should have no data values duplicated in rows Every attribute in a row must have a value Deletion of a row must not lead to accidental loss of information Adding a row should not affect other rows A value of an attribute in a row can be changed independent of other rows
SECOND NORMAL FORM (2NF) A relation is in 2NF if it is in 1NF, non-key attributes are functionally dependent on key attribute and if there is a composite key then no non-key attribute is functionally depend on one part of the key.
2NF FORM 1 NF Orders Relation Order No 1456 1456 1456 1886 1886 1788 Order date 26021999 26021999 26021999 04031999 04031999 04041999 Item code 3687 4627 3214 4629 4627 4627 Qty 52 38 20 45 30 40 Price/unit 50.40 60.20 17.50 20.25 60.20 60.20
2 NF Relations
ORDERS Order No Order date 1456 26021999 1886 04031999 1788 04041999
ORDER DETAILS Order No Item code 1456 3687 1456 4627 1456 3214 1886 4629
Qty 52 38 20 45
PRICES Item code Price/unit 3687 50.40 4627 60.20 3214 17.50
NON KEY ATTRIBUTES WHOLLY DEPENDENT ON KEY Repetition of order date removed. If order 1886 for item 4629 is cancelled the price/unit is lost in INF as the whole tuple would be deleted. In 2NF item price not lost when order 1886 for item 4629 cancelled. Only row 4 in order details deleted. Duplication of data in a relation is not there.
THIRD NORMAL FORM A Relation in 2NF may have functional dependency between some Non-key attributes. This needs further normalization as the non-keys being dependent leads to unnecessary duplication of data. Normalization to 3NF ensures that there is no functional dependency between non-key attributes. EXAMPLE Student (Roll no, name, dept, year, hostelname ) - If students in a given year are all put in one hostel then year and the hostel are functionally dependent - Year implies hostel-hostel name unnecessarily duplicated - If all students of year 1 are moved to another hostel many tuples need to be changed.
NORMALIZATION TO 3NF Student( Roll no, name, dept, year )
Hostel (year, hostel) This is in 3NF Example :1 Employee (empcode,name,salary,project no,termination date of project) * termination date (non-key attribute) Dependent on project no. another non-key attribute Thus needs normalization 3NF relations : Employee(empcode,name,salary,projectno) Project( Projectno ,termination date of project) Example:2 Passenger(Ticket code,Passenger name,Train no,Departure time,Fare) Train no. and departure time are non-key attributes and are functionally dependent 3NF Relations : Passenger(Ticket code ,Passenger name,Train no, Fare) Train details (Train no., departure time)
BOYCE-CODD NORMAL FORM Assume * Relation has more than 1 possible key * Keys are composite * Composite keys have common attribute * Non-key attributes not dependent on one another Thus though the relation is in 3NF, still there could be problems due to unnecessary duplication and loss of data accidentally.
EXAMPLE Professor (Prof code, Dept, Head of Dept, Percent time) RELATION Professor code P1 P1 P2
Dept Physics Maths Chem
Head of dept Ghosh Krishnan Rao
Percent time 50 50 25
P2 P3 P4 P4
Physics Maths Maths Physics
Ghosh Krishnan Krishnan Ghosh
75 100 30 70
Observe two possible composite keys (Prof code, Dept) or (Prof code,Head of Dept) Observe Head of dept name is repeated If professor P2 resigns the fact that Rao is Head of Chemistry is lost as lines 3 & 4 will be deleted
The dependency diagrams are:

Prof code Percent time
Dept
Head of Dept Dept Head of Dept
Head of Dept
Percent time
Prof code
Dept
Percentage time a Prof. spends in the department is dependent on Prof code and Department Head of Dept depends on department NEED FOR BCNF Observe the given relation is in 3NF as non key attributes are independent of one another and wholly dependent on key. However there are problems due to the fact that there are two possible composite keys, and attribute of on of the composite key depends on a attribute of other possible composite key
NORMALIZING TO BCNF Identify the dependent attributes in the possible composite keys Remove them and create a new relation EXAMPLE Composite keys 1.Prof code ,Dept Dependency : Dept 2. Prof code,Head of Dept Head of dept
New relations Professor (Prof code, Dept, Percent time ) Department ( Dept, Head of Dept)
NORMALIZED BCNF RELATIONS
Professor code P1 P1 P2 P2 P3 P4
Dept Physics Maths Chem Physics Maths Maths
Percent time 50 50 25 75 100 30
Dept Physics Maths Chem
Head of Dept Ghosh Krishnan Rao
FOURTH NORMAL FORM 4NF is needed when there are multi-valued dependencies Example : (Vendor, Project, Item) relations Assumptions : -A vendor capable of supplying many items to many projects -A project needs many items -Project may order the same item from many vendors
Vendor-Project-Item supply capability relation

