Integrated Data Models, System Development, and Security in E-Business

Posted on Aug 20, 2024 in Other subjects

Integrated Data Model

TED Enterprise-Wide Data Model

The TED enterprise-wide data model merges separate data models for all company applications (including AIS) into a single database. This one-stop data facility provides a unified view of data, enabling data sharing across functionalities (departments). Benefits include using basic account codes for travel and purpose-specific codes. Valuable information can be extracted using queries. An unintegrated model would require long codes and dramatically increase the number of accounts.

ERP (Enterprise Resource Planning)

ERP is an example of an integrated data model. It integrates all departments and functions onto a single computer system that serves each department’s needs.

Advantages of ERP:

  • Integration of an organization’s data and financial information
  • Data is captured once
  • Greater management visibility
  • Increased monitoring
  • Better communication
  • Better access control
  • Standardized business operation procedures
  • Improved customer service
  • More efficient manufacturing

Disadvantages of ERP:

  • Cost
  • Complexity
  • Dependence
  • Vendor issues
  • High rate of failure
  • Concerns about data sharing extent

ERP Core Applications:

  • Sales and distribution
  • Business planning (forecast demand, plan product production, routing information)
  • Shop floor control (detailed production scheduling, dispatching)
  • Logistics (timely delivery through warehouse and inventory management)

Purchase vs. Build Software

Purchase Software

Purchasing software has limitations and might not fit a large organization’s system. Considerations include online transaction capabilities and accounting tasks like GL, revenue, expenditure, and payroll.

Build Software

Buy software if it suits business needs. If not, check if it can be modified through a request for proposal. If modification isn’t possible, consider building or renting a suitable system.

Week 9: System Development

Investigation

Identify problems or opportunities with the current system and assess the feasibility of addressing them. Factors to consider include system speed, adequacy, required information, predicted changes, and general triggers.

Analysis

Analyze the new system’s requirements. Gather information through interviews, questionnaires, observation, and prototyping. Consider financial, legal, schedule, technical, and strategic aspects.

Design

Logical Design

Focuses on a design independent of the technology used for implementation. Describes the new system’s operation.

Physical Design

Specifies the technical aspects and how the system will be built. Identifies technology for implementing the logical design.

Approval and Implementation

Requires approval before proceeding. Ensure sufficient resources for continuation. Implementation involves setting up the system, including data storage, testing, debugging, installation, and documentation. Consider direct conversion, parallel, or phased implementation.

Maintenance and Review

Fix bugs, improve and modify the system. Review its performance over the cycle.

Reasons for System Development Project Failure:

  • Underestimation of complexity, cost, or schedule
  • Failure to establish clear goals and objectives
  • Lack of communication
  • Failure to address culture change issues
  • Poor quality workmanship
  • Lack of risk management
  • Failure to understand or address system performance

Employee involvement from the start fosters ownership and reduces resistance. Involve employees to enhance their skills and engagement with the new system.

Week 10: System Reliability

Key Aspects:

  • Availability: Minimize downtime, back up data, insurance
  • Confidentiality: Access control, encryption
  • Privacy: Policies, secure data
  • Processing Integrity: Input processing, output
  • Security: Authentication, e-business controls

Availability and Security

The system must be available when needed. Failures can include hardware and software issues, human error, viruses, denial-of-service attacks, and sabotage.

Controls:

  • Proactive Control: Preventative maintenance (cleaning, proper storage, fault tolerance, uninterruptible power supply)
  • Reactive Control: Minimize disruption, damage, and loss. Establish temporary processing, resume normal operation, train staff, data backup, hot/cold/warm site replacement, insurance

Security

Authentication

Determine user legitimacy through user IDs and passwords (something they know), physical identification (something they have), or biometric identification (something they are).

Authorization

Grant access to data necessary for a role and limit access as needed. Strong access controls should restrict actions (read, write, change, delete, copy) on confidential information.

