Business Process Automation through Application Software



Similar documents
Business Process Automation through Application Software

5 Business Process Automation through Application Software

Newcastle University Information Security Procedures Version 3

Data Management Policies. Sage ERP Online

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Microsoft s Compliance Framework for Online Services

PART I: The Pros and Cons of Public Cloud Computing

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Quattra s Cloud Vision & Framework Value

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Cloud-Security: Show-Stopper or Enabling Technology?

Central Agency for Information Technology

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Security Considerations for Public Mobile Cloud Computing

Network Security: Policies and Guidelines for Effective Network Management

Information Security Policies. Version 6.1

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

Regulations on Information Systems Security. I. General Provisions

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

IT Service Management

CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY

Keyword: Cloud computing, service model, deployment model, network layer security.

Management Standards for Information Security Measures for the Central Government Computer Systems

20 questions you should ask before investing in your WMS

Security Analysis of Cloud Computing: A Survey

Security Threat Risk Assessment: the final key piece of the PIA puzzle

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

Considerations for Outsourcing Records Storage to the Cloud

Enterprise Resource Planning in Cloud Computing Bhakti C Thorat 1 Siddhesh P Patil 2 Prof.Anil Chhangani 3

BACKUP IS DEAD: Introducing the Data Protection Lifecycle, a new paradigm for data protection and recovery WHITE PAPER

CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS

INFORMATION TECHNOLOGY CONTROLS

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

Comparison of Various Particle Swarm Optimization based Algorithms in Cloud Computing

CITY UNIVERSITY OF HONG KONG Change Management Standard

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Session 11 : (additional) Cloud Computing Advantages and Disadvantages

PART 10 COMPUTER SYSTEMS

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch

ISO Controls and Objectives

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

Defining a framework for cloud adoption

The cloud - ULTIMATE GAME CHANGER ===========================================

Cloud Infrastructure as a Service Market Update, United States

Cloud Computing for SCADA

Dynamic Query Updation for User Authentication in cloud Environment

IT - General Controls Questionnaire

security in the cloud White Paper Series

Table of Contents. Chapter No. 1. Introduction Objective Use Compliance Definitions Roles and Responsibilities 2

Third Party Security Requirements Policy

Production in the Cloud

Lecture 02a Cloud Computing I

Module 1: Facilitated e-learning

HIPAA Security COMPLIANCE Checklist For Employers

Managing Cloud Computing Risk

Orchestrating the New Paradigm Cloud Assurance

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES

University of Aberdeen Information Security Policy

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

ISMS Implementation Guide

Office 365 Data Processing Agreement with Model Clauses

Big Data Analytics Service Definition G-Cloud 7

PCI Data Security and Classification Standards Summary

Information security controls. Briefing for clients on Experian information security controls

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

Everything You Need To Know About Cloud Computing

About me & Submission details

Secure Cloud Computing through IT Auditing

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

Cloud Computing and Records Management

Cloud Computing Governance & Security. Security Risks in the Cloud

General Computer Controls

A&D srl Consulting & Logistic Systems Galleria Spagna, Padova (PD) - Italy - Telefono Fax Sede Legale:

FISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS

Cloud Security Specialist Certification Self-Study Kit Bundle

Cloud computing and SAP

Offer Highly Available SAAS Solutions with Huawei. Huang Li Executive Vice President of isoftstone

Architecting the Cloud

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

The Next Generation of Security Leaders

FREQUENTLY ASKED QUESTIONS ABOUT CLOUD ERP

A Comparative Study of cloud and mcloud Computing

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

Development, Acquisition, Implementation, and Maintenance of Application Systems

1 Introduction. 2 What is Cloud Computing?

Office Technologies Managed Services Professional Services. SERVING OVER 18,000 CUSTOMERS IN THE NYC & TRI-STATE AREA tomorrowsoffice.