Vendor Item
Project
Multivalued dependency
V Item
Vendor code VI VI VI VI V2 V2 V3 V3 Problems
Project code PI PI P3 P3 PI PI PI P2
Item code I1 I2 I1 I2 I2 I3 I1 I1
Item I1 duplicated for VI and also for V3 If VI is to supply to project P2 but the item to be supplied is not decided there will be blank in item column
Solution: Split vendor-project-item relation into two relations Resulting relation must have not more than one independent multivalued dependency RESULTING RELATIONS Project P1 P1 P1 P2 P3 P3 Item I1 I2 I3 I1 I1 I2
Vendor VI VI V2 V2 V3
Item I1 I2 I2 I3 I1
Vendor Capability Project needs OBSERVE NO UNNECESSARY DUPLICATION NEED FOR 5NF In 4NF relations vendor capability to supply items and projects need for items are there. They are obtained by splitting the given relation Looking at relation project-item we see that project P2 requires item I1 From vendor item relation we see that I1 is supplied by V1. This would lead us to infer that(V1,P1,I1)must be a tuple in the original relation but it is not.In other words V1 does not supply item I1 to project P2. This spurious tuple has occurred because vendor V1 may not be allowed to supply item I1 to project P2 Similarly another spurious tuple is (V3, P3, I1) We thus need a third relation which specifies the vendors who are allowed to supply to projects
Additional relation for 5NF Vendor Project P2 P3 P1 P1 P2
V1 V1 V2 V3 V3 Vendors permitted for projects
The above relation is in addition to the two relations of 4NF.
LEARNING UNIT 4
Creation of logical relational database EXAMPLES OF DATA BASE DESIGN ORDER - VENDOR - ITEMS ORDERED EXAMPLE IN CASE STUDY Information on dependencies given : Orders for item placed with many vendors A given order no is only to one vendor Many items supplied against a given order no A vendor has capacity to supply many items but only some items maybe ordered from him at a particular time ER - DIAGRAM
Orders
N R
Placed for
Placed with S
Items P Supply
Q Vendors
RELATIONS-UNNORMALIZED EXAMPLES OF UNNORMALIZED RELATIONS 1.ORDERS(Order no,Order date) 2.ORDERS PLACED FOR(Order no,item code,qty ordered,delivery time allowed) 3.ORDERS PLACED WITH(order no,vendor code,item code) 4.VENDOR(Vendor code,vendor name,vendor address) 5.ITEM( item code,item name,price/unit) 6.SUPPLIES(vendor code,item code,order no,qty.supplied,date of supply) NORMALIZATION: Relation 1,4,5 are in 3NF and need no change Relation 2 has a composite key,attributes of composite key not related. Non key attributes dependent on composite key,need no change. Relation 3: order no and item code have multivalued dependency.Relation2 already has order no,item code as composite key. Relation 3 is reduced to: 7.ORDER PLACED WITH(order no,vendor code)
NORMALIZATION OF SUPPLIES RELATION Consider relation 6 : 6.SUPPLIES (vendor code, item code, order no, qty supplied, date of supply) It has a composite key with three attributes Attributes item code and order no have multi-valued dependency as many items can be supplied in one order And hence need normalization to 4NF Normalized to 8. ACTUAL SUPPLIES (order no, item code, qty supplied, date of supply) 9. VENDOR CAPABILITY (vendor code, item code ) The second relation may have items not yet ordered with a vendor but which could be supplied by vendor
The Normalized relations are : 1,2,4,5,7,8,9 STUDENT-TEACHER-COURSES EXAMPLE Information on dependence A teacher may teach more than one course in a semester A teacher belongs to only one dept. A student may take many courses in a semester A course may have many sections taught by different teachers
E-R Diagram
Teacher M
Students K
Teaches N Courses
Attends
RELATION-UNNORMALIZED 1 TEACHER (Teacher code,teacher name, address, rank, dept) 2 TEACHER_COURSES (Teacher code,Course no,no of students, section no ) 3 COURSE (Course no , semester taught ,Course name, credits) 4 STUDENT (Student no, student name, dept, year ) 5 STUDENT COURSES (Student no, Course no, semester no ) a)Relations 1,3,4 in 3NF b)Relations 2 and 5 have multi-attribute key which has multi-valued dependency but do not need normalization c)However information on which teacher teaches a given student a specified course cannot be found from relations 1 to 5 Therefore Add relation 6TEACHER_STUDENT (Teacher code, Student no, Course no)
THIS SET IS NORMALIZED
CONCLUSIONS We have seen how data relevant to applications are organized logically into set of relations The process of normalization depends on the semantics, i.e, meanings of data and an understanding of how various data elements are related It is thus a human intensive activity-it cannot be automated In most problems in practice one is satisfied with 3NF.Higher normal forms are theoretically important and in some cases becomes essential. There is a mathematical theory which underpins the idea of relations and normalization giving it a sound basis. We have not discussed it in this module. A full fledged course in Data Base will describe in detail the mathematical basis and methods of querying a database
LEARNING UNIT 5 Objectives of database management system(DBMS) PROBLEMS WITH FILE BASED SYSTEMS If programs and files independently developed for each application in the organization, it leads to the following problems DATA REDUNDANCY-Some data may be duplicated in many files. e.g.: Address of customer LACK OF DATA INTEGRITY- Duplicated data may be different in different files (New address in one file and old address in another file) DATA AVAILABILITY- May require search of number of files to access a specified data CONTROL BY MANAGEMENT-Difficult as data scattered across files. All files should be accessed to find specified data Aim of data base management systems is to reduce above problems DATABASE AND DATABASE MANAGEMENT SYSTEM DATA BASE is a collection of related data necessary to manage an organization (Excludes transient data).It models a data resource and is independent of applications
DATA BASE MANAGEMENT-is a set of procedures that manage the database and provides access to the database in the form required by the application program
Application1 Database Management System DBMS Database Organized collection of data for several applications
Application2
Application1 Procedures to provide data in the form required by applications. Applications need not know physical organization of data OBJECTIVES OF A DATABASE MANAGEMENT SYSTEM Data is an organizational resource. It should be collected, validated, protected, logically organized and stored with controlled redundancy. This is the organizational database One of the main objectives of DBMS is to facilitate sharing of a database by current and future applications DBMS must ensure data independence for programs Data independence to be provided to application programs Data independence allows -Change of database without affecting application programs -Change of hardware or system software without affecting application programs -Sharing of data by different applications by providing views appropriate for the application Control of Redundancy - Avoid unnecessary duplication Relations between data items specified Data integrity - Preserve consistency of data values Data Security - Permit access to data to authorized users only
LEARNING UNIT 6
Overview of DBMS.
OVERVIEW OF DBMS Data needs of current and possible future applications determined Using E-R data modelling conceptual data model found Converted to relations if Relational DBMS used - called logical data model Application programmers access subset of logical data model - called external data model Logical model mapped to physical model for storage in disk store - called internal model External data model kept invariant
VARIOUS TERMS USED IN DESCRIBING DBMS
Current application Future Applications
1 2 p q
Conceptual model
logical model
Internal Model
Application programs
1 2 p q
External Model
Database
COMPONENTS OF DBMS Data Definition Languages (DDL) to define conceptual, logical and external models Data manipulation and query language called Structured Query Language (SQL) Features to implement security Checkpointing and roll back recovery procedures Record of accesses. Audit trail of changes DATABASE ADMINISTRATOR Database Administrators responsibilities are controlling of data recourse, to ensure integrity, security and privacy, maintenance of data dictionary, coordination of development and maintenance of data base and determining access rights
CHARACTERSTICS OF A GOOD DATA BASE DESIGN Satisfy current and future needs of organization Cater to unanticipated user requirements in the best possible way Expandable with growth and changes in organization Easy to change when hardware and software change Ensure data security by allowing only authorized persons to access and modify database
REFERENCES
1. Most of the material in this module has been adapted from the book Analysis and Design of Information Systems, 2nd Edition, by V.Rajaraman. Chapter 10 Logical Data Base Design, pp.130 to 153. Chapter 12 , Data Base Management Systems, pp. 171 1719. 2. Good treatment of E-R Modelling and Normalization may be found in the book Introduction to Systems analysis and Design, by I.T.Hawryszkiewycz, Prentice Hall of India, 1989.
3. For those interested in detailed study of Data Base Design and DBMS, the following books are standard texts: 1, R.Elmasri and S.B.Navathe, Fundamentals of Data Base Systems, 4th Edition, Pearson Education Asia, New Delhi, 2004. 2. T.Connolly and C.Begg, Dta Base Systems, 3rd Edition, Pearson Education Asia, New Delhi, 2003.
MODULE 9
OBJECT ORIENTED SYSTEM MODELLING
Contents
2. LEARNING UNIT 1 Objects and their properties 3. LEARNING UNIT 2 Identifying objects in an application 4. LEARNING UNIT 3 Modelling systems with object 5. References
OBJECT ORIENTED SYSTEM MODELLING MOTIVATION Information Systems are becoming very complex, we thus need methods to design complex systems. Main method is to break up a large system into a number of cooperation components and designing each component or subsystem separately. How do we do this? The main purpose of this module is to answer this question.
LEARNING GOALS At the end of this module you will know: 1. 2. 3. 4. What are objects. Why is it necessary to identify objects in an application. How to identify objects given requirement specifications. How objects are used to model information system.
LEARNING UNIT 1
Objects and their properties DESIRABLE PROPERTIES OF COMPONENTS Each subsystem or component must Have clearly defined responsibility Act when requested by an "order" How the component does its task need not be known to other components What the component does should be known Components must be general enough to be reusable Variety of components should be reduced-this is facilitated by allowing components to inherit properties of other components Another aid to generalize the function of a component is to allow generic commands which make components do their task. This is called POLYMORPHISM OBJECT ORIENTED MODELLING Use of component oriented design facilitates changes in the system at low cost, promotes reuse of components, problem of integrating components to configure large system will be simplified. It also simplifies design of distributed systems.
OBJECT AND THEIR PROPERTIES All tangible entities in an application can normally be modelled as objects For example: A student,a cycle,a train ticket Some intangible entities may also be modelled as objects For example: a bank account, stack data structure Objects with similar meaning and purpose grouped together as CLASS. And a member of a class is an object instance.
CHARACTERSTICS OF OBJECTS All objects have attributes Example : student : Name Roll no Address Year Department All objects have a state Example Ticket: reserved, waiting list Student: present, absent All objects have set of OPERATIONS which can be performed on them. Operations determine object behavior Example : Admit student Cancel ticket CLASS DIAGRAM UML NOTATION Universal Modelling Language (UML) is an industry standard notation to represent a class Example of UML notation for a Class
Vendor Vendor id Name Address Vendor type
CLASS NAME
LIST OF ATTRIBUTES
Add vendor Delete vendor OPERATIONS OR (METHODS) Find address INSTANCE DIAGRAM UML NOTATION Change address Find vendor type Shows an object instance's attributes and values
EXAMPLE
Class name Object name and its Class name
A 2546 : VENDOR
Vendor id
VENDOR ID = A2546 VENDORNAME = AD SINGH & CO VENDOR TYPE = DISTRIBUTOR VENDOR ADDRESS = 5, MALL ROAD,KANPUR 208001
Attributes and their values
OPERATION TYPES ON OBJECTS Constructor-creating new instances of a class and deleting existing instance of class Example : add new vendor Query - accessing state without changing value, has no side effects Example : find vendor address Update - changes value of one or more attributes & affect state of object Example : change address of vendor Implementation of operations on objects called methods
IMPLEMENTATION OF CLASSES TERMINOLOGY USED IN OBJECT ORIENTED MODELLING ABSTRACTION Picking necessary operation and attributes to specify objects
ENCAPSULATION Hiding implementation details of methods from outside world, it is also known as information hiding. Information hiding allows improvement or modification of methods used by objects without affecting other parts of a system
VIEW OF OBJECTS AS CONTRACTORS 1) Objects can be thought of contractors who carry out assigned contracts for clients 2) Clients need not know how the contractor carries out its contracts 3) Contractors can modify/improve methods they use to carry out contracts without informing clients 4) External interface presented to clients remain same
INHERITANCE New classes are created from current classes by using the idea of inheritance.They inherit attributes and/or operations of existing classes. Inheritance allows both generalisation and specialisation in modelling
Specialisation - given student class, arts students and science student are two subclasses, subclasses inherit properties of parents and in addition may have their own special attributes and operations. EXAMPLE OF INHERITANCE
Class name
Attributes
College student
Roll no Name Address Year of study Admit Promote
Operations
Science student Roll no Name Address Year of study Department Laboratory name Admit Promote Calculate laboratory fee
Class Name
Arts student Roll no Name Address Year of study Department Admit Promote Calculate field trip fee
Attributes
Operations
GENERALISATION/SPECIALISATION Given a class Eye surgeon we can generalize it to surgeons which will inherit most of the attributes and operations of the eye surgeon
A general class School, will inherit many properties of middle school, primary school Given a class Doctor we can obtain subclasses : Surgeon, Physician, General Practitioner, Consulting Doctor.All these will inherit many properties of doctor and will have their own new attributes and operations POLYMORPHISM By polymorphism we mean ability to manipulate objects of different distinct classes knowing only their common properties, Consider classes hospital & school For both the operation admit will be meaningful, but they will be interpreted differently by each class. Advantage of polymorphism is ease of understanding by a client. A client gives a generic request - each contractor interprets and executes request as appropriate to the circumstances
LEARNING UNIT 2
Identifying objects in an application
IDENTIFYING OBJECTS Simple method - identify nouns in Requirements specification. These are potential objects - Identify verbs in requirements specification. These are potential operations CRITERIA FOR PICKING OBJECTS 1)We remind that an object class has many objects as members 2)Wherever there is no possibility of confusion we use them synonymously 3)Objects should perform assigned services. In other words they must have responsibilities specified by us. 4)Objects must have relevant attributes which are necessary to perform service. Attributes must have Non-Null values. 5)A class must be essential for functioning of the system 6)Must have common set of attributes and operations which are necessary for all occurrences of the objects in the class 7)Objects should be independent of implementation of the system. HOW TO SELECT OBJECTS 1) Potential objects are selected from word statement primarily by examining noun phrases 2) All Noun phrases need not be objects 3) If there are some objects whose attributes do not change during the functioning of a system we reject them. They are probably external entities EXAMPLE 1 WORD STATEMENT ESSENTIALS OF AN ADMISSION PROCESS TO A UNIVERSITY ARE
Applicants send applications to a university registrars office A clerk in the registrar's office scrutinizes applications to see if mark list is enclosed and fee paid If scrutiny successful applications passed on to the relevant department Departmental committee scrutinizes applications sent to it. Applications are ranked. Depending on the seats available decides to admit, wait list or reject. The application is returned with the message to the registrars office clerk. Registrar's office clerk informs the applicant the result of his applications POTENTIAL OBJECTS 1. 2. 3. 4. 1. APPLICANT APPLICATION REGISTRARS OFFICE CLERK DEPARTEMENTAL (COMMITTEE)
Applicant has attributes. However no operations performed on it. It is not an object in this problem. 2. Application has attributes operations are performed using attributes of application. Result conveyed to applicant. Admit it as an object 3. Registrars office clerk has attributes, performs operations on applications attributes and not on clerks attributes. Thus reject. 4. Department taken as potential object. It has attributes. Operations are performed using attributes. Operations are performed using attributes of application object and also using attributes of department. Thus admit department as an object
ATTRIBUTES AND OPERATIONS PERFORMED BY IDENTIFIED OBJECTS
APPLICATION ATTRIBUTES APPLICATION NUMBER APPLICANT NAME APPLICANT ADDRESS MARKS SHEET FEE PAID RECEIPT DEPT. APPLIED CODE APPLN STATUS CLERK CODE OPERATIONS SCRUTINIZE SEND APPLICATION TO DEPT SEND RESPONSE ADMIT/W.L/REJECT TO APPLICANT
DEPARTEMENT ATTRIBUTES DEPARTMENT CODE DEPARTMENT NAME COURSE NO OF STUDENTS TO BE ADMITTED NO ON WAIT LIST MIN. ENTRY QUALIFICATION STATUS OF APPLICATION
OPERATIONS
SCRUTINIZE APPLICATION SEND APPLICATION STATUS
EXAMPLE 2 : RECEIVING ITEMS ORDERED ABSTRACT OF WORD STATEMENTS
Receiving office receives several items from vendors Receiving office checks delivery note against orders and detects excess/deficient deliveries if any Discrepancy note (if any) sent to purchase office Receiving office sends items received note to inspection office Inspection office physically inspects items received and accepts good items.Bad items returned to vendor Items accepted note sent to stores office Discrepancy note sent to purchase office Stores office updates inventory based on items accepted note Stores office sends taken into stock report to the accounts office for payment to vendor Accounts office sends payments to vendors PICKING RELEVANT OBJECTS POTENTIAL OBJECTS ARE: 1. RECEIVING OFFICE 2. ITEMS 3. VENDORS 4. DELIVERY NOTE 5. ORDERS 6. DISCREPANCY NOTE 7. PURCHASE OFFICE 8. ITEMS RECEIVED NOTE 9.INSPECTION OFFICE 10. ACCEPTED ITEMS NOTE 11. STORES OFFICE 12. INVENTORY 13. GOODS TAKEN IN STOCK REPORT 14. ACCOUNTS OFFICE 15. PAYMENT VOUCHER OBJECTS NOT RELEVANT TO THIS APPLICATION Items Orders Inventory Goods taken in stock Payment voucher RELEVANT OBJECTS Receiving office Even though its own attributes are not relevant, its functional attributes are important. These are: -Delivery note and order to vendor It thus derives its attributes from these
RELEVANT OBJECTS
VENDORS No operations on this object are needed in this application. However its attributes are necessary as the Accounts office makes payment to vendors
CLASS : VENDORS ATTRIBUTES : Vendor code Vendor name Vendor address

