Problems on Electronic Commerce Systems.

By -

Problems

1. ENCRYPTION

The coded message that follows is an encrypted message from Brutus to the Roman Senate. It was produced using the Caesar cipher method, in which each letter is shifted by a fixed number of places (determined by the key value).

OHWV GR MXOLXV RQ PRQGDB PDUFK 48 GUHVV: WRJD FDVXDO (EBRG)

Required

Determine the key used to produce the coded message and decode it.

2. ENCRYPTION

a. Develop a Caesar cipher-type encryption algorithm with a little more complexity in it. For example, the algorithm could alternatively shift the cleartext letters positive and negative by the amount of the key value. Variations on this are limitless.

b. Select a single-digit key.

c. Code a short message using the algorithm and key.

d. Give your instructor the algorithm, key, cleartext, and ciphertext.

e. Optional: Your instructor will randomly redistribute to the class the ciphertext messages completed in part d above. You are to decode the message you receive as an additional assignment.

3. SEALS OF ASSURANCE

Visit ten Web sites that sell products or services and re- cord the following for each:

a. The URL.

b. Did the site issue you a cookie?

c. Did the site have a published privacy policy?

d. Does the site reserve the right to distribute or sell customer data?

e. Does the site use encryption for transmission of per- sonal/financial data?

4. CERTIFICATION AUTHORITY LICENSING

Research the current state of certification authority licensing in the United States and Europe. Write a brief report of your findings.

5. PRIVACY

Visit ten Web sites that sell products or services, and record the URL of each. Evaluate each site’s published privacy policy in terms of the conditions needed for compliance with the Safe Harbor Agreement. Write a report of your findings.

6. ELECTRONIC DATA INTERCHANGE

The purchase order for one firm is the source document for the sales order of another firm. Consider the following purchase order and sales order data elements stored for two firms. Discuss any differences that may be problematic in transferring information between the two firms.

7. INTERNAL CONTROLS ASSESSMENT AND ELECTRONIC DATA INTERCHANGE: GRESKO TOYS FACTORY

(Prepared by Robertos Karahannas, Lehigh University) Mr. and Mrs. Gresko started Gresko Toys in the early 1960s. Initially, the company was small and few toys were produced. The talent and skills of Mr. Gresko were by far the major assets of the company. Toys were mainly made of wood and had few or no electronic parts; they were mainly manually operated and included toy cars, several kinds of dolls, and toy guns. Gresko Toys became part of the Pennsylvania tradition. Kids loved them and parents had no choice but to buy them.

Gresko Toys quickly expanded, and by 1969 it reported a sales volume of $400,000, $50,000 of which was profit. Such profits caught the attention of other businesspeople, who began entering the market. The innovative spirit of some competitors through the introduction of fancy, battery-operated toys stole some of Gresko’s market share. As the competition became more intense, the Greskos saw their market share declining even further. Children liked battery- operated toys.

Mr. Gresko saw this as both a threat and a challenge. He would not give up, however. He knew that he needed better machinery to make competitive toys. With a loan from the local bank and his savings, he sought and bought what he needed. After a period of training and test marketing, Gresko Toys was again in the market and boosting sales. However, the company was generating orders that the factory could not handle. The workforce rose from a low of 50 to a high of 350 people. Most of the workforce was on the factory floor. More equipment was purchased and the company has been expanding ever since.

Today, the company sells $20 million of toys per year. The president of the company is Mrs. Gresko. Mr. Gresko thought that he should be on the factory floor managing production. Under him are the purchas- ing agent, supervising a buyer; the warehouse manager, managing two inventory clerks; a chief engineer; and a supervisor who is in charge of the factory workers. The controller of the company is Randi, the Greskos’ elder daughter. An accounting clerk, a cashier, and a personnel manager work for her. Finally, Bob, the Gres- kos’only son, is the sales manager. A credit manager and two salespeople work for him.

