商业环境本章概述

BUSINESS4

B4InformationSystemandCommunications

【本章概述】

Organizationalneedsassessment

Systemsdesignandotherelements3.Security

Theinternet:Implicationsforbusiness

Typesofinformationsystemsandtechnologyrisks

Disasterrecoveryandbusinesscontinuity1OrganizationalNeedsAssessment

Introductiontoinformationsystemsandcommunications

Datacapture

Processing

Reporting

Roleofinformationtechnologyinbusinessstrategy

IntroductiontoinformationsystemsandcommunicationsIntroductiontoInformationSystemsandCommunications

Components

Hardware,software,data,network,people

Hardware

Physicalcomputeranddevices

Software

Systemsoftware

DOS,Windows,Mac

Programminglanguages

C,C++,Java

Applicationsoftware

MSoffice,auditprogram

Network

Cable,fiber,wireless,satellites

People

ITdepartmentroles

Date/Info.

Data

Rawfacts

Information

Processedandorganizeddata

BusinessInformationSystem

Categories

Transactionprocessingsystems

Managementinformationsystems

Decisionsupportsystems

Executiveinformationsystems

PrimaryRoles

Processdetaileddata

Provideinfo.usedformakingdailydecisions

Provideinfo.usedfordevelopingbusinessstrategies

Takeordersfromcustomers

DataCapture

DataCaptureTechniques

Manualentries–humanerrors

Automation-moreaccurate

DataAccuracy

Well-designedinputscreens–validation

Auto-entryfields–auto-numbering

ProcessingCollectProcess

StoreTransformDistribute

Objectives

Valid（existence,completeness）

Classify

Value（accuracy）

Cutoff

Presentation

TransitionCycles

Revenuecycle

Expenditurecycle

Productioncycle

Humanresources/payrollcycle

FinancingCycles

RevenueCycle

Customerordersandcreditverification

Accountsreceivable

Cashreceipts

ExpenditureCycle

Purchasing

Inventorycontrol

Accountspayable

Cashdisbursements

ProductionCycle

Productiondesignandproductionplanning

Productionmanufacturing

Inventorycontrol

HumanResourcesCycle

Humanresources

Timeandattendance

Payrolldisbursements

Payrolltaxreporting

FinancingCycle

Issuanceofstockordebtfinancing

Paymentofdividendsorinterests

DataprocessingCycle

Datainput

Issues

Alltransactionsofinterestareaccountedfor（completeness）

Accountedforinthecorrectaccount（classification）

Peopleoriginatingthetransactionsareidentified

Verification

（vouch）

Sourcedocuments（purchaseorder）

Turnarounddocuments

Procedures

Prenumbered–completeness

Efficientlydesigned

Verifiedpriortoacceptance

Datastorage

Methods

Journalsandledgers

Coding

Sequencecodes

Blockcodes

Groupcodes

Chartsofaccounts

ComputerStorage

Entity–thesubjectofthestoredinformation

Attributes–specificitemsofinterestforeachentity

Field–asinglepieceofinformation（anattribute）oftheentity

ComputerStorage

Entity–thesubjectofthestoredinformation

Attributes–specificitemsofinterestforeachentity

Field–asinglepieceofinformation（anattribute）oftheentity

Record–allattributesaboutasingleinstanceofanentity

Datavalue–thecontentsoffields

File–recordsaregroupedintofiles

·Masterfile–similartoledger

·Transactionfile–similartojournal

Database–filesthatareinterrelatedancoordinated

Sequencecode

Blockcode

Groupcode

记字001

收字001

收字010001

记字002

收字002

收字010002

记字003

付字001

收字021001

记字004

付字002

收字021002

记字005

转字001

付字010001

转字002

付字010002

付字021001

DataProcessing

Functions

Addition–addingnewrecordstothedatabase

Updating–revisionstoamasterfile

Deletion–removalofrecordsfromdatabase

Methods

Batchprocessing–updateperiodically

Onlinereal-timeprocessing–updateinreal-time

