Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SYLLABUS
2.2 INFORMATION TECHNOLOGY FOR ACCOUNTING AND FINANCE
MODULE - 1
Information Systems and their role in businesses, types of information systems – Operation
support system, management support system, TPS, PCS, EIS, MIS, OAS, DSS, GDSS, expert
systems, artificial intelligence, Information systems at levels of management, HRIS,
Accounting Information system, Marketing information systems, manufacturing and
production information
system, Developing information systems — systems analysis and design, SDLC – types,
introduction to ERP, introduction to cloud computing.
MODULE - 2
IT-GRC (Governance, Risk and Compliance), Information system audit standards – ISO
27001– Information security and management standard (ISMS) , Capability Maturity Model
(CMM),Control Objectives for Information and related Technology (COBIT) – IT
Governance model,Health Insurance Portability and Accountability Act (HIPAA), Statement
on Auditing Standards(SAS) for service organization.
MODULE - 3
Overview of specific section of IT ACT 2008 different sections, electronic contracting,
digitalsignature, cyber offence, certifying authorities, Concepts of Cyber forensics/Cyber
Fraudinvestigation, Overview of Information Security Standards - ISAE 3402/SA 402, ITIL
MODULE - 4
Database definition, types of structures, DBMS software-creating, editing, modifying,
searchingand sorting databases, creating and printing formatted reports, designing custom
screen displays,multiple data files, executing queries and relational algebra
MODULE - 5
Spread sheet software - range, formulas, types of functions, types of charts, what-if analysis-
Goal Seek Analysis, data validation, subtotal, Applying Absolute (Fixed), statistical functions
min, max, count, countif, countA, stdev, mean, mode, median, variance, correlation,
percentile,quartile, rank, financial functions – PV, NPV, NPER, PMT, RATE, IRR, SLN,
SYD, IPMT,DB, logical functions – if, else, and, or, not, multiple if statements, Vlookup,
Hlookup, sortingdata - types, conditional formatting, page layout - settings, filtering data,data
analysis -descriptive statistics, pivot tables
Books for Reference:
1. O’ Brien James — A Management Information Systems, Tata Mc Graw Hill, New Delhi.
2. Lauden and Lauden —. Management Information Systems, Prentice flail of India, New Delhi.
3. Gordan B Davis — Management Information Systems, Mc Graw Hill Internal on.
4. Information Technology Control and Audit, Third Edition, Sandra Senft, Frederick Gallegos,
CRC Press
5. Information System Audit and Assurance, By D. P. Dube, Ved Prakash Gulati, Maraw Hill
Education
6. For modules 4 and 5 the teacher will decide the software of his/her choice and a appropriateBooks
2
3
4
Data can be defined as “collection of facts, which is unorganized, but can be organized into
useful information”
Examples: Employee’s name, Product Name, Prices, Weight etc.,
Note: Data can exists in the form of number, characters, word, graph, sound, images.
Information can be defined as “data that has been converted into a meaningful and useful
context for specific end users”
Example: Processing of Attendance data
Processing includes the task of comparison, sorting etc.,
NOTE:
Data is independent of user, whereas information is user dependent.
Data is the result of routine recording of events and activities, whereas information is
user driven which is not always automatic.
Features of Information
1. It reduces uncertainty
2. It has a value in decision making
3. It is reusable
4. It has surprise element or new value
5. It corrects or confirms previous information
Dimensions of Information
1. Economic Dimension:
2. Business Dimension:
3. Technical Dimension:
1.The Economic Dimension: includes both the cost of information and benefits from use.
The cost of information consists of the cost to acquire data, the cost to maintain data, and the
cost for generation and communicating information.
Types of Information:
1.Strategic Information: pertains mostly to the organization as a whole and its environment
such as information about new technologies, new products, competitors etc. Top management
needs strategic information for its long terms planning.
2.Tactical Information: is required for short terms planning by middle level managers.
Examples are Sales analyses and forecasts, cash flow projections etc.
5
3.Operational information: relates to very short period that may be few hours to few weeks.
Current stock levels of inventory, outstanding orders from customers, work schedule for next
shift etc.
IS Vs IT Payroll
Syste
m
INFORMATIO
N Invent
TECHNOLOGY ory
are used to Syste
Hardware build INFORMATI m
ON
Software
SYSTEMS Marke
Databases ting
Networks Syste
m
Other related
components Custo
mer
Servic
e
Syste
m
Classification of IS
Information
Systems
Operations Managem
Support ent
System Support
Transactio Office
System
Decisi Executi
Process Manag
n automa ement on ve
control
processin tion informa suppo informa
systems
g systems systems tion rt tion
systems syste systems
ms
c. Maintaining data, which involves adding new data, changing existing data, or removing
unwanted data.
Example of transaction processing system:
Reservation systems.
Credit card processing system
Stock market processing system.
Super market processing system
Insurance processing system.
a.Data Entry: Data entry is simply the capturing of business data during the transaction. For
example, when making a purchase at your favorite clothing store the cashier will collect
transaction data by scanning the bar code of the items that you've purchased and by swiping
your credit or debit card through the credit card reader. This same transaction data can also be
recorded through e-commerce web sites on the internet. When automating data entry a few
key points to consider include:
Capture data as early and as close to the source as possible
Capture data through the use of bar codes, magnetic strips and other readable media
Use ATM and/or OCR devices as transaction terminals
b.Transaction processing: There are two different types of transaction processing, batch
processing and real-time processing.
Batch processing is when transaction data is collected and processed periodically. For
example, a retail store might collect transaction data throughout the day but only after the
store closes does the data get processed. The theory supporting batch processing is that it is a
more efficient use of computer resources. Batch processing is also believed to be easier to
control than online processing, but is constantly out of date as transactions are not updated
immediately, but daily, weekly or even monthly.
Real-time processing is when transaction data is instantaneously processed. For example, an
online retailer collects and processes transaction data each time a transaction is made. This is
why customers receive an email confirmation within minutes of their purchase. An advantage
of real time processing is that it supports a high frequency of change; however, extra
precautions must be taken in order to ensure data protection. Online processing is often more
expensive than batch processing; however, the data is always up to date.
d. Document and Report Generation: Documents and reports are created through the
transaction processing system. Some examples include purchase orders, paychecks, sales
receipts, invoices, and customer statements. Important to remember that TPS reports are
operational and do not typically include analysis. Transaction processing systems typically
generate 2 types of reports, action documents and information documents. Action documents
require an action take place and information documents notify that a transaction has occurred.
e. Inquiry Processing: Inquiry processing is when the consumer uses the internet, intranets,
extranets, and web browsers to make inquiries and receive answers concerning the results of
a transaction processing activity. For example, every time you check your bank account
online, you are checking the status of transaction processing activities. Another example
would be when you track the shipping of an online or catalog purchase.
Characteristics Of MIS:
i. MIS is management oriented: The designing of MIS takes care of managers, who meet
the information requirement. The development of the system starts after deciding the
management needs and keeping in view the overall objectives of the management
ii. MIS is management directed: Since MIS requires heavy planning and investment,
management is deeply involved in the design, implementation and maintenance of the
system.
iii. Flexibility and ease of use: MIS has been designed flexible enough to accommodate new
requirements. The system is easy to operate so that not much computer skills are required
on the part of the user to access database for information or for carrying out special
analysis of data.
iv. MIS is integrated system: Five Ms-Men, Money, Materials, Machines, and Methods are
the basic resources of management information and is recognized as an important factor
and its effective use contributes to the success of the management.MIS binds together
databases of all subsystems of the business system and through information interchange,
integrates the organization.
13
ii. Develop and maintain system plan including operational requirements, budget
requirements and schedules.
iii. Develop and implement MIS policies to ensure data accuracy and security.
iv. Develop and implement standardized MIS procedures across all business
applications.
viii. Monitor MIS performance regularly to avoid unplanned outages and down times.
ix. Provide customer support for OS issues, network problems and software
installations, etc.
xi. Supervise and motivate MIS team to work collectively and efficiently.
xii. Coordinate with MIS team to ensure that technology, infrastructure and
operational requirements are met.
Simon on the basis of level of the programmability of a decision, proposed three types of
decisions:
1. Programmed, also known as structured decisions: Programmed or structured are those
decisions, which are well defined and some specified procedure or some decision rule might
be applied to reach a decision. Such decisions/problems are routine and repetitive and require
little time for developing alternatives in the design phase. For example, a decision to
replenish(fill) is an example for structured decision. Here, the decision maker can develop
certain criteria, called decision rule, for reorder decision.
3.Semi Structured decisions: These involve problems that are neither new nor routine.
There is some amount of familiarity with the decision problem but not complete. Example:
Hiring new employees.
Characteristics of DSS
i. It is designed and run by managers
ii. It focuses on decision processes rather than on transaction processing
iii. It is concerned with a small area of managerial activity or a small part of a large
problem
iv. It permits managers to test the probable results of alternative decisions
v. It supports decision-making, usually in solving semi-structured complex problems
vi. It improves managerial decisions and thereby managerial effectiveness
vii. It helps in refining managerial judgment applied to problem solving
viii. It contains a database drawn from internal files and external environment
Examples:
1) Allocating resources
2) Comparing budget to actual results
3) Drilling down to analyze results
4)Projecting revenues, and evaluating scenarios
15
ii. Provides rapid access to timely information and direct access to management reports.
vi. Drill down- to determine how certain data was produced and allows an executive to
get more detailed information if needed.
Purpose of an EIS:
v. Identifies trends
In recent years, the term EIS has lost popularity in favor of business intelligence (with the sub
areas of reporting, analytics, and digital dashboards)
16
Expert systems are composed of two main components: a knowledge base and inference
rules. A knowledge base is the combined subject knowledge and experiences of the human
experts. The inference rules are a set of logical judgments applied to the knowledge base
each time a user describes a situation to the expert system.
A Group Decision Support System, or GDSS, consists of interactive software that allows
for making decisions by a group of participants. The goal of a GDSS is to improve the
productivity of a group to come to a decision. A GDSS is sometimes also referred to as a
'computerized collaborative work system.'