Company Information

At present, the company’s profit margin is 9 percent, only 2 percent below the industry average. According to Mr. Gresko, $850,000 in sales was lost last year because of insufficient inventory of parts. Because of the seasonal nature of the market and the short popularity span of most toys, Gresko customers require fast delivery; if the parts are not available, it takes at least 2 weeks to get the paperwork ready, order the parts, and have the suppliers deliver them. Some customers cannot wait that long; others order the toys and subsequently cancel the order if it takes too long to complete. Often orders are accepted on the assumption that the parts are readily available in the warehouse; when they are not, orders are delayed for weeks. A missing part not only delays an order, but the whole assembly line.

To alleviate the problem, many parts are rushed in, which raises the cost of the toys tremendously. The fine quality of the products allows for slight price increases to make up for part of the extra cost, but customers have already complained about such price fluctuations.

The Greskos are on good terms with their suppliers.

After all, the market is so competitive that a reliable supplier is crucial to a firm’s survival. Most of their major suppliers are located in Pennsylvania, where the Greskos have about 35 percent of the market share. However, those suppliers deal with the Greskos’ com- petitors as well. There are about a dozen suppliers with whom the Greskos deal; eight of them supply about 95 percent of all inventory parts.

Even though good supplier relations are crucial to Gresko Toys, suppliers have often complained about the Greskos’ promptness in paying. The Greskos’ demand on-time delivery; the payment of the supplier invoice, however, is usually not timely. Mr. Gresko said that he does not have the time to run from the factory to the accounting department to make sure payments are on time. Late payments, however, also mean a loss of the 2 percent discount the suppliers offer for early payment.

Besides resulting in lost sales, insufficient inventory

of parts also delays the whole assembly line. Workers spend much time switching jobs. A just-in-time inventory system would, according to Mr. Gresko, be more appropriate for the factory. If the parts were available in the warehouse, the machines could be set up on an assembly-line fashion and operated on scheduled runs. But the fact that the necessary parts are frequently miss- ing, forcing production to switch to another job, is a major obstacle to a just-in-time inventory system.

The Purchasing Cycle

Gresko Toys is very involved in purchasing the parts used in the production of toys. The company uses a per- iodic inventory system. When sales orders are received, Bob Gresko sends a copy to the production floor. This copy is used to trigger production as well as to indicate the potential need of parts not available in inventory. The inventory clerks search for parts; when parts are

out of stock, the inventory clerks issue two copies of a purchase requisition. Mr. Gresko approves this requisition before a purchase order is issued. One copy is sent to the purchasing manager and the other to the accounting department.

The buyer checks the suppliers’ prices for the needed parts. Based on cost as well as past experience with a particular supplier, two suppliers are recommended. The purchasing manager subsequently decides on the supplier, and four copies of a purchase order are issued. The first copy is sent to the supplier, the purchasing manager files the second copy, the third is sent to the warehouse, and the fourth is sent to the accounting department. All purchase order copies are filed by sup- plier number.

Approximately a week after the initiation of the purchase, the parts are received. The warehouse man- ager, along with the inventory clerks, inspects and counts the received parts. The purchase order copy that the purchasing manager previously received is used as the basis of comparison. A receiving report in three parts is prepared. If prices and quantities received agree with those ordered and with the information on the packing slip the carrier receives, the parts are accepted. If any differences exist, Mr. Gresko is called in to decide whether to accept or reject the parts. On many occasions, acceptance of parts will be delayed for days until the suppliers are informed and an agreement is reached.

One copy of the receiving report is sent to the purchasing manager and another to the accounting department. The original copy is kept at the warehouse. The accounting clerk files the receiving report along with the purchase requisition and the purchase order by sup- plier number. The clerk also prepares the necessary journal entry and credits the related supplier in the subsidiary ledger. When the supplier sends the invoice, the accounting clerk matches the information to the purchase requisition, purchase order, and receiving report and prepares a disbursement voucher. This voucher is used for two purposes. It initiates the jour- nal entry for the disbursement of cash, and the cashier uses it to issue a check. Randi Gresko, as well as Mrs. Gresko, must sign the checks before they are sent to the suppliers.