Informationoutput

Documents（operationaldocuments）

Reports–internal,external

Query–generateuponrequest

Batchprocessing

OLRTprocessing

Transactionsarecollectedandgroupedbytypeof

transaction,andprocessedperiodically

Masterfilesareupdatedasthe

transactionsareentered

Alwaysatimedelay

Immediateprocess（nodelay）

Step1,createtransactionfile

Step2,updatethemasterfile

1step

Comparemanualandcomputer-generatedbatchcontrol

totals

Oftenusedintraditionalsystems

Oftenusedinnetworkedsystems

Centralizedprocessing

Decentralizedprocessing

Maintainalldataandperformalldata

processingatacentrallocation

Computingpower,applications,andworkare

spreadoutovermanylocations

·Enhanceddatasecurity

·Moreconsistent

Reducingtheprocessingburdenonthecentral

computer

·Possiblehighcost

·Reductioninlocalaccountability

·Bottlenecks

·Delayinresponsetime

·Increasedvulnerability

Reporting

Periodicscheduled

reports

Madeavailableonaregularbasistoendusers

E.g.,monthlyfinancialstatement

Exceptionreport

Producedwhenaspecificconditionorexceptionoccurs

E.g.,overdueA/Rreport

Demandreport

Availableondemand（pull）

Pushreport

Areportwindowdisplaysup-to-datereportseverytimeanenduserlogs

intoacomputernetwork

AdHocreport

Createdondemand,withouthavingtogetasoftwaredeveloperinvolved

Query

Dashboardreport

Presentsummaryinformationnecessaryformanagementaction

XBRL

XBRLisanopen,royalty-free,internet-basedinformationstandardfor

businessreportingoffinancialdata.

XBRLdefinesthedatasothatuserscancreatemacrosorotherprograms

thatcanautomateanalysisofthedata.

RoleofInformationTechnologyinBusinessStrategy

Technologydecisionsshouldbeaninputtothestrategyprocess,helpingtodefineinnovationsandseekingtoincreaserevenue,ratherthanmerelyanafter-the-facttoolforachievinggoals.

Commonprinciplesoftechnology-drivenstrategydevelopment

·Technologyisacoreinputtothedevelopmentofstrategy;

·Strategydevelopmentmustbeacontinualprocess

·Innovativeemergingbusinessopportunitiesmustbemanagedseparatelyanddifferently;

·Technologyhasthepowertochangelong-heldbusinessassumptions;

·Managedfromtwoperspectives:1）itsabilitytocreateinnovationinexistingbusinesses;2theabilityofemergingtechnologiestocreatenewmarkets/products;

·Thefocusshouldbeoncustomerprioritiesaswellasinternalefficiencies

Theroleoftechnologyininformationandcommunications

Theselectionofspecifictechnologiestosupportenterpriseriskmanagementforanorganizationtypicallyisareflectionofthe:

·Entity’sapproachtoenterpriseriskmanagementanditsdegreeofsophistication;

·Typesofeventsaffectingtheentity;

·Entity’soverallinformationtechnologyarchitecture;

·Degreeofcentralizationofsupportingtechnology

Enterpriseriskmanagementincludesanumberofkeycomponentsthatenableanorganizationto

identify,assess,andrespondtorisk.

Informationmanagementapproaches

Shareinformationthroughouttheorganization

Availabilityandusefulnessofdata

Greaterconnectivityandusabilityofdata

Typesofeventsaffectingtheentity

Adverseorpositive

Informationtechnologyarchitecture

Customizedsystems

Openarchitecture

【Question1】Whichoneofthefollowingstatementsaboutanaccountinginformationsystem（AIS）isincorrect?

AnAISsupportsday-to-dayoperationsbycollectingandstoringdataaboutanorganization'stransactions.

TheinformationproducedbyAISismadeavailabletoalllevelsofmanagementforuseinplanningandcontrollinganorganization'sactivities.

AnAISisbestsuitedtosolveproblemswherethereisgreatuncertaintyandill-definedreportingrequirements.