VENDOR is actually an external object.We have thus given only attributes relevant to this application.In general design one would usually define this object more comprehensively ATTRIBUTES OF DELIVERY NOTE AND ORDER TO VENDOR CLASS : DELIVERY NOTE CLASS : ORDER TO VENDOR
Attributes : Receiving clerk id Order no Vendor code Delivery date Item code Qty supplied Units
Attributes : Order no Vendor code Item code Item name Qty ordered Units Price/Unit Order date Delivery period
RECEIVING OFFICE OBJECT Receiving office is selected as an object. Its attributes are attributes derived from delivery note and order to vendor
The class diagram is given below CLASS RECEIVING OFFICE
Is Part of
DELIVERY NOTE
Is Part of
ORDER TO VENDOR
RECEIVING OFFICE OBJECT
CLASS : RECEIVING OFFICE Attributes : Derived as shown above
Operations : Compare order no,item code, qty,etc in delivery note with that in order to vendor Send discrepancy note (if any) to purchase office and vendor.If no discrepancy send delivery note to purchase Send delivery note to inspection office(object) OTHER RELEVANT OBJECTS CLASS : STORES OFFICE Attributes : Attributes of inspection office + qty in stock
Operations : Update inventory by adding no of items accepted to qty in stock Send advice to accounts object to make payment for qty accepted
CLASS : INSPECTION OFFICE Attributes : Derived attributes from delivery note + no of items accepted
Operations : Send information on accepted items to store and accounts Send discrepancy note( if any) to purchase office and vendor
CLASS : ACCOUNTS OFFICE

Attributes : Derived from inspection office attributes + price/unit of item
Operations : Calculate amount to be paid Print cheque Request vendor object for vendor address Print vendor address label
LEARNING UNIT 3
Modelling systems with object OBJECT ORIENTED MODELLING-CRC METHOD
Steps in object oriented modelling 1) Find objects and their classes 2) Determine responsibilities of each object 3) State responsibilities, that is, actions. It can carry out on its own using its knowledge 4) Determine objects with whom they collaborate. 5) State contracts each object assigns to its collaborators 6) A collaborator either performs a requested action or gives information 7) Document each class its responsibilities,its collaborators and their responsibilities 8) Develop an object interaction/collaboration graph
CRC TEAM IDEA CRC TEAM : user's representative System analyst(s) project coordinator RESPONSIBILITY : Identify objects Specify responsibility Specify collaborators and their responsibilities Prepare a card for each class called class index cards
CRC METHODOLOGY 1. Make CRC Card for each class CRC CARD CLASS NAME : SUPER CLASSES AND SUBCLASSES : SHORT DESCRIPTION OF CLASS :
Develop a graph to show interaction between classes CRC MODEL EXAMPLE1 Class : APPLICATION Super class : None Sub class : None Collaborators : DEPARTEMENT Private Responsibilities : Description : This class represents applications received for admission to a university Scrutinize : Applications are scrutinized to see if fee is paid and marks sheet is enclosed. If yes, applications is sent to department class.Else a rejected letter is sent to the applicant Contract(s) and Collaborator(s): Forward to department : When it passes scrutiny else send reject to applicant CRC application MODEL EXAMPLE (CONTD) Send letter to applicant : When Department notifies decision (Admit,Reject,Waitlist) send appropriate letter to the applicant Class : DEPARTMENT Super class : None Sub class : None Collaborators : APPLICATION Description : This class represents departments whose responsibility is to admit, reject or place an waiting list on application Private Responsibilities : Rank order applications based on selection criteria marks in application:admitted,rejected or in waiting list depending o available seats Contract(s) and Collaborator(s): Send reply to applicationclass on admitted, rejected or wait list
COLLABORATION GRAPH Examine application Admit/reject/wait list Applicant CLASS APPLICATION Application status
CLASS DEPARTMENT
COLLABORATION GRAPH FOR EXAMPLE2 : Receiving items ordered by a company

CLASS RECEIVING OFFICE
Delivery
Inspect
CLASS INSPECTION OFFICE
Vendor
Payment Delivery copy Discrepancy note Update Inventory
CLASS PURCHASE OFFICE Payment copy
CLASS ACCOUNTS OFFICE
Make payment
CLASS STORES OFFICE
REFERENCES
1. Most of the material in this module has been taken from the book Analysis and Design of Information Systems, 2nd Edition, V.Rajaraman, Prentice Hall of India, New Delhi, 2003. Chapter 13, Object Oriented System Modelling (pp.180-199) 2. There are several standard books on object oriented modeling for those who want to study deeper. Some of these are: (i) I.Jacobson et.al Object Oriented Software Engineering, Pearson Education Asia, 1998 (ii) David Colemen et.al Object Oriented Development, Prentice Hall, Inc., N.J., WA,1999 (iii) J.Rumbaugh et.al Object Oriented Design and Applications, Benjamin Cumming, U.S.A., 1991
MODULE 10 DESIGNING OUTPUTS
Contents
2. LEARNING UNIT 1 Output Devices 3. LEARNING UNIT 2 Objectives of output design 4. LEARNING UNIT 3 Design of output reports 5. LEARNING UNIT 4 Design of screens and graphics 6. REFERENCES
DESIGNING OUTPUTS MOTIVATION Presenting results of processing in an attractive and easily understood form is important as management requires these reports to initiate actions and thus the significance of outputs must be easily perceived. One must be aware of new output devices being introduced to use them appropriately, also be aware of changes in output delivery with the emergence of systems such as intranets/internet. Must also cater to newer applications such as e-commerce that uses the world wide web.
LEARNING GOALS At the end of this module you will know Review characteristics of devices used to output information from computers Objectives of output design Design of reports design of screens Role of graphics in output design
LEARNING UNIT 1 Output Devices
1) HARD COPY DEVICES PRINTERS 2) SOFT DEVICES - VIDEO DISPLAY DEVICES
TEXT
AUDIO - SPEECH SYNTHESISER 3) MULTIMEDIA GRAPHICS
VIDEO
HARD COPY DEVICES Printers used when there is large volume of data and several copies are normally needed Types of printers Line Printers Impact Dot matrix character printers
Laser printer Non-Impact Inkjet printer
PRINTER CHARACTERSTICS LINE PRINTERS -Large volume output -fast entire line printed -multiple copies -high capital cost but low running cost DOT MATRIX PRINTERS - Slow - inexpensive ( per copy cost) - multiple copies with carbon paper - poor graphics INKJET PRINTERS
Characters + graphics multicolour capital cost low compared to laser printer recurring cost high
LASER PRINTERS -Characters + graphics -multicolour expensive -excellent quality -capital cost high - recurring cost lower than inkjet
SOFT COPY MEDIA Used to distribute manuals, massive reports, user documents, etc FLOPPY DISK CDROM Alternatives DVD ROM
FLOPPY DISK - Inexpensive - Easy to mail/transport - Low capacity 1.4MB - Read/write - Contact recording number of read/writes limited CDROM - Inexpensive Medium
FLASH MEMORY (SEMI CONDUCTOR)
- Read only cheaper/safer - High capacity 600MB - Easy to transport/mail - Primarily used for Text/Graphics DVDROM - Read only cheaper/safer - Very high capacity upto 8GB - Easy to transport - Useful for storing high quality video such as full length movies FLASH MEMORY - Read/Write - Small size and weight - No moving parts thus very reliable - Needs USB port on PC - Size 128KB to 2GB - Low Power needs - Expensive SPEECH OUTPUT DEVICES Audio such as beeps used for alerting users Device used is a speaker - Very small and inexpensive for beeps - Inexpensive for poor speech quality Useful when eyes are busy, for example, while driving, pilots etc. Pre-recorded speech is output in such cases Text-to-speech also useful for giving instructions where manuals cannot be read.
LEARNING UNIT 2
Objectives of output design While designing output format and picking output devices the following should be taken into account
The user group Proposed use Volume of output Periodicity of output Timely delivery when required NATURE OF OUTPUT REPORTS TOP MANAGEMENT - Summary highlighting important results - Graphical Output Pie charts - Bar charts -Maps Needed for strategic management MIDDLE MANAGEMENT - Exception reports - Reduced output volume - Needed for tactical management
OPERATIONAL MANAGEMENT - Details needed for example :payroll, grade sheets, cheques
PERIODICITY OF OUTPUT REPORTS TOP MANAGEMENT -Whenever there are any significant changes -Give option to ask for specific details -Periodic quarterly MIDDLE MANAGEMENT -Send daily exceptions
-Provide summary on terminal with option to look at greater details on request OPERATIONAL MANAGEMENT -Regular periods -Periods depend on application -Example : Payroll monthly
LEARNING UNIT 3
Design of output reports
DESIGNING OF OPERATIONAL OUTPUT REPORTS Structure of a report
- Headings Report heading Page heading - appears in each page Detailed heading for each column Set of records forming a logical group called control group and is given a control heading Structure of a report - Footings Labels used to describe information contained in a control group are called control footings Labels printed at the end of each page of a report is called page footing Label used to give the control information for the whole report is called final control footing Label printed at the end of the entire report is called report footing
EXAMPLE OF TERMINOLOGY
Report heading Page heading
INDIAN INSTITUTE OF SCIENCE - ACADEMIC ROLL LIST
Roll No 97101115
Name A.B.BHATTACHARYA
ROLL LIST OF STUDENTS SEM 1/2000-2001 Control heading LIST OF STUDENTS IN AEROSPACE ENGG DEPT
Control footing
TOTAL NO OF STUDENTS IN AEROSPACE ENG DEPT=68 LIST OF STUDENTS IN CHEM ENGG DEPT Roll No Name
Control footing Final control footing Report footing
97102105 A.C.ARVIND 97102121 L.S.BHATIA . . 97102131 P.R.ZAVERI TOTAL NO OF STUDENTS IN CHEMICAL ENGG.DEPT = 63 TOTAL NO OF STUDENTS IN SEM 1/200-2001 = 852 END OF IISc BANGALORE ROLL LIST FOR SEM 1/2000-2001
PRINT CHART Analyst to develop paper report format uses print chart. Languages are available to describe format of report and a report generation program creates report
GENERAL PRINCIPLES OF DESIGNING REPORTS 1. 2. 3. 4. 5. 6. 7. 8. Should be able to read from left to right, top to bottom Easy to find important items such as keys All pages numbered and has heading. Report date is essential All columns should be labelled Keep essential details only Proper use of control footings Page and report footing useful Space for end of report signature if needed
LEARNING UNIT 4
Design of screens and graphics
DESIGN OF SCREENS Screen display must be convenient for interactive use. Screen size is usually 80 cols per line and 24 lines per screen. Provision must be made at bottom of screen to continue, get details or exit.Nowadays screens are designed with buttons which can be clicked using a mouse to get details, continue or exit from screen EXAMPLES OF SCREENS
SCREEN FOR GENERAL STUDENT INFORMATION
INDIAN INSTITUTE OF SCIENCE STUDENT INFORMATION SYSTEM

