Delivery in day(s): 3
ACCT6001 Accounting Information Systems
Global Athletics Apparel manufacturer is a garment manufacturer which is growing in terms of sales and revenue. The problems faced by GAAM are related to handling a huge amount of data. The data pertains to sales, orders, customer details, and other relevant information as per the different processes of the company. The management has decided to develop an in-house database which will enable the company to maintain and process data easily. The management has completed the cost-benefit analysis and will now like to analyse the data reports which will be created during the database formulation process. The report aims at providing information about the justification of incorporating a system in-house. It explains the database design along with the ER Diagram of the database. The report further explains the IT Controls needed while developing a new system. The major concerns about the ethics, privacy and security issued are well explained in the report.
Justification of the use of database
When a company grows in size, it has a large amount of information which has to be processed on a daily basis. As seen with GAAM, there is a huge amount of information maintained in different spreadsheets. The spreadsheets collect the information but the formats for different information are varied and needs to be customised to suit the goals of the organisation. It has to fetch information regarding the information pertaining to customers, sales, orders and product. It also needs information about the total products handled by them, customers living in the state of Victoria, sales representative who get more than 5% commission, customer with their respective sales representative and list of all sales representative with their particular sales.
Owing to the size of the firm and the growing volume of operations leads to an immediate requirement for a database to keep all the information at hand. In case of multiple spreadsheets which do not provide full information on their own, the management has to consider the implementation of a database as soon as possible. The decision to maintain a database is justified as the cost-benefit analysed has shown favourable situation if the database is implemented. Crucial information if provided timely, can allow the managers to streamline their work and provide better and efficient reports.
Another aspect which has to be looked into is the size of operations. Since the size will increase day by day, the spreadsheets may get disrupted and lead to a lag in the organisational processes. There is great difficulty being faced in capturing the order data due to the size of orders which is growing. Once captured, there are difficulties faced in the process of accessing the data after the transaction is settled.
Formation of a database will eliminate the problems occurring in the business due to the size and growth of the organisation. To match the operations with the production and trading part, the firm has to take help from automation and sophisticated tools which will enable them to take informed decisions on the basis of readily available information.
Database Design: E-R Diagram
Figure 1 E-R Diagram
IT Controls Needed
When designing a database, one thing is to be kept in mind is that there are no data leakages, or unintended disclosure of information to unrelated users. Data is highly sensitive to leakages and loss of information as it reduces the value of the data. Various controls and measures have to be established to prevent data loss or alteration in data through any means:
1.Access Controls: Database shall be well placed with checks like login and password. Any unauthorised person shall not use the data. Even if the data needs to be used by a number of users, a separate ID shall be generated for each person with the login credentials allowing only the required information. Various levels of access controls can be decided to watch over the access and use of data. Senior manager approvals which are based on the hierarchy shall be adopted to ensure that data is seen by the person responsible for the data. (Dwork and Roth, 2014)
2.Administrative Controls: the database should confirm with the applicable laws, and regulations. It shall not be such that allows any violation of the prudent practices to be adopted in a business. The confidentiality of the data features shall be maintained and no breach of conditions shall be done. (Dwork and Roth, 2014)
3.Logical Controls: the database shall be robust and free from any behavioural problems. It shall be protected with adequate access controls, and there shall be no glitch in the same. Logical controls look into providing the required IT help to the database in terms of Antivirus and anti-malware. Some business may also adopt controls in the form of maker-checker concepts and allow the businesses to flourish without compromising on the quality of data received.
4.Physical Controls: the physical access of the database should be restricted to authorised persons only. One shall not allow any unauthorised person into the system premises. There shall be adequate entry verification mechanism which establishes the identity of the person accessing the database. (Dwork and Roth, 2014)
Along with these controls, different controls can be categorised into three categories according to the nature of the controls. The three types of controls are explained below:
5.Preventive: controls which are established to prevent any misuse of data are called preventive controls. It involves using access control, both physical and logical in the database access procedure.
6.Detective: it may be such that the database attracts any problems during its operations. Detective controls allow a business organisation to check for any inconsistencies in the database and helps the management to solve them. For example, a database may not provide the required output due to any failure. However, detective controls will identify the error so that corrective measures can be taken.
7.Corrective: these controls restore the system back to the level it was before any problems or errors. Such control processes react after the detective controls are applied. Once a problem is detected through the detective controls, these measures are applied and system is restored to its original state.
