1

SYSTEMS ANALYSISPertemuan 7 s.d 12

Matakuliah : A0554/Analisa dan Perancangan Sistem Informasi Akuntansi

Tahun : 2006

2

Models and Techniques

• Systems analysis– Workflow table– Activity diagram– Use case diagram– Use case description– Risks analysis– Types of internal control

3

The UML Activity Diagram

The UML activity diagram plays the role of a ‘map’ in understanding business process by showing the sequence of activities in

the process.

4

Overview & Detailed Activity Diagrams

• The overview diagram presents a high level view of the business process by documenting the key events, the sequence of these events & the information flows among these events.

• The detailed diagram is similar to a map of a city or town. It provides a more detailed representation of the activities associated with one or two events shown on the overview diagram.

5

Preparing Overview Activity Diagrams

Preliminary steps:• Read the narrative & identify key events• Annotate the narrative to clearly show event

boundaries & event names

Steps for preparing the activity diagram:• Represent agents participating in the business

process using swimlanes• Diagram each event. Show the sequence of these

events• Draw documents created & used in the business

process draw tables (files) created & used in the business process

6

Preparing Detailed Activity Diagrams

Steps for preparing overview activity diagrams:• Annotate narrative to show activities• Prepare a workflow table• Identify necessary detailed diagrams• For each detailed diagram, perform the following

substeps:– Set up swimlanes for the agents participating in the

event or events represent in the detailed diagram– Add a rounded rectangle for each activity in the

events) being documented in that detailed diagram– Use continuous lines to show the sequence of the

activities

7

– Set up any documents created or used by the activities in that diagram

– Use dotted lines to connect activities & documents

– Document any tables created, modified or used by the activities in the diagram in the computer column

– Use dotted lines to connect activities & tables

8

WORKFLOW TABLE

• The actors performing specific activities are listed in the column on the left.

• The corresponding activities are listed on the right. The activities have been listed using verbs in active voice (e.g., arrives, records, etc).

9

USE CASE DIAGRAM

A use case is a sequence of steps that occur when an ‘actor’ is interacting with

the system for a particular purpose.

Use case diagram is A list of use cases that occur in an application and that indicate the actor responsible for each use case.

10

USE CASE DESCRIPTION

• A description of a use case, typically represented as a sequence of numbered steps.

• Use case descriptions may also be used for documenting internal control.

11

RISKS ANALYSIS

• Risk assessment is the identification & analysis of risks that interfere with the accomplishment of internal control objectives.

• Control activities are the policies & procedures developed by the organization to address the risks to the achievement of the organization’s objectives.

12

RISK TYPE

• Execution risks

• Information system risks

13

EXECUTION RISK

Execution risks : Risks that transaction will not be executed properly.

Five steps are useful in understanding & assessing execution risk:

• Achieve an understanding of the organization’s processes.

• Identify the goods or services provided & cash received that are at risk.

14

• Restate each generic risk to describe the execution risk more precisely for the particular process under study. Exclude any risks that are irrelevant or obviously immaterial.

• Assess the significance of the remaining risks.

• For significant risks, identify factors that contribute to the risk. The events in the process can be used to systematically identify these factors.

15

INFORMATION SYSTEM RISKS

IS Risks : Risks of improper recording, updating, or reporting of data in an information system.

2 categories of IS Risks :

- Recording risks

- Update risks

16

RECORDING RISKS

Recording risks : Risks that event information is not captured accurately in an organization’s IS.

3 steps are useful in identifying recording risks :• Achieve an understanding of the process under

study. Identify the events.• Review the events, and identify instances where

data are recorded in a source document or in a transaction file.

• For each event where data are recorded in a source document or transaction record, consider the preceding generic recording risks.

17

UPDATE RISKS

Update risks : Risks that summary fields in master records are not properly updated.

3 steps are useful in identifying update risks:• Identify recording risks.• Identify the events that include update

activity. Identify the summary fields in master files that are updated.

• For each event where a master file is updated, consider the preceding generic update risks.

18

TYPES OF INTERNAL CONTROL

Types of control activities:

• Workflow controls

• Input controls

• General controls

• Performance reviews

19

WORKFLOW CONTROLS

• Controls that help manage a process at it moves from one event to the next.

• Include : segregation of duties, required sequence of events, prenumbered documents, reconciliation of records with assets, and others.

20

INPUT CONTROL

• Used to control the input of data into computer systems.

• Include : drop down or look up menus, format checks to limit data, validation rules, confirmation of data, and others.

21

GENERAL CONTROLS

• Broader controls that apply to multiple processes.

• Include : IS planning, organizing the IT function, and others.

22

PERFORMANCE REVIEW

• Activities involving analysis of performance including the comparison of actual results with budgets, forecasts, standards and prior period data.