ROLL NO 9501325 9602415 9602325 9701425 9702112 NAME A.B.BHATTACHARYA A.P.DAS P.GANAPATHY G.HARI H.JAI SINGH DEPT AEROSPACE CSA EE MET CIVIL YEAR ME 1 Ph.D M.Sc ME II Ph.D
DETAILS
CONTINUE CLICK BUTTON AS REQUIRED
EXIT
SCREEN FOR DETAILED STUDENT INFORMATION
INDIAN INSTITUTE OF SCIENCE STUDENT INFORMATION SYSTEM ROLL NO NAME YEAR GUARDIAN ADDRESS DETAILS 9701425 G.HARI ME II P.GANESHAN 41 OLIVER STREET MYLAPORE RETURN MADRAS 600 004
05-05-2000
BUISNESS GRAPHICS
Shows information in pictorial form which is easy to understand Usual pictures are bar charts - relative distribution easy to see pie charts - %use of resources easy to see x-y graphs - trends easy to see maps - geographical distribution easy to see
USE OF GRAPH
350 300 250 200 150 100 50 0 0 20 25 30 35 40 45 50 55 60
Year
BAR CHART
350 300 250 200 150 100 50 0 0 20 25 30 35 40 45 50 55 60
Age
PIE CHART
Dividends 15% R& D 5% Misc 15% Raw material 20% Salaries 20% Equipment 10% Tax 10%
Interest payment 15%
References
1. Most of the material is taken from Chapter 14 of the text book Analysis and Design of Information Systems by V.Rajaraman, 2nd Edition, Prentice Hall of India, New Delhi. 2. There is a good coverage of this type in Kendall and Kendall System Analysis and Design, Pearson Education Asia, 2003, Chapter 15, pp.478-496. 3. J.A.Hoffer, J.F.George, J.S.Valachich, Modern Systems Analysis and Design, 3rd Edition, Pearson Education Asia, New Delhi, 2002, discusses forms and reports design in Chapter 13, pp.432 to 450. Designing dialogues and graphical user interfaces is discussed in Chapter 14, pp. 460 to 490. Companion web site is prenticehall.com/hoffer for multiple choice questions etc.
MODULE 11
DOCUMENTS ON WEB
OBJECTIVE QUESTIONS
There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module for you to verify your answer
LEARNING UNIT 1
11.1.1 Internet is (a) a local computer network (b) a world wide network of computers (c) an interconnected network of computers (d) a world wide interconnected network of computers which use a common protocol to communicate with one another 11.1.2 The facilities available in the internet are (i) electronic mail (ii) remote login (iii) file transfer (iv) word processing (a) i, ii (b) i, ii, iii (c) i, ii, iv (d) ii, iii and iv 11.1.3 Internet requires (a) an international agreement to connect computers (b) a local area network (c) a commonly agreed set of rules to communicate between computers (d) a World Wide Web 11.1.4 Each computer connected to the internet must (a) be an IBM PC (b) have a unique IP address (c) be internet compatible (d) have a modem connection
11.1.5 IP address is currently (a) 4 bytes long (b) available in plenty (c) 6 bytes long (d) not assigned as it is all used up 11.1.6 IP addresses are converted to (a) a binary string (b) alphanumeric string (c) a hierarchy of domain names (d) a hexadecimal string 11.1.7 Internet addresses must always have atleast (i) a country name or organization type (ii) internet service providers name (iii) name of organization (iv) name of individual (v) type of organization (a) i, ii, iii (b) ii, iii, iv (c) i, iii (d) ii, iii, iv, v 11.1.8 Internet uses (a) Packet switching (b) Circuit switching (c) Telephone switching (d) Telex switching 11.1.9 Internet data is broken up as (a) fixed length packets (b) variable length packets (c) not packetized (d) 64 bytes packets 11.1.10 Internet packet data structure consists of (i) source address (ii) destination address (iii) serial number of packets (iv) message bytes (v) control bits for error checking (vi) path identification bits (a) i, ii, iii (b) i, ii, iii, iv (c) i, ii, iii, iv, v (d) i, ii, iii, iv, v, vi
11.1.11 The packets of an internet message (a) take a predetermined path (b) take a path based on packet priority (c) go along different paths based on path availability (d) take the shortest path from source to destination 11.1.12 The time taken by internet packets (a) can be predetermined before transmission (b) are same for all packets (c) may be different for different packets (d) is irrelevant for audio packets 11.1.13 By an intranet we mean (a) a LAN of an organization (b) a Wide Area Network connecting all branches of an organization (c) a corporate computer network (d) a network connecting all computers of an organization and using the internet protocol 11.1.14 By an extranet we mean (a) an extra fast computer network (b) the intranets of two co-operating organizations interconnected via a secure leased line (c) an extra network used by an organization for higher reliability (d) an extra connection to internet provided to co-operating organizations
11.1.15 World Wide Web (a) is another name for internet (b) world wide connection for computers (c) a collection of linked information residing on computers connected by the internet (d) a collection of world wide information 11.1.16 Among services available on the World Wide Web are (i) Encryption (ii) HTTP (iii) HTML (iv) Firewalls (a) i and ii (b) ii and iii (c)iii and iv (d) i and iv
11.1.17 A world wide web contains web pages (a) residing in many computers (b) created using HTML (c) with links to other web pages (d) residing in many computers linked together using HTML 11.1.18 A web page is located using a (a) Universal Record Linking (b) Uniform Resource Locator (c) Universal Record Locator (d) Uniformly Reachable Links 11.1.19 A URL specifies the following: (i) protocol used (ii) domain name of server hosting web page (iii) name of folder with required information (iv) name of document formatted using HTML (v) the name of ISP (a) i, ii, iii, iv (b) ii, iii, iv, v (c) i, iii, iv (d) i, ii, iii, v 11.1.20 A search engine is a program to search (a) for information (b) web pages (c) web pages for specified index terms (d) web pages for information using specified search terms
LEARNING UNIT 2
11.2.1 HTML stands for (a) Hyper Text Making Links (b) Hyper Text Markup Language (c) Higher Textual Marking of Links (d) Hyper Text Mixer of Links 11.2.2 HTML is similar to a (a) word processing language (b) screen editor (c) scripting language (d) search engine
11.2.3 Desirable properties of a website are (i) a meaningful address (ii) Help and search facilities (iii) Links to related sites (iv) Features to allow users to give feedback (v) Hosting on a mainframe (a) i, ii, iii (b) i, ii, iii, iv (c) i, ii, iii, iv, v (d) i, ii, iii, v
11.2.4 HTML uses (a) (b) (c) (d) pre-specified tags user defined tags tags only for linking fixed tags defined by the language
11.2.5 HTML tags define (a) (b) (c) (d) The data types of elements of document Presentation of specified elements of a document The contents of the document The structure of the document
11.2.6 The tag used in HTML to link it with other URLs is: (a) <A> (b) <H> (c) <U> (d) <L> 11.2.7 The tags used for specifying fonts in HTML are (i) (ii) (iii) (iv) <B> <I> <U> <L> (b) (i) and (iii) (d) (i),(ii) and (iii)
(a) (i) and (ii) (c) (ii) and (iv)
11.2.8 It is possible to display pictures (i.e, images) in HTML specification by using the tag. (a) (b) (c) (d) <GR src = Picture file> <PIC src =Picture file> <IMG src =Picture file> <GIF src=Picture file>
11.2.9 SGML stands for (a) (b) (c) (d) Standard Generalized Markup Language Structured General Markup Language Standard Graphics Mapping Language Standard General Markup Links
11.2.10 HTML and XML are markup languages (a) (b) (c) (d) Specially development for the web Are based on SGML Are versions of SGML Independent of SGML
11.2.11 XML stands for (a) (b) (c) (d) Extra Markup Language Excellent Markup Links Extended Markup Language Extended Marking Links
11.2.12 XML uses (a) (b) (c) (d) user define tags pre-defined tags both predefined and user-defined tags Extended tags used in HTML and makes them powerful
11.2.13 In order to interpret XML documents one should (a) (b) (c) (d) Use standardized tags Have a document type definition which defines the tags Define the tags separately Specify tag filename
11.2.14 The advantages of XML over HTML are (i) (ii) (iii) (iv) It allows processing of data stored in web-pages It uses meaningful tags which aids in understanding the nature of a document Is simpler than HTML It separates presentation and structure of document (b) (i),(ii) and(iv) (d) (i),(iii) and (iv)
(a) (i),(ii) and (iii) (c ) (ii),(iii) and (iv)
11.2.15 XSL definition is used along with XML definition to specify (a) (b) (c) (d) The data types of the contents of XML document The presentation of XML document The links with other documents The structure of XML document
11.2.16 XLL definition is used along with XML to specify (a) (b) (c) (d) The data types of the contents of XML document The presentation of XML document The links with other documents The structure of XML document
11.2.17 DTD definition is used along with XML to specify (a) The data types of the contents of XML document (b) The presentation of XML document (c) The links with other documents (d) The structure of XML document
KEY TO OBJECTIVE QUESTIONS
11.1.1 11.1.7 11.1.13 11.1.19 11.2.5 11.2.11 11.2.17
d c d a b c a
11.1.2 11.1.8 11.1.14 11.1.20 11.2.6 11.2.12
b a b d a a
11.1.3 11.1.9 11.1.15 11.2.1 11.2.7 11.2.13
c b c b a b
11.1.4 11.1.10 11.1.16 11.2.2 11.2.8 11.2.14
b 11.1.5 a 11.1.6 c c 11.1.11 c 11.1.12 c b 11.1.17 d 11.1.18 b a 11.2.3 b 11.2.4 d c 11.2.9 a 11.2.10 b b 11.2.15 b 11.2.16 c
MODULE 12
CONTROL AUDIT AND SECURITY OF INFORMATION SYSTEM
Contents
2. LEARNING UNIT 1 Controls in Information systems 3. LEARNING UNIT 2 Need and methods of auditing Information systems 4. LEARNING UNIT 3 Testing Information systems 5. LEARNING UNIT 4 Security of Information systems 6. References
CONTROL AUDIT AND SECURITY OF INFORMATION SYSTEM
MOTIVATION FOR CONTROLS It is very important to ensure the reliability of reports produced by an information system. If users see unreliability the entire credibility of the system is lost. Ensuring reliability is not difficult for small systems but when a system has to handle massive data it is a challenge. Systematic controls are thus essential when a system is designed. MOTIVATION FOR AUDITS Many organizations are now entirely dependent on computer based information system. These information systems contain financial data and other critical procedures. It is essential to protect the systems against frauds and ensure that sound accounting practices are followed. It is necessary to trace the origin and fix responsibilities when frauds occur. Audit methods primary purpose is to ensure this. MOTIVATION FOR TESTING Systems contain many individual subsystems. Usually sub-systems and programs are individually tested. However when a whole system is integrated unforeseen errors may be seen. Thus before releasing a system the entire operational system should be tested for correctness and completeness. MOTIVATION FOR SECURITY Systems contain sensitive data about the organization and also about persons working in the organization. This data should be protected from spies, thieves or disgruntled employees. Thus access should be carefully controlled and provided only on a need to know basis. When computers are networked corruption/erasure may take place due to viruses. Services may be disrupted due to denial of service attacks. Thus systems should be designed with appropriate security measures.
MOTIVATION FOR DISASTER RECOVERY Organizations depend on Information systems for their entire operations. It is thus essential to ensure continuity of service when unforeseen situations such as disk crashes, fires, floods and such disasters take place. Thus it is essential to ensure quick recovery from disasters and ensure continuity of service.
LEARNING GOALS
At the end of the module you will learn:
Why controls are necessary in Information systems Methods of controlling Information systems How controls are introduced in Information systems Why Information systems need auditing How are Information systems audited The methods used to test Information systems How the security of an Information system is ensured
LEARNING UNIT 1
Controls in Information systems
CONTROL AUDIT AND SECURITY OF INFORMATION SYSTEM CONTROL- Method to ensure that a system processes data as per design and that all data is included and are correct AUDIT AND TESTING - Ensure that the system is built as per specifications and that processed results are correct. Protect systems from frauds. SECURITY- Protection of data resources, programs, and equipment from illegal use, theft, vandalism, accidents, disasters etc. NEED OF CONTROLS Information systems handle massive amounts of data accidents such as not including some data can cause serious damage. Incorrect data entry can lead to high monetary losses. Credibility in the information system may be lost if errors are found in operational systems. OBJECTIVES OF CONTROLS To make sure data entering the computer are correct, check clerical handling of data before it is input to a computer. Provide means of detecting and tracing errors that occur due to bad data or bad program. Ensure that all legal requirements are met.
CONTROL TECHNIQUES ORGANIZATIONAL MEASURES Well-defined responsibility for input preparation, delivery, output use, operation and maintenance. Changes in program and data (if any) should be documented. Performance of task and recording must be by different persons to prevent frauds. INPUT PREPARATOIN CONTROL -Sequence numbering -Batch controls -Data entry and verification -Record totals -Self checking digits PROCESSING CONTROLS PROOF FIGURES An additional data element introduced to detect data entry/processing error Example:item code,qty supplied,cost/unit,proof cost(proof cost is additional data introduced). Proof cost=(H-cost/unit)where H is a constant > maxcost Check if H * qty = qty *proof cost + qty * cost/unit If two sides are not equal, there is an error. TWO WAY CHECK Calculate same qty in two different ways and they should be equal Example : gross pay - deductions = net pay RELATIONSHIP CHECK We know relation between variable. Example : Rebate total = Sales * discount percent CHECKPOINT RESTART Periodical storing of process state. If there is a failure roll back to saved state and restart computation. CHECK POINTS also useful to check intermediate results in long and complex calculations. Region where an error occurred can thus be isolated
LEARNING UNIT 2
Need and methods of auditing Information systems
AUDITING OF INFORMATION SYSTEMS OBJECTIVES Ensure computer based financial and other information reliable Ensure all records included while processing Ensure protection from frauds AUDIT METHODS AUDITING AROUND COMPUTER : Take sample inputs and manually apply processing rules and compare outputs with computer outputs AUDITING THROUGH THE COMPUTER : Establish audit trail which allows examining selected intermediate results. Control totals provide intermediate checks AUDITING THROUGH THE COMPUTER Facility to trace transaction value and print intermediate results Selective printing of records meeting criteria specified by the auditor For example :Inactive accounts, overactive accounts, accounts with high balance Comparing credit and debit balances Ensure logs are kept of who did what in critical data entry and processing to fix responsibility. Called an Audit trail. Auditors own check inputs and expected outputs. AUDITING WITH THE COMPUTER Use special audit packages to check system Audit package allows Extracting data based on the specified criterion for inspection (e.g. Students with wide disparity in marks in two subjects) Totaling specified subset of data for check Procedure to check sale discounts Process with independent data file created by auditor and verify to see if system is as per specification LEARNING UNIT 3
