Integrated Enterprise-Wide Data Model, ERP, and System Development

Posted on Aug 22, 2024 in Other subjects

Week 8: Integrated Enterprise-Wide Data Model

An integrated enterprise-wide data model represents a merging of the separate data models for all the company’s applications (including AIS) into one single database. This creates a one-stop data facility that provides a unified view of data and enables data sharing across functionalities (departments). Benefits include using a basic account code for travel and another code for purpose. Valuable information can be extracted using queries. An unintegrated model will have long codes and dramatically increase the number of accounts.

ERP (Enterprise Resource Planning)

ERP is an example of an Integrated Data Model. It attempts to integrate all departments and functions across a single computer system that can serve all those different departments’ particular needs.

Advantages of ERP:

  • Integration of an organization’s data and financial information.
  • Data is captured once.
  • Greater management visibility.
  • Increased monitoring.
  • Better communication.
  • Better access control.
  • Standardized business operation procedures.
  • Improved customer service.
  • More efficient manufacturing.

Disadvantages of ERP:

  • Cost.
  • Complexity.
  • Dependence.
  • Vendor issues.
  • High rate of failure.
  • Concerns about how much data is shared.

ERP Core Applications:

  • Sales and distribution.
  • Business planning – forecast demand, planning product production routing information describing the stage of actual production.
  • Shop floor control: detailed production scheduling, dispatching.
  • Logistics – Timely delivery through warehouse and inventory management.

Purchase vs. Build

Purchase Software:

Purchasing software has its limitations and might not necessarily fit into the organization’s system (especially for large organizations). Things to consider include whether these packages can handle online transactions and accounting tasks such as GL, revenue, expenditure, and payroll.

Buy the software if it suits the business needs. If it doesn’t, check if the software can be modified by request for proposal. If it cannot be modified, you can build your own system or rent a system that suits your needs.

Week 9: System Development

Stages of System Development:

  1. Investigation: Identifying any problems or opportunities with the current system and identifying the feasibility of responding to these problems and opportunities. Factors to consider include system speed, system adequacy, required information, predicted changes, and general triggers.
  2. Analysis: Analyzing what the new system needs to do. Information can be obtained from interviews, questionnaires, observation, and prototyping. Consider financial, legal, schedule, technical, and strategic factors.
  3. Design:
    • Logical Design: Concerned with a design that is independent of the actual technology required for its implementation. Describes how the new system will operate.
    • Physical Design: Requires the specification of the technical aspects, specifics of how the system will be built. Find technology to allow implementation of logical design.
    Approval is required before proceeding. Ensure that there are enough resources to continue.
  4. Implementation: Involves getting the system up and running within the organization. This includes data storage facilities, thorough testing and debugging of the system, installation, and documentation. Implementation methods include direct conversion, parallel conversion, or phased conversion (one out and one in).
  5. Maintenance and Review: Fixing bugs, system improvement, and system modification. Review how the system has worked over the cycle.

Why System Development Projects Fail:

  • Underestimation of complexity, cost, or schedule.
  • Failure to establish clear goals and objectives.
  • Lack of communication.
  • Failure to address culture change issues.
  • Poor quality workmanship.
  • Lack of risk management.
  • Failure to understand or address system performance.

Involvement from the start creates a sense of ownership and hence less resistance. Involve your employees so they can gain skills and engagement with the new system.

Week 10: System Reliability

Key Aspects of System Reliability:

  • Availability: Minimize downtime, back up data, insurance.
  • Confidentiality: Access control, encryption.
  • Privacy: Policies, keep data secure.
  • Processing Integrity: Input processing, output.
  • Security: Authentication, e-business controls.

Availability and Security:

The system must be available whenever needed. Failures can include hardware and software failure, human error, viruses, denial of service attacks, and other sabotage.