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

Operations Management and the Integrated Manufacturing Facility

Transcription:

5 Business Process Automation through Application Software 5.1 Introduction The speed of automation of all activities, whether they be connected to business directly or not has surprised the stakeholders of enterprises, who are affected by such computerization. In our professional work, we realize that our daily jobs have been changed with the help of technology and automated systems. For example-attendance marking and Tracking systems. Any enterprise located in any remote corner can make their products or services available to anyone, anywhere at any time. New technologies are getting developed due to large scale computerization, decreasing costs of storing data and increasing speed of internet. Emerging technologies such as virtualization, grid computing and cloud delivery model are enabling technology. However, the level of automation needs to be controlled considering the inherent risks of technology. 5.2 Business Applications Business Application is defined as a computer program used to fulfill a person s need for regular occupation or commercial activities like keeping track of inventory levels, checking for bank account balances, checking status of delivery of goods dispatched and all other business activities. 5.2.1 Classification of Business Applications Types of Business Applications Nature of Processing (The way an application updates data) Batch Processing Online Processing Real time Processing Source of Application (Tells the source from where the application has been bought) In-house developed Purchased application Leased Nature of Business (Emphasize on size and complexity of Business Process) Small Business Medium Business Large Business Functions Covered/ Nature of Application (Based on business functions it covers) Accounting Application Cash Management Manufacturing Application

5.2 Information Technology Business applications may be classified on the basis of their nature and can vary in numerous ways. More types may be added to the list, depending upon the advancement in the area. 5.2.2 Business applications based on nature of application/functions covered We shall restrict our discussion to business applications on the basis of functions covered. Some of the business applications based on nature of application are Accounting application, Office Management Software, Compliance Applications, Customer Relationship Management Software, Management Support Software, ERP Software, Product Lifecycle Management Software, Logistics Management Software, Legal Management Software and Industry Specific Applications. 5.3 Business Process Automation Business Process: It is a set of activities that are designed to accomplish specific organizational goals. Business Process Automation (BPA) is a strategy to automate business processes so as to bring benefit to enterprise in terms of cost, time and effort. 5.3.1 Why BPA? Following are the primary reasons for automation by enterprises: Cost Saving: Automation leads to saving in time and labor costs. To remain competitive: To provide the level of products and services as offered by competition. Fast service to customers: Automation helps business managers to serve their customers faster and better. 5.3.2 How to go about BPA? The steps to go about implementing business process automation are given as follows: Step 1: Define why we plan to implement a BPA? The answer to this question will provide justification for implementing BPA. Step 2: Understand the rules/regulation under which it needs to comply with? The underlying issue is that any BPA created needs to comply with applicable laws and regulations. Step 3: Document the process, we wish to automate. The current processes which are planned to be automated need to be correctly and completely documented at this step. Step 4: Define the objectives/goals to be achieved by implementing BPA. This enables the developer and user to understand the reasons for going for BPA. The goals need to be precise and clear.

Business Process Automation through Application Software 5.3 Step 5: Engage the business process consultant. Once the entity has been able to define the above, the entity needs to appoint an expert, who can implement it for the entity. Step 6: Calculate the ROI for project. The answer to this question can be used for convincing top management to say yes to the BPA exercise. Step 7: Development of BPA. Once the top management grant their approval, the right business solution has to be procured and implemented or developed and implemented covering the necessary BPA. Step 8: Testing the BPA. Before making the process live, the BPA solutions should be fully tested. 5.3.3 Applications that help entity to achieve BPA TALLY, SAP R/3, MS Office Applications, Attendance systems, Vehicle Tracking Systems, Automated Toll Collection Systems, Department Stores System, Travel Management Systems etc. are some of the applications that help entity to achieve Business Process Automation. 5.4 Information Processing Information may be defined as processed data, which is of value to the user and is necessary for decision making and survival of an entity as success of business depends upon making right decisions at the right time on the basis of the right information available. The effort to create information from raw data is known as Information Processing. Classification of information is based on level of human or computer intervention. 5.5 Delivery Channels Delivery channels refer to the mode through which information or products are delivered to users. For example: Delivery Channels for Information: Include Intranet, E-mail, Internal newsletters and magazines; Staff briefings, meetings and other face-to-face communications methods; Notice boards in communal areas; Manuals, guides and other printed resources; Hand-held devices (PDAs, etc.); and Social networking sites like Facebook, WhatsApp etc. Delivery Channels for Products: Include Traditional models, brick and mortar type; Buying from a shop; Home delivery of products; Buying from a departmental store; and Buying online, getting home delivery and making cash payment on delivery etc. 5.5.1 Importance It is important to have proper and accurate delivery channels for information or product distribution and to consider each of these channels while planning; an overall information management and communications strategy are required.