Testing Information systems OBJECTIVES To ensure the entire system will perform as per specification Ensure system meets users requirements Verify if controls function as intended To make sure incorrect inputs, incorrect processing and incorrect outputs (if any) will be detected during operation Should include both computer based and manual processes Remember that system testing is done before a system is released as ready for operation CLASIFICATION OF SYSTEM TESTS PROGRAM TESTS -Program tests with test data - Normally individual modules tested then integration test done - Test boundary conditions - Test using loop counts SYSTEM TESTS -Results from a program fed as input to a succeeding program - a string of programs run one after another -All programs in a complete system are tested together as a whole. Tested using unreasonable data and non key data besides normal test data for whole system PILOT TESTS -Use data from manual system to test system when it is first implemented. If it is modification of earlier computer based system use data and output from that system PARALLEL RUNS -Run both manual and computer based systems with same live data and see if both give identical results -If it is re-engineered (i.e.,Modified) system run both old and new systems and compare results
LEARNING UNIT 4
Security of Information systems Security means protection of data from accidental or intentional modification, destruction or disclosure to unauthorised persons POTENTIAL THREATS TO SECURITY Natural disasters such as fire, floods, earthquakes Accidents such as disk crashes, file erasure by inexperienced operators Theft/erasure of data by disgruntled employees Frauds by changing programs, data by employees Industrial espionage Viruses/Worms Hackers who break into systems connected to the internet Denial of service attacks by flooding with mail SECURITY MEASURES Regular back up of data bases every day/or week depending on the time criticality and size Incremental back up at shorter intervals Backup copies kept in safe remote location -particularly necessary for disaster recovery Duplicate systems run and all transactions mirrored if it is a very critical system and cannot tolerate any disruption before storing in disk. Physical locks Password system Biometric authentication (Eg: Finger print) HOW TO PROTECT DATA/PROGRAMS Data/Programs can be protected in the following ways: Encrypting sensitive data/programs Identification of all persons who read or modify data and logging it in a file Training employees on data care/handling and security Antivirus software Firewall protection when connected to internet
DATA SECURITY, PRIVACY AND INTEGRITY Data security is concerned with protecting data from erasure, theft, unauthorized access and unauthorized modifications. Data privacy is concerned with protecting data regarding individuals from being accessed and used without the permission/knowledge of concerned individuals Data integrity is concerned with the quality, reliability and trustworthiness of raw as well as processed data Security does not imply privacy or integrity Privacy controls need specific law against disclosure of personal data Ultimately data and system integrity most important
REFERENCES
1. Most of the material in this module has been taken from Chapter 15, Control, Audit and Security of Information in the book Analysis and Design of Information Systems, 2nd Edition, Prentice Hall of India, 2002, by V.Rajaraman. 2. M.Bishop, Computer Security, Pearson Education Asia, New Delhi, 2003. It is an comprehensive book cover 1000 pages) which discusses security in great details. Going through the contents pages (pp.vii to xxx) will give a student a glimpse of various aspect of security, audit and integrity of information systems. 3. D.A. Watne, P.B.B. Turney, Auditing EDP Systems, Prentice Hall Inc. N.J., U.S.A., 1990, is an extensive treatment of auditing information systems.
MODULE 13
ELECTRONIC COMMERCE Contents
2. LEARNING UNIT 1 What is E-Commerce?
3. LEARNING UNIT 2 Electronic Data Interchange 4. LEARNING UNIT 3 Security of E-Commerce 5. LEARNING UNIT 4 Payment in E-Commerce 6. REFERENCES
ELECTRONIC COMMERCE
Motivation With the emergence of internet and the world wide web new methods of carrying out business transactions using the world wide web began to be explored. Electronic Commerce emerged as a very important application of the world wide web. Today it is difficult to find an isolated computer. Computers in an organization are interconnected to form intranets and Intranets of the cooperating organizations are interconnected to form extranet. It is cheaper and faster to carry out business transactions within an organization and among organizations electronically using the network connection. Thus it is important to understand how business transactions are carried out electronically reliably and securely. When designing information systems it is essential to understand the emerging web based transactions. A number of organizations are exploring how to carry out all day-to-day operations electronically using the intranet in a so-called paperless system. It is thus important for a student to understand how to design such systems.
Learning Goals At the end of this module you will know: The basics of Electronic Commerce abbreviated as e-commerce The advantages and disadvantages of e-commerce Architecture of e-commerce systems Electronic Data Interchange in e-commerce The need for security in e-commerce transactions and how to ensure it How Electronic payment schemes work in e-commerce.
LEARNING UNIT 1
What is E-Commerce?
DEFINITION Sharing business information, maintaining business relationships and conducting business transactions using computers connected to a telecommunication network is called E-Commerce CLASSIFICATION CLASSIFIED AS : BUSINESS TO BUSINESS (B2B) BUSINESS TO CUSTOMER (B2C) CUSTOMER TO CUSTOMER (C2C) E-commerce Applications-example RETAIL STORES - Books, Music AUCTION SITES COOPERATING BUSINESSES Placing orders, paying invoices etc. ELECTRONIC BANKING BOOKING TICKETS - TRAINS, CINEMA, AIRLINES ELECTRONIC PUBLISHING FILLING TAX RETURNS WITH GOVERNMENT DEPT.
Business To Business E-commerce
LAN of buisness2
Public switched telephone network
LAN of buisness1
PSTN or LEASED LINE Vendor Local computers Purchase store accounts Local computers
Local LAN of business would normally follow TCP/IP protocol of internet and is called corporate intranet Purchase order entered by business1 in its PC and electronically dispatched to vendor (by e-mail) Vendor acknowledges electronically the order Vendor dispatches goods (physically) and delivery note electronically to business1 Business 1 can compare delivery note against order -both are in computer readable form Discrepancy note(if any) can be immediately sent to the vendor(business 2) Business 1 can carry out all local transactions using its LAN Local transactions are inventory update by stores - advice to accounts to pay for goods taken into stock Accounts can make payment electronically to Vendor
Implementing B2B E-commerce-requirements 1.Agreed on formats for Purchase order, delivery note, payment order etc. Standard known as EDI (Electronic Data Interchange Standard) is used to send documents electronically. 2.Each Business must have corporate intranet and the two nets are connected by PSTN or leased line. 3.Transactions must be secure - particularly if PSTN is used. 4.Secure electronic payment methods are required.
Steps In B2C E-commerce 1. Customer uses a browser and locates vendor or he has vendor's web page address 2. Sees Vendor's web page listing of items available, prices etc 3. Customer selects item and places order. Order may include credit card details or may be cash on delivery 4. Vendor checks with credit card company customers credit 5. Credit card company OKs transaction 6. Vendor acknowledges Customers order and gives details of delivery date, mode of transport, cost etc 7. Vendor orders with distributor who ships item to vendor's warehouse from where item supplied to customer 8. Customer's credit card company debits his account, credits vendor's account and sends bill to customer for payment.
Customer to Customer E-Commerce
Customer 1
Internet
Customer 2
Wants to sell Item 1 Brokers website
Wants to buy Item 1
Advertises - "for sale" Brings together buyer and seller Transports items Collects fee from both Seller &Buyer
Advantages Of E-commerce 1. Buying/selling a variety of goods and services from one's home or business 2. Anywhere, anytime transaction 3. Can look for lowest cost for specific goods or service 4. Businesses can reach out to worldwide clients - can establish business partnerships 5. Order processing cost reduced 6. Electronic funds transfer faster 7. Supply chain management is simpler, faster, and cheaper using ecommerce - Can order from several vendors and monitor supplies. - Production schedule and inventory of an organization can be inspected by cooperating supplier who can in-turn schedule their work.
Disadvantages Of E-commerce 1. Electronic data interchange using EDI is expensive for small businesses 2. Security of internet is not very good - viruses, hacker attacks can paralise e-commerce 3. Privacy of e-transactions is not guaranteed 4. E-commerce de-personalises shopping. People go shopping to meet others - window shop and bargain E-commerce System Architectures LOGICAL LAYERS Application layer Middleman services SERVICES IN LAYER B2B,B2C,C2C Hosting services, value added nets payment services, Certificates Encryption, EDI, Firewalls HTTP, HTML, XML, OLE Software agents Intranet, internet, extranet PSTN, LAN, Bridges, routers Layered architecture
Secure messaging World wide web services
Logical network Physical network
LEARNING UNIT 2 Electronic Data Interchange Computer readable forms for business documents such as invoices, purchase orders, delivery notes needed in B2B e-commerce so that edocuments can be exchanged. Essential to eliminate manual data entry, which is error prone Essential to agree on common formats for commonly used forms. Electronic data interchange (EDI) standard gives specifications for commonly used standard business forms Currently two standards are available for EDI forms It is possible to adapt these standards for documents which use XML for specification. EDI Specification Defines several hundred transaction sets corresponding to each type of business document such as invoice, purchase order etc. Defines data segments - corresponding to groups of data elements such as purchase order line. Defines data elements - which are individual fields such as price, quantity etc EDI Standards ANSI X.12 standard proposed by American National Standards Institute EDIFACT (Electronic Data Interchange For Administration Commerce and Trade) standardized by United Nations Economic Commission for Europe for international trade EDIFACT used in India for government transactions - customs, central excise etc. EDI Transactions in B2B E-commerce Cooperating businesses agree on EDI standard. Programs needed to translate data received in EDI format to a form needed by the application program. Method of sending/receiving data between businesses to be agreed on - is it PSTN, Extranet or VAN (value added network) service? Important to ensure reliable, guaranteed and secure receipt of electronic documents by intended receiver.
EDI Using Value Added Network Service VAN provides post box for all subscribers, guarantees delivery and is open 24 hours, 7 days a week. Provides security, acknowledgement, audit trails for transactions, non repudiation by users. Some VANS provide conversion of EDI forms to application format. Disadvantages are it has high cost, that may not be cost-effective for smaller businesses
EDI Using Internet Cheaper method for use by small business is to use XML for EDI and email, instead of VAN. Establish EDI form standard - XML appropriate Document Type Definition (DTD) publicised using organizations web page-cooperating business can use a DTD to interpret XML documents. Use MIME (multipurpose internet mail extension) to attach EDI forms to email messages. Can use Simple Mail Transfer Protocol (SMTP) of internet If secure transmission needed use S/MIME (Security enhanced MIME) which uses encryption and digital signature (We will describe encryption and digital signature later in this module). If very long document or many documents are to be sent together File Transfer Protocol (FTP) may be more appropriate.
LEARNING UNIT 3
Security of E-Commerce Transactions between organizations take place in many e-commerce applications using the Internet. Internet is widely accessible and insecure as eavesdropping is possible. Hence, there is need to protect company confidential information from snoopers. We also need to protect a company's network from unauthorised entry. When an organization receives a message it has to be sure from whom it came and whether the message is authentic and not changed by an unauthorised person. We thus need a digital signature which can be used in a court of law. Network Security Using Firewall Firewall is a security device deployed at the boundary of an organization' s network to protect it from unauthorised external access. It links an organization's intranet to the internet and restricts the type of traffic that it will pass, thus providing security. Simple firewalls may be implemented in some routers, called packet filtering firewalls, they pass only some packets based on simple specified criteria such as -Type of access (such as email, ftp, telnet as determined by TCP port number) -Direction of traffic -Source or destination IP address -Time of day Proxy Application Gateway Proxy application program running on a firewall machine is the one which acts on behalf of all members of an organization wanting to use the internet. This program monitors all requests - allows access to only designated addresses outside, limits use of certain browsers and disallows use of some protocols with known security holes. Proxy application program may also be allowed to run on some user's machine who have authorization for internet use.
Hardened Firewalls With Proxy Application Gateway Any one from inside or outside an organization give their user id, password, service required to the firewall machine which acts as one's proxy (ie.does ones work on his behalf). Proxy firewall is now server to the requestor's desktop PC and also a client to some other requested service acting on requestor's behalf. Firewall needs proxy agent for each service requested such as FTP, HTTP, TELNET etc. Now proxy firewall is the initiator of all sessions and thus knows every activity - thus ensuring security. Firewall with a proxy function replaces the source address of transaction requestor with its own IP address -this ensures that others on internet see only firewall's IP address - all other IP addresses of organization are hidden Data Encryption With Secret Keys Data sent via a public network may be accessed and used by unauthorized persons. Thus it is necessary to scramble it so that even if one accesses it, it cannot be understood. Similarly data stored in data bases accessible via internet should be scrambled. Method of scrambling is known as encryption. Method of unscrambling is known as decryption. Plain Text And Ciphertext Plain text is data in its natural form Encryption is taking data in any form(Text, Audio,Video etc.) and transforming it to another form which cannot be understood Transformed data is known as cryptogram or cipher text
Example Text Encryption
Start plaintext Block plaintext (5character blocks) Transpose characters with permutation (4 1 2 5 3) Substitute character by the one 4 letters away (eg AE,ZD)
THIS IS A MESSAGE X THISI SAMES SAGEX