Controls:

  • Proactive Control (acting in advance for a future situation): Preventative maintenance – cleaning, proper storage, fault tolerance, uninterruptible power supply.
  • Reactive Controls (recover as soon as possible after a disaster): Minimize disruption, damage, and loss. Establish temporary processing, resume normal operation, train staff, data backup, hot site, cold site, and warm site replacement, insurance.

Security:

  • Authentication: Determine the legitimacy of the user with user IDs and passwords (something they know), physical possession identification (something they have), biometric identification – fingerprints, retina, voice (some physical characteristic).
  • Authorization: Allow access to data necessary for the role and limit access ability as necessary. Strong access controls should be used to limit the actions (read, write, change, delete, copy, etc.) that authorized users can perform when accessing confidential information.

Access controls are also needed to prevent unauthorized parties from obtaining the encrypted data.

Confidentiality:

Encryption is a fundamental control procedure for protecting the confidentiality of sensitive information. Data should be encrypted while stored and whenever transmitted. Data is easily intercepted on the internet, and encryption solves this issue. This applies to laptops, PDAs, and phones.

Privacy:

Privacy focuses on protecting personal information about customers rather than organizational data. It is common practice to encrypt all personal information transmitted between individuals and the organization’s website. Consequently, strong access controls are needed to restrict website visitors’ access to individual accounts. Organizations need to train employees on how to manage personal information collected from customers.

Processing Integrity:

Output is what is desired, producing information that is accurate, timely, and reflects the results of only authorized transactions and is complete. All these rest in the two key factors: data input quality and processing of that data.

Types of Controls:

  • Input Controls: Companies must establish control procedures to ensure that all source documents are authorized, accurate, complete, properly accounted for, and entered into the system or sent to their intended destination in a timely manner. Examples include form design, batch control, automated form completion, independent review, cancellation and storage of documents, and separation of duties.
  • Processing Controls: Preserve the accuracy and completeness of data processing. Examples include data matching (vendor invoice with purchase order before continuing with payment), recalculation of batch totals (all transactions processed correctly), cross-footing balance test (check balance in various ways), and concurrent update controls (protect records from being updated by two users simultaneously).
  • Output Controls: User review of output for reasonableness, completeness, and intended recipient. Reconciliation procedures should reconcile corresponding output and input control totals. General ledger control accounts with subsidiary ledger (accounts receivable, accounts payable, inventory, non-current assets). External data reconciliation – Database totals should be verified with data maintained outside the system, e.g., inventory on hand compared to quantity on hand recorded. Data transmission controls reduce the risk of data transmission failures. Examples include data encryption (cryptography), routing verification procedures (e.g., checksums), and parity checking (number of 1s are odd or even).

Week 11: Information Security Policy in E-Business

Key Principles of Information Security:

  • Confidentiality: Involves making information accessible to only authorized parties or restricting information access to unauthorized parties.
  • Integrity: The system will perform as trusted. Transmitting information over the Internet (or any other network) is similar to sending a package by mail. The package may travel across numerous trusted and untrusted networks before reaching its final destination. It is possible for the data to be intercepted and modified while in transit.
  • Availability: Systems, data, and other resources are usable when needed despite subsystem outages and environmental disruptions.
  • Legitimate Use (identification, authentication, and authorization): Three components – identification, authentication, and authorization. Identification involves a process of a user positively identifying itself (human or machine). The response to identification is authentication. Once an entity is certified as uniquely identified, the next step in establishing legitimate use is to ensure that the entity’s activities within the system are limited to what it has the right to do (authorization).

Encryption Methods:

  • Symmetric: Uses one key to encode and decode the message (i.e., the sender and the recipient must have the same key).
  • Asymmetric: Uses two keys, with one key to encode (Public) and a second related, but different key (Private) to decode. Also known as Public Key Infrastructure (Transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key).

Certifying Authorities (CA):

Provides Digital Certificates. Verify the information and create a certificate that contains the applicant’s public key along with identifying information.