EXAMPLE
Many decisions in an organization require the collaboration and participation of multiple
individuals. For example, consider a company manufacturing electronic consumer products,
such as TVs, DVD players, MP3 players, car stereos, etc. The company is losing market
share to the competition. The company needs to decide whether to keep selling its existing
range of products, focus only on its best-selling products or add new types of products.
This decision requires the input from a number of different units within the organization, such
as marketing, engineering, manufacturing, etc. Let's say the CEO of the company has set up a
task force to develop a recommendation. Each unit in the organization is represented by one
of its managers. How is the task force going to work together to come up with the best
decision?
There are a number of ways for the group members to collaborate. They can have meetings to
share information and discuss the decisions that need to be made. If meeting face-to-face is
not practical, they can use a technology, like videoconferencing. They can also communicate
with each other by e-mail to share ideas and provide updates.
While these approaches can be productive, many decisions in today's world are very complex
and require a lot of different considerations. Having access to the same information can
contribute to better decision making. However, this can quickly become overwhelming, and
not all participants may have the time, skill or interest to analyze all this information. Imagine
having to read through hundreds of pages of a document just to prepare for a meeting.
One strategy not to get bogged down by complexity and information overload is to use
computer-based tools for group decision making.
18
Characteristics of a GDSS
A GDSS has a number of unique characteristics to support a group of participants in their
decision-making process:
ii. Easy-to-use so participants from different backgrounds can all participate effectively
iii. Flexible so it can incorporate the different perspectives and decision-making styles of
the different participants
The most important characteristic, however, is that it provides support for a group to come to
a decision. A number of different approaches can be used.
Artificial intelligence (AI)
MIS DSS
1. MIS is normally used only with 1. DSS can handle unstructured problems
structured problems
3. MIS is typically oriented towards printed 3. DSS reports are usually screen oriented,
reports and documents with the capability to generate reports on a
printer
4. MIS gives an indirect support system DSS gives a direct support system that
that users regularly produced reports provide interactive reports on screen
PRESIDENCY52
COLLEGE
20
To store all the necessary decision-making data, DSSs or EISs often use extremely large
databases, called data warehouses. A data warehouse stores and manages the data required
to analyze historical(past) and current business circumstances from various operational
databases of an organization for business analysis, market research, decision support and data
mining applications.
Data mining (sometimes called data or knowledge discovery) is the process of analyzing
data from different perspectives and summarizing it into useful information - information that
can be used to increase revenue, cuts costs, or both. Data mining software is one of a number
of analytical tools for analyzing data. It allows users to analyze data from many different
dimensions or angles, categorize it, and summarize the relationships identified. Technically,
data mining is the process of finding correlations (relationships) or patterns among dozens of
fields in large relational databases.
DATA MINING-Example
One Midwest grocery chain used the data mining capacity of Oracle software to analyze
local buying patterns. They discovered that when men bought diapers on Thursdays and
Saturdays, they also tended to buy beer. Further analysis showed that these shoppers typically
did their weekly grocery shopping on Saturdays. On Thursdays, however, they only bought a
few items. The retailer concluded that they purchased the beer to have it available for the
upcoming weekend. The grocery chain could use this newly discovered information in
various ways to increase revenue. For example, they could move the beer display closer to
the diaper display. And, they could make sure beer and diapers were sold at full price on
Thursdays.
Example: IBM Predictive Analysis, Customer Analytics
Marketing
Marketing
Production
Production Human
HumanResource
Resource
Operations
Operations Functio Management
Management
nal
Busines
s
Systems
Accounting
Accounting Finance
Finance
21
Financial
Financial
Information
Information
Systems
Systems
Financial
Financial
Planning
Planning
22
Marketing
Marketing
Information
Information
Systems
Systems
Customer
Customer
Sales
SalesForce
Force Sales
Sales
Interactive Relationship
Relationship
Automation
Automation Management
Management
Marketing Management
Management
Market Advertising
Market Advertising Product
Research and and Product
Research and and Management
Forecasting Promotions Management
Forecasting Promotions
4.Human Resources Management Information System(HRIS):
Help with record keeping and employee evaluation, forecasting and planning the personnel
needs of an organization, maintaining an adequate and satisfactory work force, controlling the
personnel policies.
Information systems designed to support
i. Planning to meet the personnel needs of the business
ii. Development of employees to their full potential
iii. Control of all personnel policies and programs
iv. Recruiting employees using the corporate website and commercial recruiting
services
v. Posting messages in selected Internet newsgroups
vi. Communicating with job applicants via e-mail
23
Intranet
Remote
Worker
Supplier
Extranet
DEVELOPING INFORMATION SYSTEMS
Strategic alignment: The extent to which the project is viewed as helping the organization
achieve its strategic objectives an d long-term goal.
Potential benefits: The extent to which the project is viewed as improving profits, customer
service, and the duration of the benefits
Potential costs and resource availability: The number and types of resources the project
requires and their availability
Project size / duration: The number of individuals and the length of time needed to
complete the project
Technical difficulty / risks: The level of technical difficulty involved to complete the project
within a given time and resources
Maintenance types:
i. Corrective maintenance
ii. Adaptive maintenance
iii. Perfective maintenance
iv. Preventive maintenance
Being Specific ERP systems are large computer systems that integrate application
programs in accounting (i.e., accounts receivable), sales (i.e., order booking),
manufacturing (i.e., product shipping) and the other functions in the firm.
This integration is accomplished through a database shared by all the application
programs.
A typical ERP system will use multiple components of computer hardware and
software to achieve the integration.
A key ingredient of most ERP systems is the use of a unified database to store data for
various system modules.
Broken down into business processes
i. HRM
ii. Distribution
iii. Financials
iv. Manufacturing
Vendors of ERP
i. SAP - Systems Applications Products in Data Processing
ii. BAAN
iii. Peoplesoft
iv. Oracle
v. J.D. Edwards
Limitations of ERP
i. High cost.
ii. Forced change of processes.
iii. Very complex software.
iv. Lack of trained people.
v. Flexibility of software system upgrades.
vi. Implementation timelines.
vii. Availability of internal technical knowledge and resources.
viii. Education and training.
ix. Implementation strategy and execution.
x. Resistance to change.
Cloud Computing
Distributed computing on internet Or delivery of computing service over the internet.
Eg: Yahoo!, GMail, Hotmail
It has three components
i. Client computers ii. Distributed Servers iii. Datacenters
i. Clients
Clients are the device that the end user interact with cloud.
three types of clients:
i. Mobile
ii. Thick
iii. Thin (Most Popular)
29
iii. Datacenter
It is collection of servers where application is placed and is accessed via internet.
ii. Governance- describes the overall management approach through which senior
executives direct and control the entire organization, using a combination of
management information and hierarchical management control structures.
iii. Governance- activities ensure that critical management information reaching the
executive team is sufficiently complete, accurate and timely to enable appropriate
management decision making, and provide the control mechanisms to ensure that
strategies, directions and instructions from management are carried out systematically
and effectively.
Risk management-
i.Risk management- is predicting and managing risks that could hinder the organization to
achieve its objectives.
ii. Risk management- is the set of processes through which management identifies,
analyzes, and, wherever necessary, responds appropriately to risks that might adversely affect
realization of the organization's business objectives. The response to risks typically depends
on their perceived gravity, and involves controlling, avoiding, accepting or transferring them
to a third party.
Whereas organizations routinely manage a wide range of risks (e.g. technological risks,
commercial/financial risks, information security risks etc.), external legal and regulatory
compliance risks are arguably the key issue in GRC.
Compliance
i.Compliance- with the company's policies and procedures, laws and regulations, strong and
efficient governance is considered key to an organization's success.
ii.Compliance- means conforming with stated requirements. At an organizational level, it is
achieved through management processes which identify the applicable requirements (defined
for example in laws, regulations, contracts, strategies and policies), assess the state of
compliance, assess the risks and potential costs of non-compliance against the projected
expenses to achieve compliance, and hence prioritize, fund and initiate any corrective actions
deemed necessary.
INFORMATION SECURITY
What is Information Security?
31
“Information Security protects information from a wide range of threats in order to ensure
business continuity, minimise business damage and maximise return on investment and
business opportunities.”
The Changing Phase of Information Security
Traditional View
i. The domain of a System Administrator
ii. Task of Purchasing a Firewall
iii. Implementing Security Controls was not a compulsion
Modren view
ii. The Domain of the Business Owner
iii. Task of Finding out what is AT RISK and finding right solutions for the same
iv. Business and Security can’t be separated
v. Security Team Consists of Top Management, IT Managers and a Dedicated
Information Security Manager
vi. Plan, Do, Check and Act Model
vii. Integration of Quality Systems Like ISO, CMMI etc with Information Security
Models
Basic components
Monitor and
review the
Informatio ISMS Managed
n security informatio
Check
requireme n security
nts and
22
expectatio
ns
ISO17799:2005 /ISO27001 (earlier
ISO17799:2005 /ISO27001 (earlier BS7799) Framework
BS7799) Framework
Incident
Management
Information
Information
Security
Security
Management
Management
System
System
1. Security Policy
Objective:
33
3.Asset Management
Objective:
Objective:
Prior to employment
During employment
Termination or change of employment
Covers:
Roles and responsibilities
Screening
Terms and conditions of employment
Management responsibilities
Information security awareness, education and training
Disciplinary process
Termination responsibilities
34
Return of assets
Removal of access rights
Objective:
Operational Procedures and responsibilities
Third party service delivery management
System planning and acceptance
Protection against malicious and mobile code
Backup
Network Security Management
Media handling
Exchange of Information
Electronic Commerce Services
Monitoring
Covers:
Documented Operating procedures
Change management
Segregation of duties
7. Access Controls
Objective:
Business Requirement for Access Control
User Access Management
User Responsibilities
Network Access Control
35
The governing principle behind an ISMS is that an organization should design, implement
and maintain a coherent set of policies, processes and systems to manage risks to its
information assets, thus ensuring acceptable levels of information security risk.