Electronic Data Interchange

In search of anything that could improve the present system at the Gresko Toys factory, Mr. Gresko came across the EDI system. One of his suppliers had attended a conference on EDI and had supplied Mr. Gresko with the conference material. Looking at the present system, Mr. Gresko tried to find EDI applications that would benefit the company’s operations and at the same time improve its financial position.

For EDI to be implemented, certain databases will need to be established. An inventory master file with all relevant information is the key to the system. Predetermined order quantities and minimum inventory levels will need to be set for each item based on forecasts. At the warehouse, the inventory clerks will be constantly updating this database. When inventory levels drop below acceptable levels, an EDI purchase requisition will be issued to the purchasing department.

A supplier master file with related information on supplier performance will be accessed to identify potential suppliers. Depending on how advanced the system is, the computer or the purchasing manager will choose the proper supplier and issue an EDI order. This means that the factory’s suppliers will also need to be using EDI.

Various ways of developing EDI links with suppliers are available. In the Gresko case, developing an independent system seems more appropriate; it is cheaper and perhaps easier to convince suppliers to join in. Soft- ware is readily available in the market and is easy to set up. Someone, however, should help set up the EDI links with the suppliers.

Once an EDI order is issued, the supplier will receive the message instantaneously. The open purchase order will be kept in a database until the receipt of the parts. Any changes to the order can be made by accessing the particular transmitted order and making the change. Suppliers can send the parts as well as their invoices more quickly. An EDI invoice can be sent to the Gresko factory upon shipment.

On arrival of the parts, the receiving clerk will pre- pare a receiving report and file it in a receiving data- base file. This report will be used to verify prices by accessing the purchase order. Credit terms, volume discounts, trade allowances, and other adjustments to quoted prices can be settled through EDI-transmitted messages. If adjustments from disagreements occur, the transaction is entered into the adjusted database file. The inventory master file is also updated, and the open purchase order is closed. In addition, the sup- plier-history file and the accounts payable file are updated, and an evaluated receipts settlement (ERS) is established.

An ERS is a database containing records to be used for the payment of suppliers. The EDI order is matched against the receiving and adjusted database files. This comparison creates a payment input file that contains the following three data items: (1) the scheduled pay- ment date, within which any discount can be obtained;

(2) the latest possible payment date; and (3) the remittance record for such payments.

At the beginning of every day, the treasurer (who presently does not exist at Gresko Toys) should receive a listing of the payment input file; this listing will indicate what has to be paid and when. The treasurer will initiate an EDI payment pending the approval of Mrs. Gresko. Upon approval and the transmission of the pay- ment, the supplier records as well as the accounts pay- able records will be automatically updated. For an EFT to occur, the banks that serve Gresko and its suppliers will also need to be using EDI. If such intermediary banks are not using EDI, Gresko and its suppliers will need to rely on a manual system of cash disbursement to settle their transactions.

Conclusion

Mr. Gresko has hired you to look at the present account- ing system and his suggested EDI implementation plan. He wants you to identify the problem areas and look into the feasibility of setting up EDI links with the com- pany’s suppliers.

Required

a. Draw a system flowchart of the present accounting system at Gresko.

b. What control problems, if any, exist in the account- ing system?

c. Draw a system flowchart of the accounting system of the Gresko Toys factory using EDI as Mr. Gresko suggested.

d. Do some research on your own. What EDI options, other than the one Mr. Gresko suggested, are avail- able to the Gresko Toys factory?

e. Discuss the possible implementation of an EDI sys- tem at the Gresko Toys factory. What areas should Mr. Gresko concentrate on, and what are the related issues associated with implementing EDI at the factory?

8. ELECTRONIC FRAUD

In a recent financial fraud case, city employees in Brooklyn, New York, accessed electronic databases to defraud the city of $20 million. Several employees in collusion with the former deputy tax collector completely erased or reduced $13 million in property taxes and $7 million in accrued interest that taxpayers owed. In exchange for this service, the taxpayers paid the employees involved bribes of 10 to 30 percent of their bills.