AnAISisoftenreferredtoasatransactionprocessingsystem.

『正确答案』C

SystemDesignandOtherElements

Businessprocessdesign

Informationtechnology（IT）controlobjectives

Roleoftechnologysystemsincontrolmotoring

Operationaleffectiveness

ITresponsibilitiesandsegregationofduties

BusinessProcessDesign

Categoriesofbusinessinformationsystems

Transactionprocessing

systems

Processandrecordtheroutinedailytransactionsnecessarytoconduct

business

Management

informationsystem

Provideuserspredefinedreportsthatsupporteffectivedecisions

Decisionsupport

systems

ExtensionofanMISthatprovidesinteractivetoolstosupportdecision

making

Executiveinformation

systems

Seniorexecutiveswithimmediateandeasyaccesstointernaland

externalinformationtoassistinstrategicdecisionmaking

Systemdevelopmentlifecycleprovidesaframeworkforplanningandcontrollingthedetailedactivitiesassociatedwithsystemsdevelopment.

Waterfallapproach

―Analysis

―Planning

―Design

―ImplementationPrototypingmodel

―Prototype

―Approximationoffinalsystemisbuilt,tested,reworked

―Completesystemisdevelopedfromtheprototype

1.Systemsanalysis

Definethenatureandscopeoftheproject

In-depthstudy,determinetechnologicalandeconomicfeasibility

Identifytheinformationneedsofsystemusers

Documenttheinformationneedsofsystem

Summarizereportandsubmit

2.Conceptualdesign

Identifyandevaluateappropriatedesignalternatives（decideshowtomeetuserneeds）

—Buyingsoftware

—Developingsoftwarein-house

—Outsourcingsystemsdevelopment

3.Physicaldesign

Beginningthedesignprocess（writecomputerprograms）

4.Implementationand

conversion

5.Training

6.Testing

7.Operationsand

maintenance

Participantsinbusinessprocessdesign

Management

Supportandencouragement

Accountants

Determineinformationneedsandrequirements

Helpmanagesystemdevelopment

Takeanactiveroleindesigningsystemcontrols,periodically

monitoringandtestingthesystem

Informationsystems

steeringcommittee

Planandoverseetheinformationsystemsfunctionandaddressthe

complexitiescreatedbyfunctionalanddivisionalboundaries

Projectdevelopment

team

Responsibleforthesuccessfuldesignandcomplementationofthe

businesssystem

Externalparties

Majorcustomersorsuppliers

InformationTechnology（IT）ControlObjectives

TheControlObjectivesforInformationandRelatedTechnology（COBIT）frameworkprovidesmanagers,auditorsandinformationtechnologyuserswithasetofmeasures,indicators,processesandbestpracticestomaximizethebenefitofinformationtechnology.

BusinessObjectives

Effectivedecisionsupport

Efficienttransactionprocessing

Compliance（e.g.reportingrequirements,securityrequirements）

GovernanceObjectives

Strategicalignment–linkagebetweenbusinessandITplans

Valuedelivery–promisedbenefits,satisfyingcustomers,optimizingcosts

Resourcemanagement–optimizationofknowledgeandinfrastructure

Riskmanagement-ERM

Performancemeasurement–tracingandmonitoringstrategyimplementation,projectcompletion,resourceusage,processperformance,and

servicedelivery

InformationCriteria

Integrity

Accuracy,completeness,andvalidity

Confidentiality

Protectionofsensitiveinformationfromunauthorizeddisclosure

Efficiency

Lowcostwithoutcompromisingeffectiveness

Reliability

Informationrepresentswhatitpurportsto

Availability

Providingcurrentandfutureinformationasrequired

Compliance

Complywithpolices,laws,regulationsandcontractualarrangements

Effectiveness

Relevantorpertinent

DomainsandProcessesofCOBIT

PlanandOrganize

Providesdirectiontosolutionandservicedelivery

Acquireand

ProvidessolutionsforITneeds

Implement

DeliverandSupport

ProvidesITservicestousers

MonitorandEvaluate

Ensurethatthedirectionprovidedintheplanningandorganizingsteps

arefollowed

RoleofTechnologySystemsinControlMonitoring

GeneralControls

Ensureanorganization’scontrolenvironmentisstableandwell-managed

Systemsdevelopmentstandards,securitymanagementcontrols,change

managementprocedures,softwareacquisition,development,operationsandmaintenancecontrols