Ethical, privacy and security issues
While dealing with information, the intangible form of information puts around various challenges and issues to be settled by the management in respect of the data. The significant issues can be categorised into ethical, privacy and security issues. Each issue is explained below:
1.Ethical Issues: when dealing with an important piece of information, it shall be understood that the leakage of information can be harmful for the person who is the owner of that information. Since data has to be handled by a number of persons, the management have to focus on keeping the use of data for only official purposes. It shall not be merged with any other decision and ethical decision making shall be affected. If any signs of misuse of information are noted, it shall be treated with caution and remedy measures shall be adopted immediately. If the data is being ethically misused, it shall be prevented through adopting preventive controls. (Junyu, 2014)
2.Privacy Issues: every person to whom the information pertains to is concerned about the confidentiality of the information and that the information is prevented from reaching any unintended users. Access controls can be taken to ensure that there are no privacy issues being observed. Privacy issues can also be solved by encryption of data. Since the data is voluminous, keeping a check on 100% data is virtually impossible. Also, the replication of data once accessed is easy and once the replication is done, it will be very hard for the management to rectify the error. Thus, some inherent risk relating to privacy will always be there and the employees have to be guided and monitored for avoiding any instances of data theft or misuse. Replication of the data shall be strictly avoided. (Junyu, 2014)
3.Security Issues: security concerns for the data are a major problem being faced by managers. There can be two types of security issues. One is the physical security of the database and the other is the logical security. Physical security deals with protecting the physical assets of a system. Whereas the logical security deals with securing the data present in a database. Physical security issues can be addressed by developing a solitary premises for the database and keeping it away from the natural premises of a business. If the database is placed in a place where it is easily accessible by all employees, then it will be difficult for the managers to identify any threats to the system. On the other hand, logical security can be established by providing a robust check mechanism against the data leakages. Some of the measures that can be followed are data encryption, password protection of data, and access to data according to the level of information required. (Junyu, 2014)
LibreOffice Base Implementation - GAAM
Customer Table Structure:
Figure 2 Customer Table Structure
Customer Table Values
Figure 3 Customer Table Value
Sales Representative Table Structure:
Figure 4 Sales Representative Table Structure
Sales Representative Table Values:
Figure 5 Sales Representative Table Values
Parts Table Structure:
Figure 6 Parts Table Structure
Parts Table Value:
Figure 7 Parts Table Values
Order Table Structure:
Figure 8 Order Table Structure
Order Table Value:
Figure 9 Order Table Value
Customer Information Form
Figure 10 Customer Information Form
Product Information Form
Figure 11 Product Information Form
Sales Representative Form
Figure 12 Sales Representative Form
Figure 13 Order Form
List of all products they are selling (product id, product name, category)
Figure 14 List of all Products They are Selling
List of all the customers (customer no. and customer name) who lives in the state of Victoria (VIC).
Figure 15 List of all the customers who lives in VIC
List of all sales representatives with commission rate greater than 5%.
Figure 16 List of all sales representative having greater than 5% commission rate
List of all customers (customer no. and customer name) and their sales representatives name.
Figure 17 List of all customers and their respective representative
List of all sales representatives no., sales rep name, product no., product name ordered during the month of May.
Figure 18 List of all sales representative and product ordered in May.
List of products (Product, id, product name, category, product price and quantity on hand)
Figure 19 Report - List of products
List of all customers (customer no., customer name, address) with balances greater than 5000
Figure 20 Report - List of all customers with greater than 5000 balance
List of sales representatives (sales rep no., sales rep name) and their commission. Report should show in order (from highest to lowest) the sales rep commission.
Figure 21 Report - List of sales representative
1.Dwork, C. and Roth, A., 2014. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science, 9(3–4), pp.211-407.
2.Fernandes, D.A., Soares, L.F., Gomes, J.V., Freire, M.M. and Inácio, P.R., 2014. Security issues in cloud environments: a survey. International Journal of Information Security, 13(2), pp.113-170.
3.Junyu, Z., 2014. Age of Big Data: Network Security and Ethical Issues. New Media and Society, 4, p.023.
4.Sen, J., 2013. Security and privacy issues in cloud computing. Architectures and Protocols for Secure Information Technology Infrastructures, pp.1-45.