41
STHII ESASM ESAXG
WXLMM IWEWQ IXEBK
Cipher text This is an example of two transformations - permutation followed by substitution The keys are permutation function and substitution function
Symmetric Encryption PLAINTEXT (m1,m2mn ) CIPHER TEXT (c1 c2, c3.cn )Where ci = k( Ti (mi) ) In which Ti is permutation of ith character and k is substitution. Decryption by applying same transformations in reverse on cipher text. This method called symmetric key encryption as encryption and decryption performed using same key. Normally the encryption/decryption algorithm is publicised. Only key is secret. Problem is to ensure secrecy of key when it is sent to partner. If the key is to be sent to many partners need for separate key for each partner. Directory of who was sent which key is to be kept and used for each transaction. Directory should be secure. If large number of partners are there key distribution becomes very difficult. Advantage of symmetric key is easy and fast to transform plain text to cipher text.
Digital Encryption Standard

DES - Proposed by IBM in 1975 Standardised by US Govt in 1977 It is a combination of permutation and substitution on blocks of 64 bits. A message is broken up into 64 bit blocks and each block is separately encrypted.
#General idea used in DES M = PLAINTEXT 01101100 11011000 11011010 K = KEY 10101111 00101100 01011011 E= MK 11000011 11110100 10000001 encryption M= E K 01101100 11011000 11011010 decryption
Digital Encryption Standard Algorithm Before applying DES the text is split up into the 64 bit blocks. DES applied on each 64 bit block. Encryption method Step 1: Apply an initial permutation on a block.Result is B=IP(P) where P is the 64 bit block IP Initial Permutation function and B the result. Step 2: Split B into 32 bit blocks Li = leftmost 32 bits Ri = rightmost 32 bits. Step 3: Pick a 56 bit key. Permute it Step 4: Left circular shift it by 1 bit giving K1. Step 5: Perform a complex sequence of operations and obtain X1 = F(R1,K1) (The complex set of operations include table look up and dropping bits). Step 6: Find R2 = L1 + X1 Step 7: Set L2 = R1 Repeat steps 2 to 7 16 times to get B16 = L16,R16 Step 8: Apply inverse of initial permutation on B16 The result is the encrypted block
In summary the DES encryption applies the following transformation 16 times. The ith round transformation are Li+1= Ri Ri+1= Li F(Ri,Ki) Each round has a different key Ki For Decryption the process of encryption is reversed. The encrypted block is permuted using IP-1.On this transformations are applied starting with K16 and going to K1 last. The keys and F are same as those used in encryption process. The encryption process uses simple binary operations. They can thus be realised in hardware as an integrated circuit chip. DES chips are inexpensive. Key is externally fed.
Details of One Round of DES Encryption
DES Chip
64 Input block Key 56 DES CHIP
64
Encrypted Block
Observe that from initial key others are derived by circular shifts Decryption chip inputs encrypted block and key and the output is decrypted block
DES - Discussion Cryptananalysis is technique for breaking a code, given the samples of encrypted messages. If plain text also known it is somewhat easier. DES code can be broken if key is found. The easiest method of breaking a code is by brute force of trying out all possible keys to decrypt message. With increase in speed of computers it has now been shown that DES key can be found in less than 12 hrs with a fast computer (1 Million decryption per microsecond). Thus DES is practically useless now (original DES was invented in mid 70s). New more secure symmetric encryption algorithm is needed. An extension of DES called triple DES is shown to be more secure. Triple DES Triple DES uses three different keys and three executions of DES algorithm. The algorithm is Cipher text = Ek3 [Dk2 [Ek1 [Plain Text]]] where Ek[X] = DES Encryption of X using key K and Dk[X] = DES Decryption of X using key K Remember that in DES Decryption of encrypted plain text with a different key is almost same as another encryption. This is true as encryption and decryption use the same algorithm. To decrypt cipher text we reverse the operations. Plain text = Dk1[Ek2 [Dk3[Cipher Text]]]
BLOCK DIAGRAMS OF TRIPLE DES
K3
Cipher text (64bit block)
K1
Plain text
Using DES thrice is equivalent to having a DES key length of 168 bits. Brute force method to break triple DES with 106 decrypts per micro second will take 5.9 X 10 30 years! Even at 1012 fold increase in computer speed will make triple DES secure against brute force attacks to break code The only reason D is used as middle step in triple DES is to allow decryption of data encrypted using single DES hardware. In this case K3=K2=K1 (Single key used) (See block diagram) Triple DES will be quite popular for a foreseeable future as it is very secure, can be realised by simple hardware. Triple DES has two disadvantages 1. It is slow to implement in software 2. It uses 64 bit blocks. Thus new standards were explored.
Requirements of Symmetric Key Cryptography Algorithm(NIST) Advanced Encryption System(AES) National Institute for Standards Technology put out a call for proposals for new crypto system with following requirements. Must provide a high level of security (i.e. difficult to decrypt in finite time) Must be completely specified and easily understood. Security must reside in key Not in algorithm Must be available for all users Adaptable for use in diverse applications e.g.credit cards Implementable economically in electronic devices Must be efficient to use as both software and hardware Must allow one to validate it. Must be exportable No trap door Must use 128 blocks and key lengths of 128,192 or 256 bits depending on the level of security desired. In October 2000 it announced the selection of an algorithm called Rijin dael(Pronounce RAIN DOLL) as new Advance Encryption Standard (AES) Details may be found in www.nist.gov/aes
Public Key Encryption In Private Key Encryption transmission of key without compromising not easy. It is necessary to assign different private key to each business partner. When this is done a directory of keys should be kept which should be secret. This is difficult. Only secure way is to change the private key every time a message is sent. Public Key Encryption eliminates the key distribution problem. There is a pair of keys for each organization - A Private Key and its Public Key. If A wants to send message to B, A encrypts the message with B's Public Key When message is received by B he decrypts it with his Private Key .
RSA Code Details.R Wants To Find His Public And Private Keys 1. Pick large primes p and q. Let n =p * q 2 Find = (p-l)*(q-l) 3 Find e relatively prime to , i.e. gcd(,e)=1; 1<e<. {e,n} is R's Public Key 4 Find a number d which satisfies relation (d * e) mod () =1 {d,n} is Rs Private key 5. Let plain text = t. Encrypt t using Rs public key. Encryption = te (mod n) = c (cipher text) 6.Decryption cd (mod n) =t (Both n and e should be known to encrypt. Similarly both n and d should be known to decrypt) Example Of RSA Use This example is a toy example to illustrate the method. In practice the primes p and q will be very large each at least 300 digits long to ensure security. RSA Algorithm 1.Pick as prime numbers p=3,q=11 n = p * q=33 Note : The message to be encrypted should be smaller than 33.If we do letter by letter encryption of English alphabets (A to Z as 1 to 26) this is OK 2. = (p-1) x (q-1) = 2 x 10 = 20 3.Pick a number relatively prime to 20. We pick 7. The Public key of R = {7,33} 4.To pick private key of R find d from relation (d x e)mod() = 1 (d x 7) mod (20) =1 This gives d =3 Therefore, the private key of R = {3,33}
Applying RSA Algorithm 1.Let the message be CODE If we use code C=3, O=14,D=4,E=5 The message is 3,14,4,5 2.We will encrypt one letter at a time Thus cipher of plain text 3 is 3e mod (n) =37 mod(33) 37 mod (33) =2187 mod (33)=9 (14)7 mod (33) = 105413504mod(33)=20 (4)7 mod (33) =16384 mod (33) =16 (5)7 mod (33) =78125 mod(33) = 14 3.Thus cipher text = 9,20,16,14 4. Decryption : cd mod (n) d=3,n=33 93 mod (33) = 729 mod(33) = 3 203 mod(33) = 8000 mod(33)=14 163 mod(33) = 4096 mod(33) =4 143 mod(33) = 2744 mod(33) =5 We see that we get the original text 3,14,4,5
Discussion on RSA The security RSA encryption is dependent on the fact that factorising a large prime number to its factors is very difficult. RSA algorithm is symmetric. In other words if a plain text is encoded by the private key of S, the sender, it can be decrypted using the public key of R, the receiver (We will find later that this symmetry property is used in creating digital signature) Example using Ss keys Ss Private key = {3,33} Ss Public key = {7,33} If we encrypt a plain text using Ss private key and send it to R,R must be able to decrypt it with Ss public key. Assume Plain text is encrypted with Ss private key and get cipher text = (14)3 mod (33)=5 Decrypting with Ss Public key we get (5)7 mod (33) =78125 mod(33) ={(2367 x 33) + 14} mod (33) =14
DISCUSSION RSA Vs DES RSA Public key has two keys a private secret key and a public open key. RSA implemented as a program (software) It is computationally complex to encode plain text and decode cipher text using RSA DES Same key for encryption and decryption. It is a single key system Also called symmetric key system DES computationally simple-implemented in hardware - thus very fast Each communication between two businesses can use a different key provided key is securely exchanged If key can be sent separately encrypted using RSA, then a recipient can use this to decrypt DES encrypted message.
Combining RSA And DES
Advantages: Key is sent along with the plain text. Encrypted using RSA Key is small-fast to encrypt/decrypt Each transaction using DES can have a different key- higher security and also fast.Key directory not needed.
Digital Signature REQUIREMENTS Needed to ensure that a message received from say "A" is indeed from him Signature should be tied to the message sent by "A" SENDING STEP Sender sends key using RSA system Sender sends plain text "M" using DES Receiver decrypts cipher text using DES and the key received from sender call it "MR" Sender hashes plain text "M' using a hashing function - let the hashed text be "H" Hashed text "H" encrypted by sender using his Private key DS is his signature as H encrypted with his private key DS decrypted by receiver using sender's Public key and obtains "H" Authentication step Receiver hashes MR" using hash function and gets HR" Receiver compares H" with HR" If they match then it is a signed authenticated plain text TM is signed as sender has encrypted the hashed text using his private key which he only knows.If H=(MR)(HASHED) = HR where MR is the received message then MR must have been sent by sender. He cannot repudiate.
Signing A Message Using Digital Signature
Certificate Authority For Digital Signature As the hashed message in Digital Signature system is decrypted using senders public key, this key must be certified as belonging to sender by an independent authority Certification needed to ensure authenticity of public keys of organizations as public key is used to verify signature Certification authority keeps data base of public keys of organizations participating in e-commerce after verifying their credentials. Potential business partners can authenticate public keys by sending request to certifying authority who certifies after receiving a fee for his services
LEARNING UNIT 4
Payment in E-Commerce In any commercial transaction payment is an integral part for goods supplied. Four types of payments may be made in e-commerce they are Credit card payments Electronic cheque payments Micro or small payments for internet based services such as music download. Electronic-cash payments Each of these requires a different system of payment.
Review Of Manual Credit Card Payment Four parties are invoked in credit card payments. They are: Customer having a credit card Merchant accepting credit cards (such as VISA, MASTER CARD etc) Bank which issues credit cards to customers and collects payments from customers Acquirer which is financial institution that establishes an account with a merchant, validates credit card information sent electronically by merchant and authorises sale based on customers credit status. Acquirer accepts credit cards of several card companies and guarantees payment to merchants. Acquirer gets reimbursed by bank issuing credit card.
Sequence Of Transactions In Manual Credit Card Payment Step 1: Customer presents credit card after purchase. Merchant swipes it on his special phone and enters amount Step 2: Data from merchants terminal goes to acquirer via a private telephone line Step 3: Acquirer checks with the issuing bank validity of card and creditavailable Step 4: Acquirer authorizes sale if all OK and sends approval slip which is printed at merchants terminal. Step 5: Merchant takes customers signature on the slip-verifies it with the signature on card and delivers the goods. Step 6: The acquirer pays the money to merchant and collects it from the appropriate issuing bank. The bank sends monthly statement to customer and collects outstanding amount.
Block Diagram Of Steps In Credit Card Transaction
Credit Card In E-commerce Main Problems 1.Main Problem is: if a merchant had only a web presence, a Customer needs to be reassured that the merchant is genuine. 2.Customers Signature cannot be physically verified. Customer needs electronic signature. 3.Secrecy of credit card number has to be ensured. 4.Dispute settlement mechanism must be worked out.
Secure Electronic Transaction Protocol To use SET protocol it is assumed that 1. Each party involved in e-commerce transaction has a public and private key.A public key encryption is used. 2. All parties have their public keys certified. 3. A standard hashing algorithm is used to create message digest for signature verification. Main Features Customers credit card number is not revealed to a merchant. It is revealed only to the acquirer who authorises payment. Purchase invoice details are not revealed to the acquirer.Only the credit card number and total amount are revealed to him Purchase invoice + credit card number is digitally signed by the customer.In case of a dispute an arbitrator can use this to settle the dispute. (Computer protocol runs to 262 pages and may be found in www.ibm.com/redbook/SG244978) DUAL SIGNATURE SCHEME Dual signature scheme is an innovation in SET protocol Steps followed in the protocol are: 1. Customer purchase information has 3 parts (i) Purchase Order (PO) (ii) Credit Card Number (CCN) (iii) Amount to be paid 2. Merchant should know (PO + Amount)=POA 3. Acquirer should know (CCN+Amount)=CCA 4. Hash POA using standard Hash algorithm such as RSAs MD5. Call it POD. 5. Hash CCA using MD5. Call it CCD
6. Concatenate POD and CCD. Call it (POD||CCD) 7. Hash (POD||CCD) giving PPD 8. PPD is encrypted using Private key of customer. This is customers digitally signed purchase order DS = Encrypt (PPD) with CPRK CPRK is Private key of customer. This is sent to merchant by customer. DS is called Dual Signature as a private key is used to sign two separate digests concatenated together. 9. POA separately encrypted by customer using merchants public key and sent to merchant 10. Merchant decrypts it using his private key. He thus gets Purchase order +Amount. He can hash it and get POD 11. CCD and DS also sent to merchant. From CCD merchant cannot find CCN. 12. Merchant can decrypt DS using customers public key and get PPD. Customer must have a certified public key for verification. 13. Merchant can compute H(POD||CCD) If H(POD||CCD)=PPD,then customers signature is OK. 14. Merchant forwards to acquirer CCA,POD,DS each separately encrypted using acquirers public key. 15. Acquirers forwards to bank. 16.Bank finds CCN and Amount.Verifies balance amount.Bank also verifies customers digital signature using CCD,POD and DS.If all OK acquirer is informed. 17. Acquirer OKs transaction to merchant 18. Merchant supplies item.Gets payment from acquirer.Bank collects from customer.
Dual Signature System
EM: Public key of Merchant EB: Public key of bank (POA) EM is encrypted value with merchants public key POA: (Purchase Order + Amount) POD: Purchase Order Digest CCA: (Credit card + Amount) CCD: (Credit card + Amount)Digest || : Concatenation operator which strings together POD and CCD PPD : Purchase Payment Digest CPRK: Private Key of Customer, CPK: Public Key of customer - Step1 : [(POA)EM , (CCA)EB , CCD ,DS] to Merchant - Step2 : Merchant sends [(CCA)EB , DS , POD] to Acquirer - Step3 : Acquirer sends (CCA)EB + DS +POD to Bank. - Bank finds (CC No. + amount) using its private key sees if OK Computes H(CCD||POD) Decrypts DS with customers public key If (DS)CPK = H(CCD || POD) Signature verified - Step4 : OK to acquirer if credit and signature OK - Step5 : Ok to Merchant Merchant finds H(H(POA) || CCD)=PPD Decrypts DS with public key of customer. If it gives PPD signature verified. - Step6 : Sends delivery details - Step7 : Bill to customer
Step1: Customer fills Purchase order, amount and credit card number in his PC. A software in PC strips it into two parts Purchase Order + Amount (POA), Credit Card No. + Amount(CCA) POA is encrypted using merchants public key and CCA with banks public key.These are sent with customers public key certificates, CCD and DS. Merchant verifies DS. Step2: Merchant forwards to acquirer DS and CCD (These are encrypted using acquirers public key) Step3: Acquirer forwards to bank. Bank decrypts CCA with its private key.Checks validity of credit card and balance. If OK informs acquirer Step4: Acquirer OKs transaction to merchant and credits merchant's account. Step5: Merchant accepts customers order and proceeds to dispatch items. Step6: At the end of the month bank sends bill to customer. (All these done by clicks of mouse button)
Electronic Cheque Payment Most cheque based transactions will be between businesses -thus a special hardware is attached to PCs for signing payments. Signature is encrypted by hardware. All public keys of business partners authenticated by certifying agencies. Steps in transaction 1. Purchaser sends purchase order and payment advice signed with his private key to vendor.He also sends his public key certificate encrypted with vendor's public key to vendor 2. Vendor decrypts with his private key, checks certificate and cheque, attaches deposit slip, encrypts with bank's public key and sends it to bank. he also sends his public key certificate 3. Bank checks signatures, credits and clears cheque. Credit advice goes to vendor, and consolidated debit advice sent to purchaser periodically Clearing Cheque Payment Electronically
Payments Of Small Amounts On Internet NETBILL'S PROPRIETARY SYSTEM Customer charged only when information delivered Vendor guaranteed payment when information delivered Netbill is the intermediary MAJOR STEPS When customer accepts quote for information, vendor sends encrypted information without key to customer Payment order sent to vendor with checksum of information obtained. It is signed by customer Vendor sends to NET BILL copy of purchase order and the key for decryption NET BILL checks credit of customer. If ok it sends key to customer. Credits vendor account and debits customer account. Key sent to customer to decrypt information Customer decrypts information Paying for Small Internet Transactions
Electronic Cash Cash for small payments Cash preserves anonymity Cash should not be traceable Cheaper than credit card transaction DES normally used for these transaction as it is cheap and amount involved is small Traceable cash payments STEPS 1.Customer withdraws coins in various denominations signed by bank STRUCTURE------> serial no, denomination, signature of bank Bank stores issued coins copy 2.Customer pays vendor using signed coins 3.Bank checks whether it is current or spent 4.If current it authorises dispatch of goods and credits vendor account with electronic coins
Electronic Cash Payment
REFERENCES 1. Most of the material in this chapter are taken from Chapter 16, Electronic Commerce of the book Analysis and Design of Information Systems (2nd edition) by V.Rajaraman, Prentice-Hall of India, New Delhi,2004 2. There are many books on E-Commerce, which describe E-Commerce in detail. Among these are: E.Awad, Electronic Commerce, Prentice-Hall of India, New Delhi 2002.This book takes managers perspective and not very strong on technology aspects of E-Commerce. All the examples have a strong American bias as the book is primarily intended for students in America. The language is clear but the book is verbose. What can be said in 100 pages is said in 400 pages as it includes all kinds of gossip not relevant to students wanting the learn the subject. 3. D.Minoli and E.Minoli, Web Commerce Technology Handbook, Tata McGraw-Hill, New Delhi, 1999.This book is strong in technology and has wide coverage. 4. W. Stallings, Network Security Essentials, Pearson Education Asia, New Delhi,2001. Has good presentation on DES, Triple DES, RSA and SET protocol. 5. Most traditional Systems Analysis and Design book such as the one by Kendall and Kendall do not separately discuss E-Commerce, they have a cursory treatment at various places in the book.
MODULE 14
CASE TOOLS Contents
2. LEARNING UNIT 1 CASE tools and their importance
3. LEARNING UNIT 2 Some CASE tools and their use
4. REFERENCES
CASE TOOLS
MOTIVATION
Industries routinely use CASE tools as productivity aid to reduce time to develop systems. A student should know what these tools are and how they are useful. The intention of this module is not to make you an expert in the use of these tools but to make you aware about them and their importance in industrial practice.
LEARNING GOALS
What are CASE tools? Why are they important in systems analysis and design? When are they used? How are they used?
LEARNING UNIT 1
CASE Tools and their importance
CASE tools stand for Computer Aided Software Engineering tools. As the name implies they are computer based programs to increase the productivity of analysts. They permit effective communication with users as well as other members of the development team. They integrate the development done during each phase of a system life cycle and also assist in correctly assessing the effects and cost of changes so that maintenance cost can be estimated. Available CASE tools Commercially available systems provide tools (i.e computer program packages) for each phase of the system development life cycle. A typical package is Visual Analyst which has several tools integrated together. Tools are also in the open domain which can be downloaded and used. However, they do not usually have very good user interfaces. Following types of tools are available: System requirements specification documentation tool Data flow diagramming tool System flow chart generation tool Data dictionary creation Formatting and checking structured English process logic Decision table checking Screen design for data inputting Form design for outputs. E-R diagramming Data base normalization given the dependency information
When are tools used Tools are used throughout the system design phase. CASE tools are sometimes classified as upper CASE tools and lower CASE tools. The tools we have described so far are upper CASE tools They are tools which will generate computer screen code from higher level descriptions such as structured English and decision tables, such tools are called lower CASE tools
Object Oriented System Design Tools Unified Modelling Language is currently the standard. UML tool set is marketed by Rational Rose a company whose tools are widely used. This is an expensive tool and not in our scope in his course.
LEARNING UNIT 2
How to use the tools Most tools have a users guide which is given as help files along with the tool Many have FAQs and search capabilities Details on several open domain tools and what they do is given below.
I. SYSTEM FLOWCHART AND ER-DIAGRAM GENERATION TOOL Name of the tool: SMARTDRAW URL: This Software can be downloaded from: http://www.smartdraw.com. This is a
paid software, but a 30-day free trial for learning can be downloaded.
Requirements to use the tool: PC running Windows 95, 98 or NT. The latest
versions of Internet Explorer or Netscape Navigator, and about 20MB of free space.
What the tool does: Smartdraw is a perfect suite for drawing all kinds of diagrams and charts: Flowcharts, Organizational charts, Gantt charts, Network diagrams, ERdiagrams etc. The drag and drop readymade graphics of thousands of templates from built-in libraries makes drawing easier. It has a large drawing area and drawings from this tool can be embedded into Word, Excel and PowerPoint by simply copy-pasting. It has an extensive collection of symbols for all kinds of drawings. How to use: The built-in tips guides as the drawing is being created. Tool tips
automatically label buttons on the tool bar. There is online tutorial provided in:
http://www.smartdraw.com/tutorials/flowcharts/tutorials1.htm http://www.ttp.co.uk/abtsd.html
II. DATA FLOW DIAGRAM TOOL Name of the tool: IBMS/DFD URL: This a free software that can be downloaded from: http://viu.eng.rpi.edu
Requirements to use the tool: The following installation instructions assume that
the user uses a PC running Windows 95, 98 or NT. Additionally, the instructions assume the use of the latest versions of Internet Explorer or Netscape Navigator. To download the zip files & extract them you will need WinZip or similar software. If needed download at http://www.winzip.com.
What the tool does: The tool helps the users draw a standard data flow diagram (a process-oriented model of information systems) for systems analysis. How to use: Double click on the IBMS icon to see the welcome screen. Click
anywhere inside the welcome screen to bring up the first screen. Under "Tools" menu, select DFD Modeling. The IBMS will pop up the Data Flow Diagram window. Its menu bar has the File, Edit, Insert, Font, Tool, Window and Help options. Its tool box on the right contains 10 icons, representing (from left to right and top to bottom) pointer, cut, data flow, process, external entity, data store, zoom-out, zoom-in, decompose, and compose operations, respectively. Left click on the DFD component to be used in the toolbox, key in the information pertaining to it in the input dialogue box that prompts for information. To move the DFD components: Left click on the Pointer icon in the tool box, point to the component, and hold Left Button to move to the new location desired in the work area. To edit information of the DFD components: Right click on the DFD component. The input dialogue box will prompt you to edit information of that component. Levelling of DFD: Use the Decompose icon in the tool box for levelling To save the DFD: Under File menu, choose Save or SaveAs. Input the name and extension of the DFD (the default extension is DFD) and specify folder for the DFD to be saved. Click OK.
III. TOOL TO CONVERT DECISION TABLE TO STRUCTURED ENGLISH
Name of the tool: COPE URL: This is a free tool and should be worked online at
http://www.cs.adelaide.edeu.au/users/dwyer/examples.html
What the tool does: Cope is a program that converts decision tables to Cobol source
statements
How to use: The general arrangement of a Cope decision table is shown in Example
below. This table consists of a heading and four rows. The first two rows are conditions, and the last two are actions. A condition row consists of a number of entries followed by the word is and a Cobol condition. An action row consists of a series of entries followed by a Cobol statement. Example: YYNN YNYN XX - -XXX is A = 0. is B = 0. Move 0 to C. Add 1 to C.
Type in the Decision table in the text area provided (each line should start with 6 blanks and an asterisk), click on Generate Cobol to obtain the Cobol statements of the Decision table. There is online help provided at: http://www.cs.adelaide.edu.au/users/dwyer/COPE-MAN.html#RTFToC1 Another tool (to be worked online) for program code generation from Decision table can be found at http://dtable.projxonline.com/Default.aspx Note: The tools to convert Decision Tables to Structured English is not available.
IV. SYSTEM REQUIREMENTS SPECIFICATION DOCUMENTATION TOOL Name of the tool: ARM URL: The tool can be downloaded without cost at
http://sw-assurance.gsfc.nasa.gov/disciplines/quality/index.php
What the tool does: ARM or Automated Requirement Measurement tool aids in
writing the System Requirements Specifications right. The user writes the SRS in a text file, the ARM tool scans this file that contains the requirement specifications and gives a report file with the same prefix name as the users source file and adds an extension of .arm. This report file contains a category called INCOMPLETE that indicate the words and phrases that are not fully developed.
Requirements to use the tool : PC running Windows 95, 98 or NT. The latest versions of Internet Explorer or Netscape Navigator, and about 8MB of free space. How to use the tool : On clicking the option Analyze under File menu and selecting
the file that contains the System Requirements Specifications, the tool processes the document to check if the specifications are right and generates a ARM report. The WALKTHROUGH option in the ARM tool assists a user by guiding him as to how to use the tool apart from the HELP menu. The README.doc file downloaded during installation also contains description of the usage of this tool.
V. A TOOL FOR SCREEN DESIGN AND DATA INPUTTING Name of the tool: Visual Basic URL: http://www.microsoft.com/downloads/details.aspx?FamilyID=bf9a24f9-b5c548f4-8edd-cdf2d29a79d5&displaylang=en
What the tool does: This tool is used to create the graphical user interface (GUI) to describe the appearance and location of interface elements, you simply add prebuilt objects into place on screen. Help: http://msdn.microsoft.com/library/default.asp?url=/library/enus/vbcon98/html/vbconpart1visualbasicbasics.asp
VI A TOOL FOR DESIGNING AND MANIPULATING DECISION TABLES