COBIT
Control Objectives for Information and Related Technology (COBIT) is a framework
created by ISACA for information technology (IT) management and IT governance. It is a
supporting toolset that allows managers to bridge the gap between control requirements,
technical issues and business risks
COBIT: Governance of
Enterprise IT (GEIT)
Val
IT
Ris
2.0
k
(2008)
IT 2012
(200
9)
COBIT 5 in Overview
COBIT 5 brings together the five principles that allow the enterprise to build an effective
governance and management framework based on a holistic set of seven enablers that
optimises information and technology investment and use for the benefit of stakeholders.
COBIT 5 Principles
38
v. Maturity models: Assess maturity and capability per process and helps to address
gaps.
CMM-Capability Maturity Model
Capability Maturity Model is a bench-mark for measuring the maturity of an organization’s
software process. It is a methodology used to develop and refine an organization’s software
development process. CMM can be used to assess an organization against a scale of five
process maturity levels based on certain Key Process Areas (KPA). It describes the maturity
of the company based upon the project the company is dealing with and the clients. Each
level ranks the organization according to its standardization of processes in the subject area
being assessed.
A maturity model provides:
A place to start
The benefit of a community’s prior experiences
A common language and a shared vision
A framework for prioritizing actions
A way to define what improvement means for your organization
In CMMI models with a staged representation, there are five maturity levels designated
by the numbers 1 through 5 as shown below:
i. Initial
ii. Managed
iii. Defined
iv. Quantitatively Managed
v. Optimizing
Maturity levels consist of a predefined set of process areas. The maturity levels are
measured by the achievement of the specific and generic goals that apply to each
predefined set of process areas. The following sections describe the characteristics of
each maturity level in detail.
40
Maturity Level 1 – Initial: Company has no standard process for software development. Nor
does it have a project-tracking system that enables developers to predict costs or finish dates
with any accuracy.
In detail we can describe it as given below:
i. At maturity level 1, processes are usually ad hoc and chaotic.
ii. The organization usually does not provide a stable environment. Success in these
organizations depends on the competence and heroics of the people in the
organization and not on the use of proven processes.
iii. Maturity level 1 organizations often produce products and services that work but
company has no standard process for software development. Nor does it have a
project-tracking system that enables developers to predict costs or finish dates with
any accuracy.
iv. Maturity level 1 organizations are characterized by a tendency to over commit,
abandon processes in the time of crisis, and not be able to repeat their past successes.
Maturity Level 2 – Managed: Company has installed basic software management processes
and controls. But there is no consistency or coordination among different groups.
In detail we can describe it as given below:
i. At maturity level 2, an organization has achieved all the specific and generic goals of
the maturity level 2 process areas. In other words, the projects of the organization
have ensured that requirements are managed and that processes are planned,
performed, measured, and controlled.
ii. The process discipline reflected by maturity level 2 helps to ensure that existing
practices are retained during times of stress. When these practices are in place,
projects are performed and managed according to their documented plans.
iii. At maturity level 2, requirements, processes, work products, and services are
managed. The status of the work products and the delivery of services are visible to
management at defined points.
iv. Commitments are established among relevant stakeholders and are revised as needed.
Work products are reviewed with stakeholders and are controlled.
v. The work products and services satisfy their specified requirements, standards, and
objectives.
Maturity Level 3 – Defined: Company has pulled together a standard set of processes and
controls for the entire organization so that developers can move between projects more easily
and customers can begin to get consistency from different groups.
In detail we can describe it as given below:
i. At maturity level 3, an organization has achieved all the specific and generic goals.
ii. At maturity level 3, processes are well characterized and understood, and are
described in standards, procedures, tools, and methods.
iii. A critical distinction between maturity level 2 and maturity level 3 is the scope of
standards, process descriptions, and procedures. At maturity level 2, the standards,
process descriptions, and procedures may be quite different in each specific instance
of the process (for example, on a particular project). At maturity level 3, the standards,
process descriptions, and procedures for a project are tailored from the organization’s
set of standard processes to suit a particular project or organizational unit.
iv. The organization’s set of standard processes includes the processes addressed at
maturity level 2 and maturity level 3. As a result, the processes that are performed
across the organization are consistent except for the differences allowed by the
tailoring guidelines.
v. Another critical distinction is that at maturity level 3, processes are typically
described in more detail and more rigorously than at maturity level 2.
41
vi. At maturity level 3, processes are managed more proactively using an understanding
of the interrelationships of the process activities and detailed measures of the process,
its work products, and its services.
vii. The organization’s ability to rapidly respond to changes and opportunities is enhanced
by finding ways to accelerate and share learning. Improvement of the processes is
inherently part of everybody’s role, resulting in a cycle of continual improvement.
viii. A critical distinction between maturity level 4 and maturity level 5 is the type of
process variation addressed. At maturity level 4, processes are concerned with
addressing special causes of process variation and providing statistical predictability
of the results. Though processes may produce predictable results, the results may be
insufficient to achieve the established objectives. At maturity level 5, processes are
concerned with addressing common causes of process variation and changing the
process (that is, shifting the mean of the process performance) to improve process
performance (while maintaining statistical predictability) to achieve the established
quantitative process-improvement objectives.
HIPAA
HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The
primary goal of the law is to make it easier for people to keep health insurance, protect the
confidentiality and security of healthcare information and help the healthcare industry control
administrative costs.
HIPAA is divided into different titles or sections that address a unique aspect of health
insurance reform. Two main sections are Title I dealing with Portability and Title II that
focuses on Administrative Simplification.
The act, which was signed into law by President Bill Clinton in August 1996,
contains five sections, or titles:
1. HIPAA Title I protects health insurance coverage for individuals who lose or
change jobs. It also prohibits group health plans from denying coverage to
individuals with specific diseases and pre-existing conditions, and from
setting lifetime coverage limits.
2. HIPAA Title II directs the U.S. Department of Health and Human Services to
establish national standards for processing electronic healthcare transactions.
It also requires healthcare organizations to implement secure electronic access
to health data and to remain in compliance with privacy regulations set by
HHS.
3. HIPAA Title III includes tax-related provisions and guidelines for medical
care.
4. HIPAA Title IV further defines health insurance reform, including provisions
for individuals with pre-existing conditions and those seeking continued
coverage.
5. HIPAA Title V includes provisions on company-owned life insurance and
treatment of those who lose their U.S. citizenship for income tax purposes.
In IT circles, adhering to HIPAA Title II is what most people mean when they refer
to HIPAA compliance. Also known as the Administrative Simplification provisions,
Title II includes the following HIPAA compliance requirements:
43
HIPAA Privacy Rule. Officially known as the Standards for Privacy of Individually
Identifiable Health Information, this rule establishes national standards to protect
patient health information.
HIPAA Security Rule. The Security Standards for the Protection of Electronic
Protected Health Information sets standards for patient data security.
HIPAA Enforcement Rule. This rule establishes guidelines for investigations into
HIPAA compliance violations.
In 2013, the HIPAA Omnibus Rule was put in place by HHS to implement
modifications to HIPAA in accordance with guidelines set in 2009 by the Health
Information Technology for Economic and Clinical Health (HITECH) Act concerning
the responsibilities of business associates of covered entities. The omnibus rule also
increased penalties for HIPAA compliance violations to a maximum of $1.5 million
per incident.
HIPAA violations can prove quite costly for healthcare organizations. First, the
HIPAA Breach Notification Rule within the omnibus set of regulations requires
covered entities and any affected business associates to notify patients following a
data breach. In addition to the notification costs, healthcare organizations can
encounter fines after HIPAA audits mandated by the HITECH Act and conducted by
the Office for Civil Rights (OCR). Providers could also face criminal penalties
stemming from violations of the HIPAA privacy and security rules.
i. HIPAA allows us to share patient information with any of the patient’s health care
providers without an authorization from the patient.
44
ii. If you are presented with an authorization to release medical information, contact the
Health Information Management Department.
It includes the service auditor's opinion on the fairness of the presentation of the service
organization's description of controls that had been placed in operation and the suitability of
the design of the controls to achieve the specified control objectives.
A Type II service auditor’s report
It includes the information contained in a Type I service auditor's report and also includes the
service auditor's opinion on whether the specific controls were operating effectively during
the period under review.
Difference between Type I and Type II Engagements
i. Type I reports are issued for a specific date and are limited to an inquiry into and
observation of the controls
ii. Type II reports are issued after a minimum six-month testing period have been
completed and is focused on the operating effectiveness of controls
iii. Type I consists of inquiry and observation controls
iv. Type II would include testing of controls
Type I vs. Type II Reports
FEATURES-
i. Statement on Auditing Standards (SAS) No. 70, Service Organizations, was a widely
recognized auditing standard developed by the American Institute of Certified Public
Accountants (AICPA). A service auditor's examination performed in accordance with
46
SAS No. 70 (also commonly referred to as a "SAS 70 Audit") represents that a service
organization has been through an in-depth examination of their control objectives and
control activities, which often include controls over information technology and
related processes. In today's global economy, service organizations or service
providers must demonstrate that they have adequate controls and safeguards when
they host or process data belonging to their customers. In addition, the requirements
of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even
more important to the process of reporting on the effectiveness of internal control
over financial reporting.
ii. For nearly 18 years, SAS No. 70 was the authoritative guidance that allowed service
organizations to disclose their control activities and processes to their customers and
their customers' auditors in a uniform reporting format. The issuance of a service
auditor's report prepared in accordance with SAS No. 70 signifies that a service
organization has had its control objectives and control activities examined by an
independent accounting and auditing firm. The service auditor's report, which
includes the service auditor's opinion, is issued to the service organization at the
conclusion of a SAS 70 examination.
iii. SAS No. 70 provides guidance to enable an independent auditor ("service auditor") to
issue an opinion on a service organization's description of controls through a Service
Auditor's Report (see below). SAS 70 does not specify a pre-determined set of control
objectives or control activities that service organizations must achieve. Service
auditors are required to follow the AICPA's standards for fieldwork, quality control,
and reporting. A SAS 70 Audit is not a "checklist" audit.
iv. SAS No. 70 is generally applicable when an independent auditor ("user auditor") is
planning the financial statement audit of an entity ("user organization") that obtains
services from another organization ("service organization"). Service organizations that
impact a user organization's system of internal controls could be application service
providers, bank trust departments, claims processing centers, data centers, third party
administrators, or other data processing service bureaus.
vi. In 2011, Statement on Standards for Attestation Engagements (SSAE) No. 16 took
effect and replaced SAS 70 as the authoritative guidance for performing a service
auditor's examination. SSAE 16 established a new attestation standard (AT 801) to
contain the professional guidance. You can learn more about SSAE 16 at
www.ssae16.com. At the same time, the AICPA also launched a new Service
Organization Controls (SOC) reporting framework designed to allow practitioners to
provide different types of reports depending on the needs of service organization and
their stakeholders.