5.4 Information Technology 5.5.2 Information Delivery Channel: How to choose one? When choosing appropriate delivery channels, one should understand staff needs & environment. It should be more than just the intranet. Further, traditional channel need to be formalized. 5.5.3 Product Delivery Channels: How to choose one? The customers have moved from purchase of physical books to e-books. This shift has forced business to strategize their delivery channels. 5.6 Controls in BPA To ensure that all information that is generated from system is accurate, complete and reliable for decision making, there is a requirement for proper controls. Control is defined as policies, procedures, practices and organization structure that are designed to provide reasonable assurance that business objectives are achieved and undesired events are prevented or detected and corrected. 5.6.1 Control Objectives Major control objectives are - Authorization, Completeness, Accuracy, Validity, Physical Safeguards and Security, Error Handling and Segregation of Duties. 5.6.2 Types of Controls Application Controls Application controls are the controls on the sequence of processing events. These controls cover all phases of data right from data origination to its final disposal. Application controls cover transactions as they recorded in each stage of processing into master - parameter and transaction files and include controls relating to transmission and distribution of output through display, electronic media or printed reports. Internal Controls SA-315 defines the system of internal control as the plan of enterprise and all the methods and procedures adopted by the management of an entity to assist in achieving management s objective of ensuring, as far as practicable, the orderly and efficient conduct of its business, including adherence to management policies, the safeguarding of assets, prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information.

Business Process Automation through Application Software 5.5 5.6.3 Application Controls and their Types Application Control Boundary Control An Access control mechanism having three steps- Identification, Authentication and Authorization Input Controls Responsible for ensuring the accuracy and completeness of data that are input into an application system Process Controls Responsible for performing validation checks to identify errors during processing of data system Output Controls Ensure that the data delivered to users is presented, formatted and delivered in a consistent and secured manner Database Controls Protects the integrity of a database when application software act as an interface between user and the database Cryptography Transforming data into codes that are meaningless for a non-authenticated person Passwords User identification under password boundary access control PIN (Personal Identification Numbers) Assigned to a user by an institution based on the user characteristics Identification Cards Used to store information required in an authentication process Source Document Control Can be used to remove assets from the enterprise Data Coding Control These are put in place to reduce user error during data feeding Batch Control Put in place at locations where batch processing is being used to ensure accuracy and completeness of the content Validation Control Used to validate the accuracy of input data at different levels like Field and Record interrogation Run-to-run totals Help in verifying data that is subject to process through different stages Edit Checks Used at the processing stage to verify accuracy and completeness of data Field Initialization Set all values to zero before inserting the field or record Reasonable - ness Verification Two or more fields can be compared and cross verified to ensure their correctness Exception Reports Are generated to identify errors in processed data Existence/ Recovery Controls Enable a system to be recovered if failure is temporary or localized Storage and Logging of Sensitive and Critical Forms Access of preprinted stationery like security forms etc. to only authorized persons Controls over Printing Ensure that unauthorized disclosure of information printed is prevented Retention Controls Consider the duration for which outputs should be retained before being destroyed Logging of output program executions Output programs should be logged and monitored Report distribution and Collection Controls Deals with secure way to avoid unauthorized disclosure of data and maintenance of log as to what reports are printed and collected Existence/Rec overy Controls Are needed to recover output in the event that is lost or destroyed Sequence Check Transaction and Master Files Synchronization between master file and transaction file to maintain the integrity between the two files Ensure all records on files are processed Ensure End-of-file of both Transaction file and Master file are same Process multiple transactions for a single record in the correct order Transactions are processed against the product master record in the correct order Fig.: Types of Application Controls and their objectives

5.6 Information Technology 5.7 Emerging Technologies Various emerging technologies/concepts are given in the following sections: 5.7.1 Network Virtualization In Information Technology, Virtualization is the process of creating logical computing resources from available physical resources. 5.7.2 Grid Computing In an ideal Grid Computing System, every resource is shared, turning a computer network into a powerful supercomputer. Every authorized computer would have access to enormous processing power and storage capacity. A grid computing system can be as simple as a collection of similar computers running on the same operating system or as complex as inter-networked systems comprised of every computer platform we can think of. 5.7.3 Cloud Computing Cloud Computing is the use of various services, such as software development platforms, servers, storage, and software, over the Internet, often referred to as the "cloud." The common Cloud Computing Service Models are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Question 1 What are the objectives of Business Process Automation (BPA)? The success of any business process automation shall only be achieved when BPA ensures: Confidentiality: To ensure that data is only available to persons who have right to see the same; Integrity: To ensure that no un-authorized amendments can be made in the data; Availability: To ensure that data is available when asked for; and Timeliness: To ensure that data is made available in at the right time. To ensure that all the above parameters are met, BPA needs to have appropriate internal controls put in place. Question 2 Differentiate between Manual Information Processing Cycle and Computerized Information Processing Cycle.