Required

Discuss the control techniques that could prevent or detect this fraud.

9. SANTA’SATTIC.COM

Santa’sAttic.com is an online retailer/manufacturer of children’s toys. Its main competitors are larger electronic commerce toy companies including Amazon.com; Yahoo Shopping, which includes ToysRUs.com and KBKids.com; and all of the other retail stores with online shopping. It has a low market share compared to the industry leaders and is possibly a victim of Internet fraud. The CEO of Santa’sAttic.com has noticed that the level of accounts receivable has been quite high in comparison to prior years. He is wondering if this is a sign of weak internal controls. He has also heard through the grapevine that some of his customers were noticing unauthorized charges on their credit cards and is wondering if there may be online security issues to deal with as well. For this reason, you have been con- tacted to help Santa’sAttic.com restructure its company to prevent possible company failure.

Santa’sAttic.com employs 100 individuals, 75 of whom work directly on the manufacturing line and 25 of whom hold administrative positions. Its customer base consists mainly of individuals, but also smaller toy stores, day care centers, and schools. Santa’sAttic.com works on a cash basis with its customers and accepts all major credit cards. It has running credit balances with all of its suppliers. Its credit terms are 2/10, n30.

Being the technical genius that he is, the vice president of marketing took it upon himself to design the company Web site. The Web site has pages where customers can view all of the products and prices. There is a virtual shopping cart available for each customer once he or she has set up a demographic information account. If the customer chooses to make a purchase, he or she simply clicks on the direct link to the shopping cart from the product that he or she wishes to purchase and proceeds to the checkout. Here the customer is prompted to choose a payment method and enter the shipping address. Once this information has been entered, the customer chooses a shipping method. All shipping is done through U.S. Mail, UPS, Federal Express, Airborne Express, or certified mail. The customer is then informed of the total price and the date to expect shipment.

Within the purchasing system, Santa’sAttic.com purchases raw materials for production, such as plastics, wood, metal, and certain fabrics. There is no formal purchasing department at Santa’sAttic.com. Judy, the inventory clerk in the warehouse department, is responsible for all purchasing activity. Santa’sAttic.com currently has only one warehouse, which is located in Cooperstown, New York. Within the warehouse department, Judy has access to the inventory records and knows when certain materials have to be repurchased. If materials are needed, she prepares a single purchase requisition and also five copies of the purchase order form. Judy includes all of the necessary information on all copies of the form, including the material to be purchased, the price of the material, the quantity needed, and the requested delivery date. Once completed, two copies of the form are sent to the vendor along with the order. One is placed in the open purchase order file in the warehouse, and one is used to update the inventory records that are also kept within the warehouse department. The final copy is forwarded to the receiving department.

Harry, the receiving clerk, receives the materials and creates four copies of a receiving report based on the packing slip and purchase order information. Two of these receiving reports are forwarded to the warehouse, where one is used to update inventory records and the other is filed. One copy of the receiving report is also maintained within the receiving department and is filed along with the packing slip and the purchase order. The final copy is sent to the accounts payable department, where it is reconciled with the vendor invoice.

Once the receiving report and the vendor invoice are reconciled in the accounts payable department, the liability is posted to the purchases journal and the total amount due is paid to the vendor. Finally, both the receiving report and the invoice are filed within the accounts payable department and Joanna, the accounts payable clerk, posts the liability to the general ledger.

Santa’sAttic.com’s production workers each have time cards that they punch at a punch-in station when they arrive and when they leave. The punch-in station is located at the entrance to the plant and is not monitored. At the end of the week, the supervisor reviews, authorizes, and signs the time cards. He then sends the time cards to cash disbursements. Supervisors do not keep their own attendance records. Rose, in cash disbursements, receives the time cards and reconciles them with personnel records on the company database to verify the time cards for accuracy.

All personnel records are maintained in a database. Access to the database is restricted. Personnel can update the records only once a year. Rose’s only view displays employee demographic information and does not allow access to salary information. Rose prepares the paychecks and signs them. She then prepares the payroll register using only information gained from the time cards.