ApplicationControls

Prevent,detect,andcorrecttransactionserrorandfraudandare

application-specific,providingreasonableassuranceastosystem

Accuracy,completeness,validity,authorization

InputControls

Datavalidationatthefieldlevel

Prenumberingforms

Well-definedsourcedatapreparationprocedures

ProcessingControls

Datamatching–matchingtwoormoreitemsofdatapriortotakinganaction

Filelabels–ensuresthecorrectandmostcurrentfilesareupdated

·External–readablebyhumans

·Internal–machine-readable

Recalculationofbatchtotals

Cross-footingandzerobalancetests

Databaseprocessingintegrityprocedures

OutputControls

Userreviewofoutput–examinationbyusers

·Reasonableness,completenessandverification

Reconciliationprocedures

Externaldatareconciliation

Outputencryption–authenticityandintegrity

·Reducethechancefordatainterception

OperationalEffectiveness

Evaluatingtheongoingeffectivenessofcontrolpoliciesandproceduresprovidesaddedassurancethatcontrolsareoperatingasprescribedandachievingtheirintendedpurpose.

Diagnosticcontrolsystemvs.actualperformance

Diagnosticcontrolsaredesignedtoachieveefficiencyinoperationsofthefirmtogetthemostfromresourcesused.

PrinciplesofControl

StrategicMasterPlan

Amulti-yearstrategicmasterplanshouldbedevelopedandupdated

annually.

Theplanshouldshowtheprojectsthatmustbecompletedtoachieve

long-rangcompanygoalsandaddressthecompany'shardware,software,personnel,andinfrastructurerequirements

Dataprocessing

schedule

Alldataprocessingtasksshouldbeorganizedaccordingtoadata

processingschedule

Steeringcommittee

Guideandoverseesystemsdevelopmentandacquisition

Systemperformance

measurements

Throughput,utilization,responsetime

ITResponsibilitiesandSegregationofDuties

SystemAnalyst

Internallydevelopedsystem

·Determinessystemrequirements

·Designstheoverallapplicationsystem

·Determinesthetypeofnetworkneeded

Purchasedsystem

·Integrateswithexistinginternalandpurchasedapplications

·Providestraining

ComputerProgrammer

Applicationprogrammer–writingand/ormaintainingapplication

programs

Systemprogrammer–installing,supporting,monitoring,andmaintaining

theoperatingsystem

Computer

Operator

Schedulingandrunningprocessingjobs

ITSupervisor

ManageITdepartment

FileLibrarian

Storeandprotectprogramsandtapesfromdamageandunauthorizeduse

DataLibrarian

Custodyofandmaintainstheentity’sdataandensuresthatproductiondata

isreleasedonlytoauthorizedindividualswhenneeded

Security

Administrator

Responsiblefortheassignmentofinitialpasswordsandoftenthe

maintenanceofthosepasswords

SystemAdministrator

Databaseadministrator–responsibleformaintainingandsupportingthe

databasesoftwareandperformingcertainsecurityfunctions

Networkadministrator–supportcomputernetworksthroughperformance

monitoringandtroubleshooting

Webadministrator–responsibleforinformationonawebsite

Data

Administrator

Responsibleforthedefinition,planning,andcontrolofthedatawithina

database

DataInputClerk

Prepare,verify,andinputdatatobeprocessed（endusers）

Hardware

Technician

Setsupandconfigureshardwareandtroubleshootsandresultinghardware

problems

EndUser

Workersinanorganizationwhoenterdataintoasystemorwhousethe

informationprocessedbythesystem

SegregationofDuties

―Systemanalystsvs.computerprogrammers

―Computeroperatorsvs.computerprogrammers

―Securityadministratorsvs.computeroperatorsvs.computerprogrammers

【Question2】Allofthefollowingsareexamplesofadecisionsupportsystem（DSS）exceptfora:

Financialmodelingapplication.