Candidates for SAS 70 Audits
i. Claims processing centers
ii. Trust/benefit plan administrators
iii. Data centers
iv. Application service providers
v. Payroll processors
vi. Internet service providers
Sarbanes-Oxley Act
The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation passed by the U.S.
Congress to protect shareholders and the general public from accounting errors and
fraudulent practices in the enterprise, as well as improve the accuracy of corporate
disclosures. The U.S. Securities and Exchange Commission (SEC) administers the act, which
sets deadlines for compliance and publishes rules on requirements.
48
ii. The Sarbanes-Oxley Act not only affects the financial side of corporations, but also IT
departments charged with storing a corporation's electronic records. The act is not a
set of business practices and does not specify how a business should store records;
rather, it defines which records should be stored and for how long. SOX states that all
business records, including electronic records and electronic messages, must be saved
for "not less than five years." The consequences for noncompliance are fines,
imprisonment or both.
iii. IT departments are increasingly tasked with creating and maintaining a corporate
records archive in a cost-effective fashion that satisfies the requirements put forth by
the legislation.
Section 802 of Sarbanes-Oxley contains the three rules that affect the management of
electronic records.
The first rule deals with the destruction, alteration or falsification of records, and the
resulting penalties.
The second rule defines the retention period for records storage. Best practices indicate that
corporations securely store all business records using the same guidelines set for public
accountants.
The third rule refers to the type of business records that need to be stored, including all
business records and communications, including electronic communications.
iv. The bill, which contains eleven sections, was enacted as a reaction to a number of
major corporate and accounting scandals, including Enron and Worldcom. The
sections of the bill cover responsibilities of a public corporation’s board of directors,
adds criminal penalties for certain misconduct, and required the Securities and
Exchange Commission to create regulations to define how public corporations are to
comply with the law.
v.
49
IT ACT 2008
i. In the year 2000,India enacted its first law on Information Technology namely, the
Information Technology Act, 2000.
ii. The IT Act ,2000 is based on the Model law of E-commerce adopted by UNCITRAL
in 1996.
iii. The preamble to the IT Act ,2000 points out a three fold objective , firstly, to provide
legal recognition for transactions carried out through electronic means, secondly, to
facilitate the electronic filing of documents with government agencies, and thirdly to
amend certain Acts, interalia, the Indian Penal Code,1860, Indian Evidence Act, 1872
.
iv. The IT Act, 2000 gave legal validity and recognition to electronic documents and
digital signatures and enabled conclusion of legally valid & enforceable e-contracts.
v. It also provided a regulatory regime to supervise the Certifying Authorities issuing
digital signature certificates and created civil and criminal liabilities for contravention
of the provisions of the IT Act,2000.
vi. With the passage of time, as technology developed further and new methods of
committing crime using Internet & computers surfaced, the need was felt to amend
the IT Act,2000 to insert new kinds of cyber offences and plug in other loopholes that
posed hurdles in the effective Enforcement of the IT Act,2000 .
vii. This led to the passage of the Information Technology ( Amendment) Act, 2008 which
was made effective from 27 October 2009. The IT Amendment) Act,2008 has brought
marked changes in the IT Act,2000 on several counts
Electronic contracts can add the element of speed and efficiency to the contracting process.
2. INTEGRITY
Integrity is concerned with the accuracy and completeness of the communication.
Both senders and receivers of electronic communications must be able to tell: is the
message sent identical to the message received?, is the message complete or has
something been lost in transmission?, has the message been altered in any way either
in transmission or in storage? Messages sent over the Internet pass through many
routing stations and packet-switching nodes. Hence, there are many opportunities for
messages to be altered along the way to their final destination.
3. NONREPUDIATION
Nonrepudiation is concerned with holding the sender to the communication he or she
sent. The sender should not be able to deny having sent the communication if he or
she did, in fact, send it, or to claim that the contents of the communication as received
are not the same as what the sender sent if, in fact, they are what was sent. When a
contract is in dispute, the party relying on it must be able to prove that the other side
actually agreed to the deal.
4. WRITING AND SIGNATURE
As a general rule, contracts do not have to be in writing or even signed by either party
to be enforceable. Contracts may be formed by conduct of the parties and may be oral
unless they fall under the Statute of Frauds. The Statute of Frauds is a series of
statutes that have been passed in most states that require that certain types of contracts
must be in writing to be enforceable.
5. A signature is "any symbol executed or adopted by a party with present intention to
authenticate a writing”. Therefore, a signature need not be ink on paper -- rather, the
issue is the intent of the signer. A symbol or code on an electronic record, intended as
a signature by the signer, should meet the statute of frauds requirement.
6. CONFIDENTIALITY:
Confidentiality is concerned with controlling the disclosure of information. Corporate
meeting planners for instance may not want the general public to know about the
content of the upcoming meeting that concerns a new product. Suppliers may not
want everyone to know the special rates being quoted to a particular group.
Digital Signature
A digital signature is a mathematical scheme for demonstrating the authenticity of a digital
message or document. A valid digital signature gives a recipient reason to believe that the
message was created by a known sender, such that the sender cannot deny having sent the
message (authentication and non-repudiation) and that the message was not altered in transit
(integrity). Digital signatures are commonly used for software distribution, financial
transactions, and in other cases where it is important to detect forgery or tampering
OR
A digital signature (not to be confused with a digital certificate) is a mathematical technique
used to validate the authenticity and integrity of a message, software, or digital document.
The digital equivalent of a handwritten signature or stamped seal, but offering far more
inherent security, a digital signature is intended to solve the problem of tampering and
impersonation in digital communications. Digital signatures can provide the added assurances
of evidence to origin, identity and status of an electronic document, transaction or message,
as well as acknowledging informed consent by the signer.
Digital signatures are based on public key cryptography, also known as asymmetric
cryptography. Using a public key algorithm such as RSA, one can generate two keys
that are mathematically linked: one private and one public. To create a digital signature,
53
signing software (such as an email program) creates a one-way hash of the electronic
data to be signed. The private key is then used to encrypt the hash.
A sender must first create a public-private key pair before an electronic communication
can be digitally signed. The sender discloses his or her public key to the recipient. The
private key is kept confidential by the sender and is used for the purpose of creating a
digital signature.
Cybercrime
Cybercrime, also called computer crime, the use of a computer as an instrument to further
illegal ends, such as committing fraud, trafficking in child pornography and intellectual
property, stealing identities, or violating privacy. Cybercrime, especially through the Internet,
has grown in importance as the computer has become central to commerce, entertainment,
and government.
OR
Cyber crime encompasses any criminal act dealing with computers and networks (called
hacking). Additionally, cyber crime also includes traditional crimes conducted through the
Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit
card account thefts are considered to be cyber crimes when the illegal activities are
committed through the use of a computer and the Internet.
3. Denial of Service Attacks: This is an act by the criminals who floods the bandwidth of the
victims network or fills his E-mail box with spam mail depriving him of the service he/she is
entitled to access or provide. Many DOS attacks, such as the ping of death and Tear drop
attacks.
A denial of service (DoS) attack is a malicious attempt to make a server or a network
resource unavailable to users, usually by temporarily interrupting or suspending the
services of a host connected to the Internet.
A teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented
packets to a target machine. Since the machine receiving such packets cannot
reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets
overlap one another, crashing the target network device.
4. Virus Dissemination/Virus Builders: Virus incidents have resulted in significant and data
loss at some stage or the other. The loss could be on account of: -
Viruses - A virus is a programm that may or may not attach itself to a file and
replicate itself. It can attack any area: from corrupting the data of the file that it
invades, using the computer's processing resources in attempt to crash the machine
and more.
Worms - Worms may also invade a computer and steal its resources to replicate
themselves. They use the network to spread themselves. "Love bug“ is a recent
example
Trojan horse - Trojan horse is dicey. It appears to do one thing but does something
else. The system may accept it as one thing. Upon execution, it may release a virus,
worm or logic bomb.
5. Computer Vandalism: Damaging or destroying data rather than stealing or misusing them
is called cyber vandalism. These are program that attach themselves to a file and then
circulate.
6. Cyber terrorism: Terrorist attacks on the Internet is by distributed denial of service
attacks, hate website and hate E-mails, attacks on service network etc.,
7. Software Piracy: Theft of software through illegal copying of genuine programs or the
counterfeiting and distribution of products intended to pass for the original.
8.Web Jacking: This occurs when someone forcefully takes control of a website (by
cracking the password and later changing it). The actual owner of the website does not have
any more control over what appears on that website.
Certifying Authorities issue Digital Certificates that are appropriate to specific purposes or
applications. Certificate Policies describe the different classes of certificates issued by the
CA, the procedures governing their issuance and revocation and terms of usage of such
certificates and among other things the rules governing the different uses of these certificates.
Forensic process: Computer forensic investigations usually follow the standard digital
forensic process or phases: acquisition, examination, analysis and reporting. Investigations
are performed on static data (i.e. acquired images) rather than "live" systems. This is a change
from early forensic practices where a lack of specialist tools led to investigators commonly
working on live data.