Name of the tool: Prologa V.5 URL: http://www.econ.kuleuven.ac.be/prologa Note: This tool can be downloaded from the above given URL, after obtaining the password. What the tool does: The purpose of the tool is to allow the decision maker to construct and manipulate (systems of) decision tables. In this construction process, the features available are automatic table contraction, automatic table optimization, (automatic) decomposition and composition of tables, verification and validation of tables and between tables, visual development, and rule based specification.
References: 1. J.A.Hoffer, J.F.George and J.S.Valacich Modern Systems Analysis and Design, Pearson Education Asia,New Delhi,2002 Chapter 4 Automated Tools for Systems Development has a good discussion of CASE tools. 2. G.Booch, J.Rumbaugh, I.Jacobson; The Unified Modelling Language User Guide, Addison Wesley, Reading, MA, USA, KGG authentic Introduction to Rational Commercial tools for Object oriented modelling 3. URLs of various available CASE tools (a) System flowchart and Er-diagram generation tool: Smartdraw http://www.smartdraw.com (b) Data flow diagram tool: IBMS/DFD http://viu.eng.rpi.edu (c) Tool to convert decision table to structured english: COPE http://www.cs.adelaide.edeu.au/users/dwyer/examples.html (d) System Requirements Specification documentation tool: ARM http://sw-assurance.gsfc.nasa.gov/disciplines/quality/index.php
(e) A tool for screen design and data inputting: Visual Basic http://www.microsoft.com/downloads/details.aspx?FamilyID=b f9a24f9-b5c5-48f4-8edd-cdf2d29a79d5&displaylang=en (f) A tool for creation, manipulation and checking of decision tables:Prologa v.5 http://www.econ.kuleuven.ac.be/prologa