Transactionprocessingsystem.

Databasequeryapplication.

Sensitivityanalysisapplication.

『正确答案』B

【Question3】Whichoneofthefollowingstatementsaboutanexecutiveinformationsystem（EIS）isincorrect?TheEIS:

Providestopexecutiveswithimmediateandeasyaccesstoinformationinahighlyinteractiveformat.

Helpsexecutivesmonitorbusinessconditionsingeneralandassistsinstrategicplanningtocontrolandoperatethecompany.

Isdesignedtoacceptdatafrommanydifferentsources;tocombine,integrate,andsummarizethedata;andtodisplaythisdatainaformatthatiseasytounderstandanduse.

Islikelytobeoneofthemostwidelyusedandthelargestoftheinformationsubsystemsinabusinessorganization.

『正确答案』D

【Question4】Whichofthefollowingisapersonwhoentersdataorusestheinformationprocessedbyasystem?

HardwareTechnician.

NetworkAdministrator.

SoftwareDeveloper.

User.

『正确答案』D

Security

Technologiesandsecuritymanagementfeatures

Policies

TechnologiesandSecurityManagementFeatures

―Safeguardingrecordsandfiles

―Backupfiles

―Uninterruptedpowersupply

―Programmodificationcontrols

―Dataencryption

―Managingpasswords

―Useraccess

Safeguardingrecordsandfiles

―Allcriticalapplicationdatashouldbebackedupandstoredinasecureoff-sitelocation

BackupFiles

Son-father-grandfatherconcept

Mostrecentfileiscalledtheson,secondmostrecentfileis

calledthefather,precedingfileiscalledthegrandfather.

Previousfile+transactionsprocess=masterfile

Alwaysatleasttwobackupfilesthatcanbeusedtore-createthe

destroyedfile

Backupofsystemsthatcanbe

shutdown

Filesordatabasethathavechangedsincethelastbackupcanbe

backedup

Backupofsystemsthatdonot

shutdown

Applyingatransactionlogreapplythosetransactionstoget

backtothepointimmediatelybeforethefailure

Mirroring

Useofabackupcomputertoduplicatealloftheprocessesand

transactionsontheprimarycomputer.（expensive）

UninterruptedPowerSupply（UPS）

Adevicethatmaintainsacontinuoussupplyofelectricalpowertoconnectedequipment

ProgramModificationControls

·Controlsdesignedtopreventchangesbyunauthorizedpersonnel

·Controlsthattrackprogramchangessothatthereisarecordofwhatversionsofwhatprogramsarerunninginproductionatanyspecificpointintime

DataEncryption

Process

Usingapasswordoradigitalkeytoscrambleareadable（plaintext）messageintoanunreadable（ciphertext）message.

Theintendedrecipientofthemessagethenusesanotherdigitalkeytodecryptor

deciphertheciphertextmessagebackintoplaintext.

Encryption

Key

Thelongerthelengthofthekey,thelesslikelyisthemessageortransactiontobe

decryptedbythewrongparty

Methods

Digitalcertificates

Digitalsignatures

E-Signatures

ManagingPasswords

Basicrule

Everyaccountmusthaveapassword

PolicyCharacteristics

Length–requireaminimumof7or8characters

Complexity–featurethreeofthefour

·Uppercasecharacters

·Lowercasecharacters

·Numericcharacters

·ASCIIcharacters

Passwordage–notruestandard

·90-dayisrecommended

·Administrativepasswordsshouldbechangedmorefrequently

Passwordreuse–notruestandard

·Shouldnotbereuseduntilasignificantamountoftimehaspassed

UserAccess

Becauseuseraccountsarethefirsttargetofahacker,caremustbeusedwhendesigning

proceduresforcreatingaccountsandgrantingaccesstoinformation

Initialpasswordsandauthorizationforsystemaccess

HRshouldgeneratetherequestforauseraccountand

systemaccessrights.

