1 SYSTEMS ANALYSIS Pertemuan 7 s.d 12 Matakuliah: A0554/Analisa dan Perancangan Sistem Informasi Akuntansi Tahun: 2006

2 Models and Techniques Systems analysis –Workflow table –Activity diagram –Use case diagram –Use case description –Risks analysis –Types of internal control

3 The UML Activity Diagram The UML activity diagram plays the role of a ‘map’ in understanding business process by showing the sequence of activities in the process.

4 Overview & Detailed Activity Diagrams The overview diagram presents a high level view of the business process by documenting the key events, the sequence of these events & the information flows among these events. The detailed diagram is similar to a map of a city or town. It provides a more detailed representation of the activities associated with one or two events shown on the overview diagram.

5 Preparing Overview Activity Diagrams Preliminary steps: Read the narrative & identify key events Annotate the narrative to clearly show event boundaries & event names Steps for preparing the activity diagram: Represent agents participating in the business process using swimlanes Diagram each event. Show the sequence of these events Draw documents created & used in the business process draw tables (files) created & used in the business process

6 Preparing Detailed Activity Diagrams Steps for preparing overview activity diagrams: Annotate narrative to show activities Prepare a workflow table Identify necessary detailed diagrams For each detailed diagram, perform the following substeps: –Set up swimlanes for the agents participating in the event or events represent in the detailed diagram –Add a rounded rectangle for each activity in the events) being documented in that detailed diagram –Use continuous lines to show the sequence of the activities

7 –Set up any documents created or used by the activities in that diagram –Use dotted lines to connect activities & documents –Document any tables created, modified or used by the activities in the diagram in the computer column –Use dotted lines to connect activities & tables

8 WORKFLOW TABLE The actors performing specific activities are listed in the column on the left. The corresponding activities are listed on the right. The activities have been listed using verbs in active voice (e.g., arrives, records, etc).

9 USE CASE DIAGRAM A use case is a sequence of steps that occur when an ‘actor’ is interacting with the system for a particular purpose. Use case diagram is A list of use cases that occur in an application and that indicate the actor responsible for each use case.

10 USE CASE DESCRIPTION A description of a use case, typically represented as a sequence of numbered steps. Use case descriptions may also be used for documenting internal control.

11 RISKS ANALYSIS Risk assessment is the identification & analysis of risks that interfere with the accomplishment of internal control objectives. Control activities are the policies & procedures developed by the organization to address the risks to the achievement of the organization’s objectives.

12 RISK TYPE Execution risks Information system risks

13 EXECUTION RISK Execution risks : Risks that transaction will not be executed properly. Five steps are useful in understanding & assessing execution risk: Achieve an understanding of the organization’s processes. Identify the goods or services provided & cash received that are at risk.

14 Restate each generic risk to describe the execution risk more precisely for the particular process under study. Exclude any risks that are irrelevant or obviously immaterial. Assess the significance of the remaining risks. For significant risks, identify factors that contribute to the risk. The events in the process can be used to systematically identify these factors.

15 INFORMATION SYSTEM RISKS IS Risks : Risks of improper recording, updating, or reporting of data in an information system. 2 categories of IS Risks : -Recording risks -Update risks

16 RECORDING RISKS Recording risks : Risks that event information is not captured accurately in an organization’s IS. 3 steps are useful in identifying recording risks : Achieve an understanding of the process under study. Identify the events. Review the events, and identify instances where data are recorded in a source document or in a transaction file. For each event where data are recorded in a source document or transaction record, consider the preceding generic recording risks.

17 UPDATE RISKS Update risks : Risks that summary fields in master records are not properly updated. 3 steps are useful in identifying update risks: Identify recording risks. Identify the events that include update activity. Identify the summary fields in master files that are updated. For each event where a master file is updated, consider the preceding generic update risks.

18 TYPES OF INTERNAL CONTROL Types of control activities: Workflow controls Input controls General controls Performance reviews

19 WORKFLOW CONTROLS Controls that help manage a process at it moves from one event to the next. Include : segregation of duties, required sequence of events, prenumbered documents, reconciliation of records with assets, and others.

20 INPUT CONTROL Used to control the input of data into computer systems. Include : drop down or look up menus, format checks to limit data, validation rules, confirmation of data, and others.

21 GENERAL CONTROLS Broader controls that apply to multiple processes. Include : IS planning, organizing the IT function, and others.

22 PERFORMANCE REVIEW Activities involving analysis of performance including the comparison of actual results with budgets, forecasts, standards and prior period data.