SSL (Secure Sockets Layer):

An encryption method that provides communication security over the Internet. The following is a simplified example of the setting up of a secure interaction (handshake) between a consumer Browser and an e-commerce Server using SSL.

Traceability or Trust:

From an accounting perspective, auditing is the process of officially examining accounts. Similarly, in an e-business security context, auditing is the process of examining transactions. Trust is enhanced if users can be assured that transactions can be traced from origin to completion.

Non-repudiation is the ability of an originator or recipient of a transaction to prove to a third party that their counterpart did in fact take the action in question. Thus the sender of a message should be able to prove to a third party that the intended recipient got the message, and the recipient should be able to prove to a third party that the originator did actually send the message.

Fraud and Abuse Techniques:

  • Malware: Malicious code designed to damage, steal data, or disrupt computer systems and networks. They come in many forms.
  • Viruses: Programs or code designed to infect a program, boot sector, partition sector, or document.
  • Trojans: Harmful pieces of software that look legitimate and provide unauthorized and often remote access to a system.
  • Bots: Used to gather information. When used maliciously, a bot is designed to infect the host and connect back to a remote server that is not controlled by the organization. Both Trojans and Bots can be used to log keystrokes, gather passwords, and launch Denial of Service (DoS) attacks.
  • Spam: The sending of unsolicited emails or junk email.
  • Phishing: A technique of online deception that has users go to a fraudulent website and leave personal details.
  • Pharming: An attack where a user is redirected to a fake website even though the correct address was entered.
  • Hacking: Gaining unauthorized access to a system. This can be done in numerous ways.
  • Social Engineering: Involves manipulating an individual into providing personal information that can be used to break into a computer network or to assume their identity.

The Fraud Triangle: Pressure, Opportunity, Rationalism.

Week 12: Understanding and Applying Risk Management Models

The Accounting Professional & Ethical Standards Board’s new standard APES 325 Risk Management for Firms came into effect on 1 January 2013. The standard requires firms to identify and address key organizational risks applicable to the circumstances of each practice. The COSO ERM (Committee of Sponsoring Organizations of the Treadway Commission – Enterprise Risk Management) and the Standards Australia Risk Assessment model are two commonly used risk management models.

Examples of Threats:

  • Hardware failures.
  • Power outages and fluctuations.
  • Undetected data transmission errors.

Risk Appetite:

How much risk to tolerate? Depends on the organization’s risk appetite (Risk Appetite – The amount of risk an organization is willing to take to achieve its goals and objectives).

Risk Response Options:

  • Avoid: Exit activities giving rise to the risk.
  • Reduce: Action to reduce risk likelihood or impact or both.
  • Share: Transferring or sharing risk, such as insurance.
  • Accept: No action taken to affect likelihood or impact.

AIS Threats:

Technology has a lot to do with it. Increasing numbers of client/server systems mean that information is available to an unprecedented number of workers. Because data is now more easily distributed to many users, they are harder to control than centralized systems. Customers and suppliers can access each other’s systems and data, making confidentiality a concern. Cloud computing adds a whole new level of risk.

Inadequate Protection:

Threats are underestimated; controls are not well understood. Productivity pressures and cost reduction pressures can lead to companies not always understanding the threats. Cost pressures mean that managers skip time-consuming control procedures.

COSO ERM Framework Components:

  1. Internal Environment: Management philosophy, operating style and risk appetite, Board of Directors/Audit Committee, Integrity, Ethical Values and Competence, Organizational Structure, Authority and Responsibility, Human Resource Standards, External Influences.
  2. Objective Setting: What does the organization want to achieve? Objectives must exist before management can identify potential events affecting their achievement. ERM does not indicate which objective management should choose, ensure chosen strategic relates to obj. Objectives can be strategic (high-level goals aligned with the company’s mission), operations (deal with the effectiveness and efficiency of company operations, such as performance and profitability goals), reporting (helps ensure accuracy, completeness, and reliability of internal and external reports, both financial and non-financial), and compliance (comply with all applicable laws and regulations).
  3. Event Identification: What are the factors? Several external and internal factors drive events, including economic, technological, natural environment, political, and social factors.
  4. Risk Assessment: Know the risks and how they will affect meeting objectives.
  5. Risk Response: How will you deal with the factors?
  6. Control Activities: Put measures (controls) in place to manage risks.
  7. Information and Communication: Regular communication up and down the organizational hierarchy.
  8. Monitoring: Monitor the controls, supervision, and review of work done to reduce risk.

