Client-server and peer-to-peer systems
These concepts are similar to centralised and decentralised, but are not quite identical.
In a client-server arrangement, a powerful computer (the server) is dedicated to providing a service to other computers in the network (the clients). Typical services provided are:
? File storage (file servers)
? Handling printing (print server)
? Handling the sending and receiving of emails (mail servers).
There is an element of centralisation here, but although files might be held centrally on the server they will often be processed locally. For example, a report will be held on the server, but when it is being edited it is downloaded to the user’s local machine (client). The edited version will be saved back to the server where other users can then access it. Obviously there will be great disruption if the server fails. Access rights to files are set centrally and typically enforced by users’ log-on information.
Traditionally, in client server networks each client would have had a copy of, say, Word for Windows. Documents would have been downloaded from the server for local editing then saved back to the server. The disadvantage of this is that each machine in the network needs a copy of Word and if the company was upgrading its software all copies of the program would have to be changed. Providing the software initially for all machines and its subsequent management is very expensive. With cloud computing, this approach has changed. There is only one copy of the software on the server within a web-based interface. Users log into the web system and their processing is then carried out on the server or a ‘cloud’ of servers. It appears to each user that they have a local version of the software, but what they are really seeing is the program operating in the server. Client machines can be ‘thin-clients’ which are not very powerful as they do not have to store much data and software nor do they have to carry out much processing. Hardware, software and maintenance costs are greatly reduced, though the system is vulnerable to service disruption.
Hotmail and Gmail provide examples of this approach. Whenever you want to write an email you log into the web email account and the processing is carried by the system’s computer cloud – not your computer. All it has to do is to handle the interface.
In peer-to-peer networks, two or more computers are connected directly without the need for a server. Access rights to files are given by individual users to specified other users. This is a simpler system to set-up, requiring no specialist operating system or specialist staff and many home systems are like this. It is a much more distributed system than client server systems and therefore has back-up and security issues.
Controls in IT systems
IT poses particular risks to organisations’ internal control and information systems. This can lead to their operations being severely disrupted and subsequently to lost sales, increased costs, incorrect decisions and reputational damage.
? Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, reporting inaccurate, misleading results - or all three.
? Unauthorised access to data leading to destruction of data, improper changes to data, or inaccurate recording of transactions.
? Particular risks may arise where multiple users access a common database on which everyone in the organisation relies.
? The possibility of IT personnel gaining access privileges beyond those necessary to perform their assigned duties.
? Unauthorised changes to data in master files. For example, changing a selling price or credit limit.
? Unauthorised changes to systems or programs so that they no longer operate correctly and reliably.
? Failure to make necessary changes to systems or programs to keep them up-to-date and in line with legal and business requirements.
? Potential loss of data or inability to access data as required. This could prevent, for example, the processing of internet sales.
Controls in computer systems can be categorised as general controls and application controls.