Lecture Note

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lecture Note

Uploaded by

Copyright:

Available Formats

MODULE 1

INFORMATION FOR MANAGEMENT

Data and Information, types of information : Operational, tactical, strategic, Statutory

DATA AND INFORMATION

MANAGEMENT HIERARCHY AND INFORMATION NEEDS

Type of Information Unstructured StrategicLong range planning

Top Managers Middle Managers Line managers

Moderately structured Highly structured

Tactical Short range improvement Operational Day to day policies

Chief Executive (Strategical)

Human Resource manager

Functional areas of management are as follows:

INFORMATION FOR MANAGEMENT

E Human Resource Management

MODULE 2 SYSTEMS ANALYSIS AND DESIGN LIFE CYCLE

SYSTEMS ANALYSIS AND DESIGN LIFE CYCLE

ROLE OF SYSTEMS ANALYST

The following are roles of systems analyst:

ATTRIBUTES OF A SYSTEMS ANALYST

1. MOTIVATION AND LEARNING GOALS

2. LEARNING UNIT 1 Information gathering, strategies, methods

Information gathering, strategies, methods

SYSTEM REQUIREMENTS SPECIFICATION (SRS)

Vendor Delivery note

Discrepancy note Purchase Office

Items Received note

DATA FLOW DIAGRAM (DFD)

Receiving Process Delivery note

Items Received note

Orders Discrepancy note

Data elements in the data flow:

Items Received note: Order no,Item name,Item code,Delivery date,quantity,supplied,units.

4. LEARNING UNIT 3 Cost benefit analysis. Documenting feasibility report

How to formulate project goals and quantify them

STEPS IN FEASIBILITY ANALYSIS

GUIDELINES FOR SEARCHING GOALS

CASE STUDY-HOSTEL INFORMATION SYSTEM

LEARNING UNIT 2 Examining alternative solutions and evaluating proposed solutions

EXAMINING ALTERNATIVE SOLUTIONS

EVALUATING ALTERNATIVE SOLUTIONS

TECHNICAL AND OPERATIONAL FEASIBILITY

Cost benefit analysis. Documenting feasibility report.

PAY BACK PERIOD

PRESENT VALUE METHOD

31271 62080 92434 122339 151802

This also give us less than 5 months as pay back period

STRUCTURE OF EXCUTIVE SUMMARY

SYSTEM PROPOSAL STRUCTURE

1. MOTIVATION AND LEARNING GOALS

DATA FLOW DIAGRAMS

LEARNING UNIT 1 Developing Data Flow Diagrams(DFD)

SYMBOLS USED IN DFD

Stores demand note

EXTERNAL ENTITIES Invoice Order Bill

LEARNING UNIT 2 Describing systems with DFD & Levelling DFDs

Context diagram of mess management is shown

Daily rate Menu

Item needed Each day Overdue Payments

Overdue Bills Chief warden

Note: This diagram gives very little detail

EXPANDED DFD FOR HOSTEL MESS MANAGEMENT

Mess Secretary Update daily rate 1 Billing

Itemized bills at end of month

Items used each day