Business Process Automation through Application Software 5.7 Manual Information Processing Cycle Systems where the level of manual interventionn is very high. For example- Evaluation of exam papers, teaching and operations in operation theatres. Include following components: Input: Put details in register. Process: Summarize the information; and Output: Present informationn to management in the form of reports. Computerized Cycle Information Processing Systems where computers are used at every stage of transaction processing and human intervention is minimal. Include following components: Input: Entering data into the computer; Process: Performing operations on the data; Storage: Saving data, output for future use; and programs, or Output: Presenting the results. Question 3 What are the major control objectives in Business Process Automation (BPA)? Control is defined as policies, procedures, practices and organization structure that are designed to provide reasonable assurance that business objectives are achieved and undesired events are prevented or detected and corrected. Major control objectives are given as follows: Authorization ensures that all transactions are approved by responsible personnel in accordance with their specific or general authority before the transactionn is recorded. Completeness ensures that no valid transactions have been omitted from accounting records. the Accuracy ensures that all valid transactions are accurate, consistent with originating transaction data, and information is recorded in a timely manner. the Validity ensures that all recorded transactions fairly epresent the economic events that actually occurred, are lawful in nature, and have been executed in accordance with management's general authorization.

5.8 Information Technology Physical Safeguards and Security ensures that access to physical assets and information systems are controlled and properly restricted to authorized personnel. Error Handling ensures that errors detected at any stage of processing receive prompts corrective actions and are reported to the appropriate level of management. Segregation of Duties ensures that duties are assigned to individuals in a manner that ensures that no one individual can control both the recording function and the procedures relative to processing a transaction. Question 4 What are the characteristics of Cloud Computing? The following is a list of some of the characteristics of a cloud-computing environment: Elasticity and Scalability: Cloud computing gives us the ability to expand and reduce resources according to the specific service requirement. For example, we may need a large number of server resources for the duration of a specific task. We can then release these server resources after we complete our task. Pay-per-Use: We pay for cloud services only when we use them, either for the short term or for a longer duration. On-demand: Because we invoke cloud services only when we need them, they are not permanent parts of the IT infrastructure. With cloud services, there is no need to have dedicated resources waiting to be used, as is the case with internal services. Resiliency: The resiliency of a cloud service offering can completely isolate the failure of server and storage resources from cloud users. Work is migrated to a different physical resource in the cloud with or without user awareness and intervention. Multi Tenancy: Public cloud service providers often can host the cloud services for multiple users within the same infrastructure. Server and storage isolation may be physical or virtual depending upon the specific user requirements. Workload Movement: This characteristic is related to resiliency and cost considerations. Cloud-computing providers can migrate workloads across servers both inside the data center and across data centers (even in a different geographic area). Question 5 Discuss advantages and disadvantages of Cloud Computing. Advantages of Cloud Computing: It is a cost efficient method to use, maintain and upgrade with almost unlimited storage. It provides an easy access to information and is usually competent enough to handle recovery of information. In the cloud, software integration occurs automatically and the entire system can be fully functional in a matter of a few minutes.

Business Process Automation through Application Software 5.9 Disadvantages of Cloud Computing: This technology is always prone to outages and other technical issues and surrendering all the company s sensitive information to a third-party cloud service provider makes the company vulnerable to external hack attacks and threats. Exercise 1. Discuss some of the applications that help enterprise to achieve Business Process Automation. 2. How can controls be classified based on the time at which they are applied? 3. What do you mean by the term Virtualization? Discuss its major applications. 4. Discuss the steps involved in implementing Business Process Automation. 5. Define the following terms in brief. (a) Cloud Computing (b) Grid Computing (c) Control in BPA 6. Discuss the major parameters that need to be considered while choosing an appropriate delivery channel for information. 7. Discuss Boundary Controls in details. 8. What do you understand by Database Controls? Discuss in brief. 9. Differentiate between Input Controls and Output Controls. 10. How Process Controls are used to have consistency in the control process?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information