ITIL 2007 has five volumes, published in May 2007, and updated in July 2011 as ITIL
2011 for consistency:
The Five Volumes :
i. ITIL Service Strategy: understands organizational objectives and customer needs.
ii. ITIL Service Design: turns the service strategy into a plan for delivering the business
objectives.
iii. ITIL Service Transition: develops and improves capabilities for introducing new
services into supported environments
iv. ITIL Service Operation: manages services in supported environments.
v. ITIL Continual Service Improvement: achieves services incremental and large-scale
improvements
ISAE 3402/SA
International Standard on Assurance Engagements (ISAE) No. 3402, Assurance Reports on
Controls at a Service Organization, was issued in December 2009 by the International
Auditing and Assurance Standards Board (IAASB), which is part of the International
Federation of Accountants (IFAC).
56
ISAE 3402 was developed to provide an international assurance standard for allowing public
accountants to issue a report for use by user organizations and their auditors (user auditors)
on the controls at a service organization that are likely to impact or be a part of the user
organization’s system of internal control over financial reporting.
Cyber Security
Cyber Security involves protection of sensitive personal and business information through
prevention, detection and response to different online attacks. Cyber security actually
preventing the attacks, cyber security.
Computer security is that branch of information technology which deals with the protection
of data on a network or a stand-alone desktop. As every organization is dependent on
computers, the technology of its security requires constant development.
Software Security:
Network Security:
Computer networks are an integral part of any organization these days, as they facilitate the
free flow of data and services to the authorized users. However, such networks also pose a
security threat in case the data is classified and confidential, thus making network security a
vital necessity.
Threats:
As the data is available only for authorized users, it is possible for hackers to pretend to be
one, by providing the correct user name and password. Computer network security can be
disrupted or encroached in the following ways:
Trojan Horse :Trojan horse is common and one of the most potential threats to computer
security. They are malicious and security-breaking programs, disguised as something which is
considered as non-malicious by the security software. They are a useful tool for hackers who
try to break into private networks. Hackers generally attach Trojan horse to a file, which
triggers a virus or remotely controlled software, giving the hacker complete control over the
computer.
Viruses and Worms :Viruses and worms are well-known for their destructive nature and the
property of replicating themselves. They are basically pieces of computer program codes,
which are written by hackers and other computer geniuses.
Sniffing: Sniffing is the act of intercepting TCP/IP packets while they are getting transferred
on a network. The interception generally takes place through simple eavesdroping done by a
hacker.
Protection:
Firewall:
It is one of the most essential type of network security in today's world of Internet. Firewall is
a filter that prevents fraud websites from accessing your computer and damaging the data.
However, a firewall is not a great option for securing the servers on the Internet because the
main objective of a server is granting access to unknown users to connect to various web
pages.
Security Software
Along with firewall, installing a good anti-virus and security software to enhance the security
level of the computer system is a good protection method.
Data Security:
Threat:
Although uncommon, hardware malfunction can prove to be a major threat to your data in the
computer. The life span of hard disks is always limited because of surrounding factors and
this can amount to a severe loss of all your files saved on the disk, if there is no proper
backup of those files made on any other system.
Protection:
Keep Backup:
It is important to avoid data and information loss in case of hard disk crashes. The only
solution is to regularly keep backups of all the data on other media such as magnetic tapes,
CD-ROM, etc. It is a good practice to store the media off-site and in case of a disk crash,
restore the information from the backup media onto the new disk. In case a backup media is
not affordable, one should try to store the files on at least two different media devices. These
media devices should be systematically kept at a place which is safe and secured, as the
information contained may be confidential. People usually have backup for database files,
spreadsheet files and large documents. As the technical constraints are always there, it is
better to take regular backups, in order to avoid any loss of information.
Clean-up Software
Install a software program on the computer that will clear all the old, unused files and registry
keys. It will also help to detect malware and save the computer from a severe damage caused
by it. Keep the system in the loop of latest updates and security alerts or else, it will become
vulnerable to security threats.
58
Firewall
A firewall is a network security system, either hardware or software based, that controls
incoming and outgoing network traffic based on a set of rules.
A firewall acts to provide secured access between two networks. A firewall may be
implemented as a standalone hardware device or in the form of a software on a client
computer or a proxy server
The two types of firewall are generally known as the hardware firewall and the software
firewall
A computer may be protected by both a hardware and a software firewall
59
MODULE – 4 DBMS
DBMS
INTRODUCTION
Database
Examples of Database
i. Telephone book
ii. T.V. Guide
iii. Airline reservation system
iv. Motor vehicle registration records
v. Papers in your filing cabinet
vi. Files on your computer hard drive.
i. Database is logically related data. The elements of database are data, data items,
relationships, constraints and schema.
60
ii. Data: A collection of facts, such as values or measurements. Eg-Data about Students,
Teachers and Courses, audio, video etc.,
iii. Data Items: Unit of data contained in a record, describing a particular attribute/field
(such as name, age, address) of a particular entity
NOTE: Data that have been processed in such a way as to increase the knowledge of the
person who uses the data is known as Information.
SCHEMA EXAMPLE
Definition-DBMS
Advantages of DBMS
i. Data sharing & Multiple Access: In database, data is stored in a centralized area and
it can be accessed by different users. So data can be accessed by users and they can
insert, update, select the data from or to the database. Therefore, data can be shared in
the database.
iii. Reliability: Database can be accessed by different users. However due to some
hardware failures or software failures or some improper accessing of data may cause
loss of data. In such cases, a backup copy of database is maintained and this should be
the copy of recently taken backup. By doing this, reliable information can be provided
to the users.
iv. Data Security & Privacy: Data and information to an organization is important
.Security is a concept used to protect the database from accidental misuse or damages.
Privacy includes authorizations, which allow a certain user to access only that portion
of the database on which he/she is allowed to perform valid operations. With proper
implementation of privacy and security, the different users who should access which
portion of the database can be clearly defined.
vi. Data Independence: In a DBMS system, the application programs are independent of
the structure of data. Because the structure of the data with its definition is present in
system catalog(file), any changes in the structure of data will not affect the access
programs. This property is called program data independence.
vii. Data Redundancy: Redundancy is a concept where the same data get repeated in
various portions of the database due to certain inconsistent operations. Control in
redundancy is the basic necessity of any database.
viii. Flexibility: DBMS must be flexible to accept any structural changes. Suppose the end
user needs change, accordingly the database has to be changed to meet the needs of
the user. Most DBMS allow alterations in their structure without affecting the stored
data and existing application programs.
Disadvantages of DBMS
i. The main disadvantage is in terms of the cost. The cost basically includes cost for
development, cost to upgrade the hardware and the cost to maintain the system
ii. Additional processing involved to implement concepts such as data integrity, data
security, data sharing etc.,
iii. Complex procedures have to be used to incorporate concepts of backup and recovery.
i. File management system: Here the data is stored in form of flat files. This files
stores data without indexing. This system lack flexibility in data manipulation.
ii. Related database management system {RDBMS}: It manipulates data in more
sophisticated ways. RDBMS avoids redundancy in data and defines the relationship
between sets of data. The relationship is a common element {unique identifier}
between tables. In RDBMS, data is stored in the form of tables.
Applications of DBMS
Distributed Database:
A distributed database is a database in which storage devices are not all attached to a
common processing unit such as the CPU. It may be stored in multiple computers, located in
the same physical location; or may be dispersed over a network of interconnected computers.
Collections of data (e.g. in a database) can be distributed across multiple physical locations.
Mobile Databases:
A mobile database is either a stationary (fixed) database that can be connected to by a
mobile computing device - such as smart phones or PDAs - over a mobile network, or a
database which is actually carried by the mobile device. This could be a list of contacts, price
information, distance travelled, financial marketing reporting etc.,
9. Security problems
a. Hard to provide user access to some, but not all, data
b. Database systems offer solutions to all the above problems
RDBMS
Functions of DBMS
i. Data Definition: The DBMS provides functions to define the structure of the data in
the application. These include defining and modifying the record structure, the type
and size of fields and the various constraints to be satisfied by the data in each field.
ii. Data Manipulation: Once the data structure is defined, data needs to be inserted,
modified or deleted. These functions which perform these operations are part of
DBMS. These functions can handle plashud and unplashud data manipulation needs.
Plashud queries are those which form part of the application. Unplashud queries are
ad-hoc queries which performed on a need basis.
iii. Data Security & Integrity: The DBMS contains modules which handle the security
and integrity of data in the application.
iv. Data Recovery and Concurrency: Recovery of the data after system failure and
concurrent access of records by multiple users is also handled by DBMS.
v. Data Dictionary Maintenance: Maintaining the data dictionary which contains the
data definition of the application is also one of the functions of DBMS.
vi. Performance: Optimizing the performance of the queries is one of the important
functions of DBMS
i. The END User who uses the application. Ultimately he is the one who actually puts
the data into the system into use in business. This user need not know anything about
the organization of data in the physical level.
ii. System Analyst & The Application Programmers: Application Programmers are
who develops the application programs. He/She has more knowledge about the data
and its structure. He/she can manipulate the data using his/her programs. System
Analyst also known as Software Engineers, determines the requirement off end user
and develop specifications(requirements) for transactions.
iii. The Data base Administrator (DBA) who is like the super-user of the system. The
job of DBA is to plan, design, create, modify and maintain the database with special
emphasis on security and integrity.
iv. Database Designer: are those who identify the data to be stored in the database and
choosing appropriate structures to represent and store these data
i. CASUAL END USERS: are the end users who occasionally access the database.
Each time they may require different information from the database.-Ex-Bank
Managers
ii. NAÏVE OR PARAMETRIC END USERS: are the end users who constantly make
use of the database, querying and updating database. Ex-Bank Clerk, Reservation
Clerk-Airlines etc.,
iii. SOPHISTICATED END USERS: include engineers, scientists, business analyst,
who thoroughly familiarize with the facilities of DBMS to meet their requirements
iv. STAND-ALONE USERS: Maintain personal database by using readymade packages
that provide easy to use using menu or graphics based interface. Ex-Tax package
i. Defining the schema: The DBA defines the schema which contains the structure of
the data in the application. The DBA determines what data needs to be present in the
system and how this data has to be presented and organized.
ii. Liaising with users: The DBA needs to interact continuously with the users to
understand the data in the system and its use.
iii. Defining Security & Integrity checks: The DBA finds about the access restrictions
to be defined and defines security checks accordingly. Data Integrity checks are
defined by the DBA.
iv. Defining Backup/Recovery Procedures: The DBA also defines procedures for
backup and recovery. Defining backup procedure includes specifying what data is to
be backed up, the periodicity of taking backups and also the medium and storage
place to backup data.
v. Monitoring performance: The DBA has to continuously monitor the performance of
the queries and take the measures to optimize all the queries in the application.
vi. Stored Database Definition (Metadata) is the location where data type, structure,
constraints for the data specified by the database designer is stored.
vii. Stored database is the physical location in memory where the database is stored.
viii. Application programs/queries that are written by the user or programmer are
processed by the DBMS software so as to perform the required function.
ix. Whenever a request to access data is made, a part of the DBMS software first refers to
the metadata to access the structure and hence determines the size and position so as
to access data from the stored database.