AS/NZS ISO 31000:2009:

In most cases, because of the risk’s nature, it is difficult or impossible to reduce the consequences rating. You will spend most effort on reducing the likelihood of the risk occurring. Developing a risk matrix against the goals and objectives of an organization will help you find and map any possible risks. Use the Risk Matrix to evaluate positive and negative consequences, the likelihood of occurrence, and the extent of impact.

Lecture 7: The HRM and Payroll Cycle

The HRM & payroll cycle typically consists of all events that are involved in:

  • The hiring of employees and maintaining personnel records.
  • Preparing pays and paying employees.
  • Generating reports and statements that are required by both internal & external users.

A well-controlled HRM & payroll cycle can provide a competitive advantage by paying employees accurately and in a timely manner. The most important organizational issue is the successful alignment of the HRM and payroll cycle with the organization’s vision, culture, goals, and strategy.

Outsourcing:

Outsourcing, where an outside organization prepares and distributes pays, is attractive to small and midsize businesses. They supply the outsourcing provider with time and attendance data and master file maintenance data. Advantages include reduced costs, a wider range of benefits, and freeing up computer resources.

HRM Decisions:

  • Strategic: Creation of a new position, whether to fill an existing vacancy, employee payment policies and procedures.
  • Operational: Identifying and dealing with underperforming staff, calculation of payroll amounts.

Key Payroll Documents and Reports:

  • Payroll Register: To list gross pay, deductions, and net pay for all employees.
  • Pay Advice Slips (Earnings statements): Make them available each pay period.
  • Employees Earnings Record: Data available to prepare this at the end of the financial year.

Employee Recruitment (M1):

Key Activities: Employee selection, employee induction (get employees familiar with rules and regulations).

Payroll (M2):

Key Activities: Calculate payroll, disburse payroll.

Key Payroll Activities:

  1. Update employee table.
  2. Validate time and attendance.
  3. Prepare payroll.
  4. Disburse pay.
  5. Calculate employer-paid benefits.
  6. Disburse taxes and deductions.

Calculate Gross Pay:

From totaling relevant columns in the Payroll and Payroll Deductions tables.

General Ledger:

Accrual: Dr Wages Expense Cr Wages Payable, Reversal: Dr Wages Payable, CR Wages Expense. If the company does not use reversal: Accrual: Same.

Employee Termination:

Ensure company assets remain with the departing employee (Manage an accurate asset register).

Week 4: General Ledger and Reporting Cycle

Data to GL:

The GL and financial reporting cycle extract and summarize transactional data from: General Ledger & Journal table, Accounts Receivable (customer table), Accounts Payable (supplier table), Payroll data (payroll table), and production cycle data.

Journal Entries:

  • Sales Invoice -> Sales Journal (MYOB) -> summarized to GL: Dr Accounts Receivable, Cr Sales, Cr GST Collected, Cr Freight collected (if applicable). THEN: Dr Cost of Sales (Incl GST), Cr Inventory.
  • Vendor Invoice -> Purchase Journal -> summarized to GL: Cr Accounts Payable, Dr Inventory, Dr GST Paid, Dr Freight Expense.

Key Business Decisions:

  • Budgetary considerations.
  • Accounting policies and procedures.

The chart of accounts establishes the basis for report generation.