Confidentiality

Encryption protects sensitive information during storage and transmission. Data is easily intercepted online, and encryption addresses this issue. Consider encryption for laptops, PDAs, and phones.

Privacy

Privacy focuses on protecting customer personal information. Encrypt personal information transmitted between individuals and the organization’s website. Strong access controls are needed to restrict website visitors’ access to individual accounts. Train employees on managing personal information collected from customers.

Processing Integrity

Ensure accurate, timely, and complete output reflecting only authorized transactions. Focus on data input quality and processing. Implement input controls (form design, batch control, automated form completion, independent review, cancellation and storage of documents, separation of duties).

Processing Controls

Maintain data processing accuracy and completeness. Use data matching, recalculation of batch totals, cross-footing balance tests, and concurrent update controls.

Output Controls

User review of output for reasonableness, completeness, and intended recipient. Reconcile output and input control totals. Verify database totals with external data.

Week 11: Information Security Policy in E-Business

Key Principles:

  • Confidentiality: Restrict information access to authorized parties.
  • Integrity: Ensure system trustworthiness and prevent data interception and modification during transmission.
  • Availability: Ensure system and data usability despite outages and disruptions.
  • Legitimate Use: Implement identification, authentication, and authorization procedures.

Encryption Methods:

Symmetric Encryption

Uses one key for encoding and decoding.

Asymmetric Encryption

Uses two keys: a public key for encoding and a private key for decoding.

Certifying Authorities (CA)

Provide digital certificates, verifying information and creating certificates containing the applicant’s public key and identifying information.

SSL (Secure Sockets Layer)

Provides communication security over the internet through encryption.

Traceability and Trust

Auditing examines transactions in an e-business security context. Trust is enhanced by ensuring transaction traceability.

Non-Repudiation

The ability to prove transaction authenticity to a third party.

Fraud and Abuse Techniques

  • Malware: Malicious code designed to damage, steal data, or disrupt systems.
  • Viruses: Infect programs, boot sectors, or documents.
  • Trojans: Harmful software disguised as legitimate, providing unauthorized access.
  • Bots: Gather information or launch attacks.
  • Spam: Unsolicited emails.
  • Phishing: Deceptive technique leading users to fraudulent websites.
  • Pharming: Redirecting users to fake websites despite correct address entry.
  • Hacking: Gaining unauthorized system access.
  • Social Engineering: Manipulating individuals into providing personal information.

The Fraud Triangle

Pressure, Opportunity, Rationalization

Week 12: Risk Management Models

APES 325 Risk Management for Firms

Requires firms to identify and address key organizational risks.

COSO ERM Framework

Components include internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring.

AS/NZS ISO 31000:2009

Focuses on reducing the likelihood of risk occurrence. Uses a risk matrix to evaluate consequences, likelihood, and impact.

Lecture 7: The HRM and Payroll Cycle

Key Activities:

  • Hiring employees and maintaining personnel records
  • Preparing and paying employees
  • Generating reports for internal and external users

Outsourcing Payroll

Attractive to small and midsize businesses. Advantages include reduced costs, wider range of benefits, and freed-up computer resources.

HRM Decisions:

  • Strategic: Creating new positions, filling vacancies, payment policies
  • Operational: Addressing underperforming staff, calculating payroll amounts

Payroll Documents:

  • Payroll Register
  • Pay Advice Slips
  • Employees Earnings Record

Employee Recruitment (M1)

Key activities include employee selection and induction.

Payroll (M2)

Key activities include calculating and disbursing payroll.

Key Payroll Activities:

  • Update employee table
  • Validate time and attendance
  • Prepare payroll
  • Disburse pay
  • Calculate employer-paid benefits
  • Disburse taxes and deductions

Calculate Gross Pay

Total relevant columns in the Payroll and Payroll Deductions tables.

General Ledger Entries

Record payroll transactions in the general ledger.