Architecture of DBMS
67
The three levels of the architecture are three different views of the data:
i. External - individual user view
ii. Conceptual - community user view
iii. Internal - physical or storage view
DATA MODELS
Data model is a collection of concepts that can be used to describe the structure of a database
which provides the necessary means to achieve the abstraction. The structure of a database
means that holds the data.
data types
relationships
68
constraints
High Level-conceptual data model: User level data model is the high level or
conceptual model. This provides concepts that are close to the way that many users
perceive data.
Low level-Physical data model : provides concepts that describe the details of how
data is stored in the computer model. Low level data model is only for Computer
specialists not for end-user.
Representation data model: It is between High level & Low level data model which
provides concepts that may be understood by end-user but that are not , too far
removed from the way data is organized by within the computer.
The most common data models/ Representation data model/(5 fundamental database
structure) are:
c. Hierarchical Model /structure: A hierarchical data model is a data model which the
data is organized into a tree like structure. The structure allows repeating information
using parent/child relationships: each parent can have many children but each child
only has one parent. All attributes of a specific record are listed under an entity type.
Recent database trends include the growth of distributed databases and the emergence
of object-oriented and hyper-media databases.
b. Object Oriented and Hybrid Models: These models have emerged in an attempt to
store, search and manipulate data about objects, which have complex inner data
70
d. Data Warehouse :A data warehouse is a database, with tools, that stores current and
historical data of potential interest to managers throughout the company. The data
originates in many core operational systems and external sources and are copied into
the data warehouse databases as often as needed. The data is standardized and
consolidated so that it can be used across the enterprise for management analysis and
decision-making.
e. Linking Databases to the Web : There are a number of advantages to using the Web
to access an organization's internal database. Web browser software is extremely easy
to use, requiring much less training than even user-friendly database query tools. The
web interface requires no changes to the legacy database.
f. Mobile Database: A mobile database is either a stationary database that can be
connected to by a mobile computing device - such as smart phones or PDAs - over a
mobile network, or a database which is actually carried by the mobile device. This
could be a list of contacts, price information, distance travelled, or any other
information.
DBMS Languages
71
NOTE: In some DBMSs, separate storage definition language (SDL) and view definition
language (VDL) are used to define internal and external schemas.
i. Data Definition Language (DDL): Used by the DBA and database designers to
specify the conceptual schema of a database(database structure)
In many DBMSs, the DDL is also used to define internal and external schemas
(views). DDL Commands: CREATE, ALTER, DROP, TRUNCATE,
RENAME
ii. Data Manipulation Language (DML): Used to specify database retrievals and
updates .DML commands (data sublanguage) can be embedded in a general-purpose
programming language (host language), such as COBOL, C, C++, or Java. DML
Operations: SELECT, INSERT, UPDATE, DELETE, LOCK TABLE
iii. Data Control Language(DCL): A data control language is a computer language and
a subset of SQL, used to control access to data in a database. Ex: GRANT-gives user’s
access privileges & REVOKE-withdraw access privileges.
iv. Transaction Control Language(TCL): Used to manage the changes made by DML
statements. Ex-COMMIT-save work done, ROLLBACK-restore database to original
since the last COMMIT.
Types of DML:
COMPONENTS OF DBMS
72
i. Data Dictionary: is a more general software utility used by designers, users and
administrators for information resource management. It is an electronic document
which contain data elements. It describes the data, their characteristics, identifies data
origin, ownership, security, and methods of accessing of data.
ii. Data Mining: Data mining (sometimes called data or knowledge discovery) is the
process of analyzing data from different perspectives and summarizing it into useful
information - information that can be used to increase revenue, cuts costs, or both.
Data mining software is one of a number of analytical tools for analyzing data. It
allows users to analyze data from many different dimensions or angles, categorize it,
and summarize the relationships identified.
iii. Data warehousing: stores and manages the data required to analyze historical(past)
and current business circumstances from various operational databases of an
organization for business analysis, market research, decision support and data mining
applications.
iv. Data Marts: A data mart is a body of DSS data for a department that has an
architectural foundation of a data warehouse. It can be regarded as subset of Data
Warehouse.
i. Character datatypes: The char datatype is used when a fixed length character string is
required. It can store alphanumeric values
ii. Varchar2 datatypes: The varchar2( ) datatype supports a variable length character
string. It also stores alphanumeric values.
iii. Long datatypes: This datatype is used to store variable character length. Maximum
size is 2GB
iv. Number datatypes: The number datatypes can store positive numbers, negative
numbers, zero
v. Date datatypes: Date datatype is used to store data and time in a table. Default date
datatype is “dd-mon-yy”.
vi. Raw datatypes: Raw datatype is used to store byte oriented data like binary data or
byte strings
73
vii. Long raw datatypes: Long Raw datatype is used to store binary data of variable
length, which can have a maximum size of 2GB.
viii. LOB datatypes: LOB is otherwise know as Large Object Data types. This can store
unstructured information such as sound clips, video files etc., upto 4 gigabytes in size.
ix. CLOB: A column with its datatype as CLOB stores character objects with single byte
characters. It cannot contain character sets of varying widths.
The data type specifies what type of data the column can hold.
SQL Constraints
Constraints are used to limit the type of data that can go into a table.
Constraints can be specified when a table is created (with the CREATE TABLE
statement) or after the table is created (with the ALTER TABLE statement).
We will focus on the following constraints:
i. NOT NULL
ii. UNIQUE
iii. PRIMARY KEY
iv. FOREIGN KEY
v. CHECK
vi. DEFAULT
SQL Constraints
74
• The NOT NULL constraint enforces a column to NOT accept NULL values.
• The NOT NULL constraint enforces a field to always contain a value. This means that
you cannot insert a new record, or update a record without adding a value to this field.
• The PRIMARY KEY constraint uniquely identifies each record in a database table.
• Primary keys must contain unique values.
• A primary key column cannot contain NULL values.
• Each table should have a primary key, and each table can have only one primary key.
It is possible to delete all rows in a table without deleting the table. This means that the table
structure, attributes, and indexes will be intact:
The DISTINCT keyword can be used to return only distinct (different) values.
The WHERE clause is used to extract only those records that fulfill a specified criterion.
77
• The AND operator displays a record if both the first condition and the second
condition is true.
• The OR operator displays a record if either the first condition or the second condition
is true
What if we only want to delete the data inside the table, and not the table itself?
• To delete a column in a table, use the following syntax (notice that some database
systems don't allow deleting a column):
• To change the data type of a column in a table, use the following syntax
79
The MAX() function returns the largest value of the selected column.
The MIN() function returns the smallest value of the selected column.
SQL Wildcards
The GROUP BY statement is used in conjunction with the aggregate functions to group the
result-set by one or more columns.
81
The HAVING clause was added to SQL because the WHERE keyword could not be used
with aggregate functions.
SQL JOIN
The JOIN keyword is used in an SQL statement to query data from two or more
tables, based on a relationship between certain columns in these tables.
Tables in a database are often related to each other with keys.
82
A primary key is a column (or a combination of columns) with a unique value for
each row. Each primary key value must be unique within the table. The purpose is to
bind data together, across tables, without repeating all of the data in every table.
SIMPLE JOIN: Return rows when there is at least one match in both tables
LEFT JOIN: Return all rows from the left table, even if there are no matches in the
right table
RIGHT JOIN: Return all rows from the right table, even if there are no matches in the
left table
FULL JOIN: Return rows when there is a match in one of the tables
SIMPLE JOIN
Simple join is the most common type of join. It retrieves rows from two tables having
common column and is further classified into equi-join and non equi-join.
EQUI-JOIN: A join which is based on equalities, is called an equi-join. The equi-join
combines rows that have equivalent values for the specified columns.
NON EQUI-JOIN: A non equi-join specifies the relationship between columns belonging to
different tables by making use of relational operators (>, <, <=, >=,,<>) other than =
Example: select itemdesc, max_level, qty_ord, qty_deld from itemfile, order_detail where
((itemfile.max_level < order_detail.qty_ord) and
itemfile.itemcode=order_detail.itemcode));
The UNION operator is used to combine the result-set of two or more SELECT
statements.
Notice that each SELECT statement within the UNION must have the same number
of columns. The columns must also have similar data types. Also, the columns in each
SELECT statement must be in the same order. Note: The UNION operator selects
only distinct values by default. To allow duplicate values, use UNION ALL.
SQL Views
DUPLICATE TABLE
Spread Sheet
INTRODUCTION to MS-EXCEL
Features of MS-Excel:-
1. Hyperlink:- One file can be linked to another file or page with the use of Excel
2. Clip art:- Images, audio, video clips can be added here
3. Charts:- Various types of charts can be added and show to the clients about product
evaluation. For example which product sale is more or less in this month.
4. Tables:- Tables are created with different fields eg -name, age, address, roll no, and thus
add a table to fill these values.
5. Functions:- MATHEMATICAL: Add, subtract, div, multiply.
LOGICAL: average, sum, mod, product can be added
6.Images and Backgrounds:- Images and backgrounds can be added in sheet
7. Macros:- Macros are used for recording events for further use.
8. Database:- Add database from other sources with data feature
9. Sorting and Filter:- It is possible to sort and filter data so that repetitions can be removed
10. Data Validations:- In data tools, data validations can be used to check for accuracy of
input data
11. Grouping:- This features helps to group, ungroup subtotal etc.,
12: Page layout:- In this themes, colors, sheets, margins, size, backgrounds, breaks, print,
titles, sheets height, width, scaling, gridness, headings, views, bring to front of font or back
alignment etc can be used.