Theinformationsecurityofficermayneedtoapprove

theaccount

Changesinposition

CoordinationofeffortbetweenHRandIT

Disableaccountswhenanemployeeleavesan

organization

Policies

Policiesarethemostcrucialelementinacorporateinformationsecurityinfrastructureandmustbeconsideredlongbeforesecuritytechnologyisacquiredanddeployed.

SecurityPolicyDefined

Adocumentthatstateshowanorganizationplanstoprotectitstangibleandintangibleinformationassets.

·Managementinstructions

·High-levelstatementsprovideguidance

·Generalizedrequirementsthatmustbewrittenandcommunicatedtocertaingroups

SecurityPolicy

Goal

Requirepeopletoprotectinformation,whichinturnprotectstheorganization,

itsemployees,anditscustomers

TypesofPolicy

Program-levelpolicy

MissionstatementfortheITsecurityprogram

Program-frameworkpolicy

TheITsecuritystrategy

Issue-specificpolicy

Addressspecificissuesofconcern

System-specificpolicy

Focusonpolicyissuesthatexistforaspecific

system

【Question5】Whichofthefollowingisthestepwheretheintendedrecipientconvertstheciphertextintoplaintext?

Decryptionordecipherment.

Encryption.

Digitalcertificates.

PKI.

『正确答案』A

【Question6】IfFriday'sfileisdestroyed,anewFridayfilecanbereproducedbyusingtheFridaytransactionfile（whichisstoredseparately）andThursday'sfile.Thebackupconceptthatservesasthefoundationforthisprocessisoftencalled:

CriticalApplicationBackup.

DiskOnlyBackup.

Son-Father-GrandfatherConcept.

BackupsofSystemsThatDoNotShutDown.

『正确答案』C

【Question7】Useraccountsarethefirsttargetofahackerwhohasgainedaccesstoanorganization'snetwork.Whichofthefollowingisatruestatementwhenmaintaininguseraccessaccounts?

Itisimportanttohaveproceduresinplacetoaddresspromotionsandlateralmoves.

NoprivilegesshouldbegranteduntilauthorizationiscompletedbyHumanResourcesandtheITSecurityOfficer.

Theremustbeamechanismtodisableaccountsshouldrelationsendbetweentheorganizationandanyofitsemployees.

Alloftheanswerchoicesarecorrect.

『正确答案』D

TheInternet:ImplicationsforBusiness

Electroniccommerceandbusiness

Electronicdatainterchange（EDI）

Opportunitiesforbusinessprocessreengineering

Business-to-business（B2B）

B2BVS.B2C

Enterpriseresourceplanningsystems（ERP）

Supplychainmanagementsystem（SCM）

Customerrelationshipmanagementsystem（CRM）

OtherE-commercetechnologies

Effectsofinternetevolutiononbusinessoperationsandorganizationcultures

Variousdefinitions

ElectronicCommerceandBusiness

Electroniccommerce（E-commerce）–completionofexchange（buyingandselling）transactionsuseaprivatenetworkortheinternet.

Electronicbusiness（E-business）–referstoanyuseofinformationtechnology,particularlynetworkingandcommunicationstechnology,toperformbusinessprocessesinanelectronicform,mayormaynotrelatetothepurchaseandsale.

ElectronicDataInterchange（EDI）

EDIisthecomputer-to-computerexchangeofbusinesstransactiondocumentsinstructuredformatsthatallowthedirectprocessingofthedatabythereceivingsystem.

Benefit–reducedhandlingcostsandincreasedprocessingspeed

Requirement-standarddataformat

Mapping

Theprocessofdeterminingthecorrespondencebetweendataelementsinan

organization'sterminologyanddataelementsinstandardEDIterminology

Standards

XML（extensiblemarkuplanguage）–transmitdatainflexibleformatsinsteadofthestandardformatsofEDI.