Sally in accounts payable receives a copy of the payroll register and uses it to update the general ledger. Accounts payable receives no information besides the payroll register. Rose, in cash disbursements, hands the prepared paychecks to the supervisors of each department for distribution. All checks are written directly from the company’s only cash account. Supervisors distribute the checks directly to the employees and themselves.

Engaging in electronic commerce has exposed Santa’sAttic.com to a whole new nature of risks within its real-time revenue cycle. A customer has the option of paying with a credit card or personal check. Upon entering the credit card information, it becomes attached to the customer’s e-mail file. This information includes the type of card, the customer’s name as it appears on the card, the credit card number, and the expiration date. Once an order is placed, an employee reviews the order in question, verifies credit, and enters the transaction into Santa’sAttic.com’s main database.

The main problem with this system is that orders have been placed with the company where the customer in question honestly denies ever submitting orders. It turns out that their children have placed many of these orders without the customer’s knowledge. The children were able to gain access to their parent’s account after the system recognized cookies in the hard drive. When the children went to the Web site, the page recognized them as the users of the account and gave them authorized access to make purchases.

Another problem with the information in the revenue cycle has been that hackers have been able to enter the database and obtain information concerning customers. This unauthorized access has sent top management into a frenzy knowing that their customer information is insecure.

Required

a. Discuss the control and security weaknesses in this system.

b. Make specific recommendations for improving controls.

Comments

Post a Comment

Popular posts from this blog

The Conversion Cycle:The Traditional Manufacturing Environment

By -
Image
The Traditional Manufacturing Environment The conversion cycle consists of both physical and information activities related to manufacturing products for sale. The context-level data flow diagram (DFD) in Figure 7-1 illustrates the central role of the conversion cycle and its interactions with other business cycles. Production is triggered by customer orders from the revenue cycle and/or by sales forecasts from marketing. These inputs are used to set a production target and prepare a production plan, which drives production activities. Purchase requisitions for the raw materials needed to meet production objectives are sent to the purchases procedures (expenditure cycle), which prepares purchase orders for vendors. Labor used in production is transmitted to the payroll system (expenditure cycle) for payroll processing. Manufacturing costs associated with intermediate work-in-process and finished goods (FG) are sent to the general ledger (GL) and financial reporting system. Dependin
Read more

The Revenue Cycle:Manual Systems

By -
Image
Manual Systems The purpose of this section is to support the system concepts presented in the previous section with models depicting people, organizational units, and physical documents and files. This section should help you envision the segregation of duties and independent verifications, which are essential to effective internal control regardless of the technology in place. In addition, we highlight inefficiencies intrinsic to manual systems, which gave rise to modern systems using improved technologies. SALES ORDER PROCESSING The system flowchart in Figure 4-12 shows the procedures and the documents typical to a manual sales order system. In manual systems, maintaining physical files of source documents is critical to the audit trail. As we walk through the flowchart, notice that in each department, after completion of the assigned task, one or more documents are filed as evidence that the task was completed. Sales Department The sales process begins with a customer cont
Read more

HIPO (hierarchy plus input-process-output)

By -
Image
HIPO (hierarchy plus input-process-output) 64.1 Purpose The HIPO (Hierarchy plus Input-Process-Output) technique is a tool for planning and/or documenting a computer program. A HIPO model consists of a hierarchy chart that graphically represents the program’s control structure and a set of IPO (Input-Process-Output) charts that describe the inputs to, the outputs from, and the functions (or processes) performed by each module on the hierarchy chart. 64.2 Strengths, weaknesses, and limitations Using the HIPO technique, designers can evaluate and refine a program’s design, and correct flaws prior to implementation. Given the graphic nature of HIPO, users and managers can easily follow a program’s structure. The hierarchy chart serves as a useful planning and visualization document for managing the program development process. The IPO charts define for the programmer each module’s inputs, outputs, and algorithms. In theory, HIPO provides valuable long-term documentation. However
Read more