Worksheet
i. It is the area where data is entered and used in excel .
ii. A worksheet is also called as a spread sheet.
iii. It is made up of row and columns.
iv. The rows are numbered and columns are named as a cell.
v. There are a 65536 rows and 256 columns.
File Menu
i. When first opening Excel a worksheet will automatically appear. However, if you
desire to open a file that you previously worked on go to the “File” option located in
the top left corner. Select “Open.”
ii. To create a new worksheet go to the “File” option and select “New.”
iii. To save the work created go to the “File” option and select “Save.”
iv. To close an existing worksheet go to the “File” option and select “Close.”
v. To exit the program entirely go to the “File” option and select “Exit.”
Edit Menu
i. Among the many functions, the Edit Menu allows you to make changes to any data
that was entered. You can:
ii. Undo mistakes made. Excel allows you to undo up to the last 16 moves you made.
iii. Cut, copy, or paste information.
iv. Find information in an existing workbook
v. Replace existing information.
Format Menu
i. You can change the colors, borders, sizes, alignment, and font of a certain cell by
going to the “Cell” option in the Format Menu.
ii. You can change row and column width and height in the “Row” and “Column”
options.
iii. You can rename worksheets and change their order in the “Sheet” option.
iv. The “AutoFormat” option allows you to apply pre-selected colors, fonts, and sizes to
entire worksheets.
View Menu
i. You can change the view of your work so that it is page by page.
86
i. The Help Menu is used to answer any questions you many have with the program.
ii. You can also get online assistance if it is needed.
iii. The Office Assistant is a shortcut to the Help Menu. You can ask the assistant a
question and it will take you directly to an index of topics that will help you solve
your problem.
Excel Worksheets
With Excel, you will be working with different worksheets within a workbook. Often
times it is necessary to name the different worksheets so that it is easier to find them. To do
so you must:
1_Double click to highlight an existing worksheet
2_Type in what you would like to rename the worksheet
Entering Formulas
• When entering numerical data, you can command Excel to do any mathematical
function.
• Start each formula with an equal sign (=). To enter the same formulas for a range of
cells, use the colon sign “:”
ADDITION FORMULAS
SUBTRACTION FORMULAS
• To subtract cells, use the “-” sign.
DIVISION FORMULAS
• To divide cells, use the “/” sign.
MULTIPLICATION FORMULAS
• To multiply cells, use the “*” sign.
Formatting Workbooks
i. To add borders to cells, you can select from various border options.
ii. To add colors to text or cells, you can select the text color option or the cell fill
option, then select the desired color.
iii. To change the alignment of the cells, highlight the desired cells and select any of
the three alignment options.
87
iv. To check the spelling of your data, highlight the desired cells and click on the
spell check button.
v. When entering dollar amounts, you can select the cells you desire to be currency
formatted, then click on the “$” button to change the cells.
vi. You can bold, italicize, or underline any information in the cells, as well as change
the styles and fonts of those cells.
vii. To check the spelling of your data, highlight the desired cells and click on the
spell check button.
viii. When entering dollar amounts, you can select the cells you desire to be currency
formatted, then click on the “$” button to change the cells.
ix. You can bold, italicize, or underline any information in the cells, as well as change
the styles and fonts of those cells.
Creating Charts
i. With the Excel program you can create charts with the “Chart Wizard.”
ii. Step 1: Choose a chart type.
iii. Step 2: Highlight the data that you wish to be included in the chart.
iv. Step 3: Change chart options. Here you can name the chart and the axes, change the
legend, label the data points, and many other options.
v. Step 4: Choose a location for the chart.
Freezing Panes
If you need the information in one column to freeze, while still being able to scroll
through the rest of the data follow these instructions:
Printing
Basic functions
i. Mathematical functions.
ii. Date and time functions.
88
Results:
Formulas:
Results:
Date Function
Examples
94
Month Function
Examples
Year Function
95
Examples
Time Function
Examples
Hour Function
96
Examples
Minute Function
Examples
Second Function
97
Examples
Statistical functions
98
Excel Average Function
99
Examples
• The text value "text", the logical value FALSE, and the error value #N/A are not
counted by the function.
• The example in cell C3 uses two ranges that intersect, and both ranges include the cell
A1. In this case, Excel counts the cell A1 (which DOES contain a numeric value)
twice - once for each range that it is contained in.
• Cells A2 - A11 of the spreadsheet on the left contain the ages of a group of children.
The formula bar at the top of the spreadsheet shows the Excel Frequency function
used to count the number of children falling into three different age ranges.
• The bins, specified in cells B2 - B3, specify the maximum values for the first two
ranges. Therefore, in this example, the ages are to be split into the ranges 0-4 years, 5-
8 years and 9 years+.
• The Frequency function in this example returns an array of length 3, and so it has
been entered into cells C2-C4 of the spreadsheet. The format of the function is shown
in the formula bar at the top of the spreadsheet - note that the curly braces indicate
that the function has been entered as an Array Formula.
In probability theory and statistics, variance measures how far a set of numbers is spread out.
A variance of zero indicates that all the values are identical. Variance is always non-negative:
a small variance indicates that the data points tend to be very close to the mean (expected
value) and hence to each other, while a high variance indicates that the data points are very
spread out around the mean and from each other.
range - The range of cells that should be tested against the supplied criteria and counted if
the criteria is satisfied.
criteria - A user-defined condition that is tested against each of the cells in the range.
Note that, if a cell contains an empty text string or a formula that returns an empty text string,
this cell is counted as a non-blank by the Counta function.
PERCENTILE( array, k )
array - The range of data values for which you want to calculate the k'th percentile
107
i. number - The value for which you want to find the rank
ii. ref - An array of values containing the supplied number
iii. [order] - An optional argument which defines whether the ref list should be ordered in
ascending or descending order
The [order] argument can take the value 0 or 1, meaning : 0 - denotes descending
order 1 - denotes ascending order
iv. If the [order] argument is omitted, it will take the default value of 0 (ie. descending
order). Any non-zero value is treated as the value 1 (ie. ascending order)
i. array - The range of data values for which you want to calculate the specified quartile
ii. quart - An integer between 0 and 4, representing the required quartile.
(if the supplied value of quart is not an integer, it is truncated)
Logical Functions
109
1 FALSE
2 TRUE
3 TRUE
4 FALSE
5 FALSE
6 TRUE
NOTE:
The Xor function returns TRUE if an odd number of the supplied conditions evaluate to
TRUE, and returns FALSE otherwise.
111
112
Financial Functions
113
The syntax of the function is : FV( rate, nper, [pmt], [pv], [type] ) Where the arguments
are as follows:
FV Function Example
114
The payments are made monthly, so we have had to convert the annual interest rate of
5% into the monthly rate (= 5%/12), and the 5-year period needs to be input as a
number of months (= 60)
As the present value is zero, and the payment is to be made at the end of the month,
the [pv] and [type] arguments can be omitted from the above function.
As the monthly payments are paid out, they are input to the function as negative
values.
The syntax of the function is : PV( rate, nper, pmt, [fv], [type] ) where the arguments are
as follows:
PV Function Example
115
• The payments are made monthly, so we have had to convert the annual interest rate of
5% into the monthly rate (=5%/12), and the 5-year period needs to be input as a
number of months (=60)
• As the forecast value is zero, and the payment is to be made at the end of the month,
the [fv] and [type] arguments can be omitted from the above function.
• As the initial investment is paid out, the calculated present value is a negative cash
amount.
The syntax of the function is : PMT( rate, nper, pv, [fv], [type] ) where the arguments are as
follows:
i. rate - The interest rate, per period
ii. nper - The number of periods over which the loan or investment is to be paid
iii. pv - The present value of the loan / investment
iv. [fv] - An optional argument that specifies the future value of the loan / investment,
at the end of nper payments -If omitted, [fv] takes on the default value of 0
v. [type] - An optional argument that defines whether the payment is made at the
start or the end of the period.
vi. The type argument can have the value 0 or 1, meaning:
vii. 0 - the payment is made at the end of the period
1 - the payment is made at the beginning of the period
viii. If the type argument is omitted, it takes on the default value of 0 (denoting
payments made at the end of the period).
The payments are made monthly, so we have had to convert the annual interest rate of
5% into the monthly rate (=5%/12), and the number of years into months (=5*12).
As the forecast value is zero, and the payment is to be made at the end of the month,
the [fv] and [type] arguments can be omitted from the above functions.
The returned payments are negative values, as these represent outgoing payments (for
the individual taking out the loan).
The syntax of the function is : RATE( nper, pmt, pv, [fv], [type], [guess] ) where the
arguments are as follows:
i. nper - The number of periods over which the loan or investment is to be paid
ii. pmt - The (fixed) payment amount per period
iii. pv - The present value of the loan / investment
iv. [fv] - An optional argument that specifies the future value of the loan / investment, at
the end of nper payments -If omitted, [fv] takes on the default value of 0
v. [type] - An optional argument that defines whether the payment is made at the start or
the end of the period.
vi. The type argument can have the value 0 or 1, meaning:
vii. 0 - the payment is made at the end of the period
1 - the payment is made at the beginning of the period
viii. If the type argument is omitted, it takes on the default value of 0 (denoting payments
made at the end of the period).
ix. [guess] - An initial estimate at what the rate will be.
x. If this argument is omitted, it will take on the default value of 10% (=0.1)
xi. (Note this is only a value for Excel to start off working with - Excel then uses an
iterative procedure to converge to the correct rate)
As the payments are made on a monthly basis, the number of periods must be
expressed in months (5 years = 60 months).
As the payments are outgoing payments, the pmt argument is a negative value.
The returned interest rate is a monthly rate. This can be converted to an annual
interest rate by multiplying by 12 (as shown in cell A4).