GL Activities:

  1. Prepare budgets (determine budget values & record budget details).
  2. Update the general ledger (extract and validate data & post transactions).
  3. Record general ledger adjustments (prepare adjusting journals & post them).
  4. Produce reports (produce management reports & produce financial statements).

Entries Added in the GL and Reporting Cycle:

  1. Adjusting entries.
  2. Reversing entries.
  3. Error correction entries.
  4. Revaluation entries (all occur after the initial trial balance in most cases).

Why Have Adjusting Entries:

Accounting period and matching principle.

Reports from GL:

  • Chart of accounts.
  • Trial balance.
  • Income statement (statement of financial performance).
  • Balance sheet (statement of financial position).

Reports from GJ:

  • Transaction listing.

Managerial Reporting:

Budgeting for evaluating and planning.

Threats and Controls:

  • Data entry errors: Edit checks on input, reasonableness checks, using batch totals, independent approval of budget inputs.
  • Under/overestimating revenue: Aggregation of department budget totals and independent budget totals and independent approval of overall budget totals. Tight linkages between budget values and performance monitoring systems.
  • Inaccurate data: Automated system exception reports that identify any problems, batch totals and hash totals, regular control account reconciliation.
  • Errors in journal entries: Attach full working papers to support journal entry calculations.
  • Unauthorized distribution of financial data: Secure privacy settings on electronic reports, limiting the ability to print reported data.

Week 5: Expenditure Cycle

Data in Expenditure Cycle:

Requires access to: Inventory (inventory table), supplier data (supplier table), purchase order data (purchase tables), accounts payable data (supplier table).

Expenditure Cycle Business Decisions:

  • Strategic: Purchase consolidation, IT to improve efficiency and accuracy.
  • Operational: Determining optimal inventory levels, supplier selection, cash flow considerations.

Expenditure Cycle Activities:

  1. Determine demand for goods (Collect requests & create purchase requisitions).
  2. Order goods (Choose supplier, create the purchase order).
  3. Receive goods (Accept delivery & record goods received).
  4. Pay for goods (Approve the payment (3-way check -> Check receiving report: quantities ordered = quantities received = quantities invoiced, Check Purchase Order records: ordered amount = quantities received; AND prices on invoice = prices on purchase order) & make the payment).

Journal Entries:

  • Purchase goods: Dr Inventory, Dr Freight, Dr GST Paid, Cr Accounts Payable.
  • Returned goods: Dr Accounts Payable, Cr GST, Cr Inventory.

Key Control Activities:

  • Authorization.
  • Performance reviews.
  • Segregation of duties.
  • Physical controls.
  • Information processing controls.

Week 6: Revenue Cycle

Revenue cycle activities require access to: Customer Data (Customer Table), Inventory Data (Inventory table), Accounts Receivable data (Customer & Sales table). Main source documents: Customer Order and Sales Invoice. Other source documents: Credit Note, Receipt. All transactions stay in the database for future reference.

Revenue Cycle Business Decisions:

  • Strategic: Price setting, sales return & warranty, provision of credit, cash collection.
  • Operational: Credit extension, inventory availability, delivery method.

Journal Entries:

  • Sales Invoice (order sent to business): Dr Accounts Receivable, Cr Freight Collected (if any or applied & adjusted later), Cr GST Collected, Cr Sales Revenue. THEN: Dr Cost of Sales, Cr Inventory.
  • Sales Invoice (Payment): Dr Accounts Receivable, Cr GST Collected, Cr Sales Revenue. THEN: Dr COGS, Cr Inventory.

Outputs:

  • Inventory Database: Sales analysis report, stock status report, product profitability analysis report.
  • Accounts Receivable Database: Aged accounts receivable.

Revenue Cycle Activities:

  1. Process sales order (Check inventory levels, credit check, THEN create order).
  2. Pick, pack & ship goods (Pick goods & prepare for shipping, then deliver).
  3. Bill the customer (Check sales completion & create invoice).
  4. Receive & record payment (Receive payment & record payment).