XMLtellssystemstheformatofdataandalsowhatkindofinformationthedatais.

Communications–directlinksbetweenorganizations

Intermediary

Valueaddednetworks（VANs）orovertheInternet

Internet-basedEDIisreplacingVAN-basedEDIbecauseitisconsiderablycheaper

CostsofEDI

Legalcosts

Costsassociatedwithmodifyingandnegotiatingtrading

contractswithtradingpartnersandwithcommunicationsproviders

Hardwarecosts

Communicationsequipment

Costsoftranslationsoftware

Costofacquiring/developingmaintainingthetranslation

software

Costsofdatatransmission

Hasbeendecreasing

Processreengineeringand

employeetrainingcosts

Costsassociatedwithsecurity,

monitoringandcontrolprocedures

EDIControls

AudittrailsinEDIsystemsshouldinclude:

·Activitylogsoffailedtransactions

·Networkandsender/recipientacknowledgments

EDIRisks

Greatestriskinanorganization’suseofEDIisunauthorizedaccesstotheorganization's

systems

ComparisonofEDIandE-Commerce:

Item

EDI

E-Commerce

Cost

Moreexpensive

Lessexpensive

Security

Moresecure

Lesssecure

Speed

Slower（Batch）

Faster（OLRT）

Network

VAN（private）

Internet（public）

OpportunitiesforBusinessProcessReengineering

BusinessProcessReengineering

Definition

Theanalysisandredesignofbusinessprocessesandinformationsystemstoachieve

significantperformanceimprovements

Challenges

Tradition–cultureandbeliefs

Resistance

Timeandcostrequirements

Lackofmanagementsupport

Skepticism

Retraining

Controls

Business-To-Business（B2B）

B2B:businesssellsitsproductstootherbusinessesB2C:businesssellsitsproductstothepublic

C2C:consumerssellproductstootherconsumers

ImportanceofB2B

B2Bcommercesitesmakepurchasingdecisionsfaster,simpler,safer,morereliable,andmore

costeffective.

Advantages

Speed

Timing

Personalization

Security

Reliability

B2BVS.B2C

B2Baremorecomplex

OfteninvolvemanymoreparticipantsOfteninvolvemorecomplexproducts

RequiretheorderfulfillmentbemorecertainandpredictablePaymentmechanismsaremuchmorecomplex

EnterpriseResourcePlanningSystems（ERP）

ERP

Definition

Across-functionalenterprisesystemthatintegratesandautomatesthemanybusinessprocessesandsystemsthatmustworktogetherinthemanufacturing,logistics,

distribution,accounting,finance,andhumanresourcefunctionsofabusiness

Functions

Storeinformationinacentralrepository

Actastheframeworkforintegrating

Vitalcross-functionalinformationassistmanagersinthedecision-makingprocess

SupplyChainManagementSystem（SCM）

SCMisconcernedwiththefourimportantcharacteristicsofeverysale:

What

Thegoodsreceivedshouldmatchthegoodsordered

When

Thegoodsshouldbedeliveredonorbeforethedatepromised

Where

Thegoodsshouldbedeliveredtothelocationrequested

Howmuch

Thecostofthegoodsshouldbeaslowaspossible

SCMObjectives–achieveflexibilityandresponsiveness

Planning

Demandforecasting,productpricing,inventorymanagement

Sourcing

Procurementandcreditandcollections

Making

Productdesign,productionscheduling,facilitymanagement

Delivery

Ordermanagementanddeliveryscheduling

CustomerRelationshipManagementSystem（CRM）

CRM

Definition

Providesalesforceautomationandcustomerservicesinanattempttomanage

customerrelationships

Objectives

Increasecustomersatisfaction

Increaserevenueandprofitability

OtherE-CommerceTechnologiesElectronicfundstransfer

Applicationserviceproviders

ElectronicFundsTransfer（EFT）

Definition

Aformofelectronicpaymentforbankingandretailingindustries

Third-party

vendor

Oftenprovidedbythird-partyvendorwhoactsastheintermediarybetweenthe

companyandtheba