RECEIVED( settlement, maturity, investment, discount, [basis] ) where the arguments are as
shown in the table below:
i. settlement - The security's settlement date (ie. the date that the coupon is purchased)
ii. maturity - The security's maturity date (ie. the date that the coupon expires)
iii. investment - The initial amount invested into the security
iv. discount - The security's discount rate
v. [basis] - An optional argument which defines the day count basis to be used in the
calculation.
The format of the function is : NPV( rate, value1, [value2], [value3], ... )
i. rate - The discount rate over one period
ii. value1, [value2], ... - Numeric values, representing payments and income, where :
iii. negative values are treated as payments
iv. positive values are treated as income
The syntax of the function is : NPER( rate, pmt, pv, [fv], [type] )
i. rate - The interest rate, per period
ii. pmt - The amount paid per period
iii. pv - The present value of the loan
iv. [fv] - An optional argument that specifies the future value of the loan, after the final
payment ,If omitted, [fv] takes on the default value of 0
v. [type] - An optional argument that defines whether the payment is made at the start or
the end of the period.
vi. The type argument can have the value 0 or 1, meaning:
vii. 0 - the payment is made at the end of the period
1 - the payment is made at the beginning of the period
viii. If the type argument is omitted, it takes on the default value of 0 (denoting payments
made at the end of the period).
The payment for the loan is input as a negative value, as this represents an outgoing
payment (for the individual taking out the loan)
The payments are made monthly, so we have had to convert the annual interest rate of
4% into the monthly rate (=4%/12). Also the returned value from the Nper function is
in months - i.e. the result (rounded to the nearest whole month) is 55 months = 4
years, 7 months.
As the forecast value is zero, and the payment is to be made at the end of the month,
the [fv] and [type] arguments can be omitted from the above function.
The syntax of the function is : IPMT( rate, per, nper, pv, [fv], [type] ) Where the arguments
are as follows:
i. rate - The interest rate, per period
ii. per - The period for which the interest payment is to be calculated (must be an integer
between 1 and nper)
iii. nper - The number of periods over which the loan or investment is to be paid
iv. pv - The present value of the loan / investment
v. [fv] - An optional argument that specifies the future value of the loan / investment, at
the end of nper payments ,If omitted, [fv] takes on the default value of 0
vi. [type] - An optional argument that defines whether the payment is made at the start or
the end of the period.
vii. The type argument can have the value 0 or 1, meaning:
viii. 0 - the payment is made at the end of the period
1 - the payment is made at the beginning of the period
ix. If the type argument is omitted, it takes on the default value of 0 (denoting payments
made at the end of the period).
The payments are made monthly, so we have had to convert the annual interest rate of
5% into the monthly rate (=5%/12), and the number of years into months (=5*12).
As the forecast value is zero, and the payment is to be made at the end of the month,
the [fv] and [type] arguments can be omitted from the above functions.
The returned interest payments are negative values, as these represent outgoing
payments (for the individual taking out the loan).
The format of the function is: DB (cost, salvage, life, period, [month]) where the arguments
are as shown in the table below:
• In the example below, the DB function is used to find the yearly depreciation of an
asset that cost $10,000 at the start of year 1, and has a salvage value of $1,000 after 5
years.
• Note that, in this example, the yearly rate of depreciation, calculated from the
equation 1-(Salvage/Cost)^(1/Life) is calculated to be 36.9%
122
The syntax of the function is: IRR(values, [guess]) where the arguments are as follows:
values - A reference to a range of cells containing the series of cash flows (investment
and net income values) (must contain at least one negative and at least one positive
value)
[guess] - An initial guess at what you think the IRR might be. This is an optional
argument, which, if omitted, takes on the default value of 10% (=0.1)
In the spreadsheet below, the cash flow for an investment is shown in cells B1 - B6.
The initial investment of $100 is shown in cell B1 and the net income over the next 5
years is shown in cells B2 - B6.
The IRR function in cell D2 shows the calculation of the Internal Rate of Return after
3 years and the function in cell D4 shows the Internal Rate of Return after 5 years.
Keyboard Shortcuts
124
VLOOKUP FUNCTION
VLOOKUP is one of Excel's built-in functions. The function is used when it is required to
find a value in the left-hand column of a vertical array of data, and return the corresponding
value from another column in the same array. OR Looks up a supplied value in the first
column of a table, and returns the corresponding value from another column.
Vlookup Syntax: The syntax for the Excel Vlookup function is: VLOOKUP (lookup_value,
table_array, col_index_num, [range_lookup]) where the function arguments are:
HLOOKUP FUNCTION
126
Looks up a supplied value in the first row of a table, and returns the corresponding value
from another row.
i. lookup_value - The value that you want to look for, in the first row of the supplied
data array
ii. table_array - The data array or table, that you want to search the first row of, for the
supplied lookup_value
iii. row_index_num - The row number, within the supplied array, that you want the
corresponding value to be returned from
iv. [range_lookup] - An optional logical argument, which can be set to TRUE or FALSE,
meaning :
v. TRUE - if the function cannot find an exact match to the supplied lookup_value, it
should use the closest match below the supplied value (Note: If range_lookup is set to
TRUE, the top row of the table_array must be in ascending order)
vi. FALSE - if the function cannot find an exact match to the supplied lookup_value, it
should return an error
Sorting data
Sorting data is an integral part of data analysis. Suppose to put a list of names in
alphabetical order, compile a list of product inventory levels from highest to lowest, or order
rows by colors or icons, sorting data helps to quickly visualize and understand the data better,
organize and find the data that is required, and ultimately make more effective decisions.
Conditional Formatting
Filtering Data
Filtering hides the rows or columns containing data that do not meet the filter criteria
defined.
Excel Pivot Tables are tables, that are produced by Excel, to summarize large amounts
of data in a spreadsheet.
Pivot table report feature enables you to structure and summarize the data from worksheet
lists in a variety of ways. Pivot tables are flexible as they enable you to easily filter fields or
move them in and out of column and row areas.
Creating a pivot table report
Below is the database about Income and Expenditure of three different countries for the first
quarter of the year.
Steps in creating a pivot table report in Excel 2007
1. Creating a pivot table comprises of 3 steps.
2. Keep your cursor somewhere on the database
127
3. Go to Insert option then click on the pivot table where you can see two drop down’s i.e
pivot table and pivot chart. Click on the pivot table (Refer the below screenshot)
4. Once you click on the pivot table then you will get the below screenshot, from the below
screenshot select the options as selected in the screenshot (Always selected by default) and
always chose the option new worksheet so that you can see your output in the new sheet.
Then say ok from the below screenshot.
5. Once you click on ok it will directly take you to the layout below.
6. From the above screenshot at the right hand side you can see the 4 variable names which
are field buttons in pivot table. These are the variables which we need to drag and drop in the
below 4 chambers( Report filter, Column labels area, Row labels area and Value area)
7. Now drag and drop the variables as below. ( Refer the below screenshot)
8. Once you drag & drop the variables then your pivot results appear as below
9. Once you get the results you can interchange the variables from column to row and row to
column area and view the view information the way you want.
10. Pivot table by default gives the sum of the data, in case you want to change it to average,
product and other summary functions then click on the field settings and select the option and
say ok
Goal Seek
Goal seek is a problem solving feature in excel which helps to find the solutions to complex
problems with what if analysis.
Example:
Suppose you are a agent for a travel company. You’re working with a excel sheet that details
booking information to Hong Kong
Note: Ensure that the data is formula oriented.
Below screenshots says that we have already reached total bookings of 112,500 by charging a
deposit fee of 150 / person, but our expected target is 140,000. So increase the deposit fee to
reach the target by using goal seek.
Steps
1. Click on Tools – Goal seek.
2. Once you get the goal seek dialogue box. Select cell C6 in set target cell because this is our
current output
128
3. Then type manually the expected output/ target i.e. 140,000 in To value column.
4. Then select cell B6 in By changing value column because that acts as a changing variable.
(See the below screenshot)
5. You have succeeded in reaching the desired target. (Refer below screenshot)
What-if analysis
What-if analysis is the process of changing the values in cells to see how those changes will
affect the outcome of formulas on the worksheet.
Three kinds of what-if analysis tools come with Excel:
scenarios,
data tables, and
Goal Seek.
Scenarios and data tables take sets of input values and determine possible results. A data
table works only with one or two variables, but it can accept many different values for those
variables. A scenario can have multiple variables, but it can accommodate only up to 32
values. Goal Seek works differently from scenarios and data tables in that it takes a result and
determines possible input values that produce that result.
In addition to these three tools, you can install add-ins that help you perform what-if analysis,
such as the Solver add-in.
The Solver add-in is similar to Goal Seek, but it can accommodate more variables. You can
also create forecasts by using the fill handle and various commands that are built into Excel.
For more advanced models, you can use the Analysis Pack add-in.
2. Result cell
If several people have specific information in separate workbooks that you want to use in
scenarios, you can collect those workbooks and merge their scenarios.
After you have created or gathered all the scenarios that you need, you can create a scenario
summary report that incorporates information from those scenarios. A scenario report
displays all the scenario information in one table on a new worksheet.
NOTE: Scenario reports are not automatically recalculated. If you change the values of a
scenario, those changes will not show up in an existing summary report. Instead, you must
create a new summary report.
NOTE: Goal Seek works with only one variable input value. If you want to determine more
than one input value, for example, the loan amount and the monthly payment amount for a
loan, you should instead use the Solver add-in.
3. Use data tables to see the effects of one or two variables on a formula
If you have a formula that uses one or two variables, or multiple formulas that all use one
common variable, you can use a data table to see all the outcomes in one place. Using data
tables makes it easy to examine a range of possibilities at a glance. Because you focus on
only one or two variables, results are easy to read and share in tabular form. If automatic
recalculation is enabled for the workbook, the data in data tables immediately recalculates; as
a result, you always have fresh data.
130
A data table cannot accommodate more than two variables. If you want to analyze more than
two variables, you can use scenarios. Although it is limited to only one or two variables, a
data table can use as many different variable values as you want. A scenario can have a
maximum of 32 different values, but you can create as many scenarios as you want.