2 days ago
Shravani Kasturi
Discussion
COLLAPSE
Top of Form
IT governance refers to the procedures implemented to manage information technology and the increasing value obtained from investing in information and technology (Joshi, Bollen, Hassink, Haes & Grembergen, (2018). It is made up of frameworks whose aim is to increase the management of risks arising due to the use of information technology. It aims at ensuring that information technology is used to increase the likelihood of achieving objectives for the business. IT governance is essential in allowing companies to be compliant with legal guidelines; for instance, those contained in companies act. It provides a likelihood of an increase in the investments made by a company regarding information technology.
Many factors fueled the need for adoption of IT governance. The first factor is the increase in the number of risks facing information technology. The increased legal risks due to the lack of compliance of guidelines is another critical factor that contributed to a need for IT governance. The ability of IT governance to reduce the costs used in coming up with new inventions increased its adoption. Many companies make use of a lot of resources for discovery.
ISO provides guidelines meant to increase security (Santi, 2018). Its primary role is the provision of guidance concerning aspects of security. It offers advice on how to operate manage and make use of the networks effectively. It also provides guidelines on how the systems can be used effectively to increase security. The ISO also provides guidelines regulating the implementation of controls. Therefore, ISO has dramatically affected the standards of network security by increasing the protection of the networks. It is through the guidelines it provides that aims at expanding the manner at which the network security is designed. It also provides an outline of how the implementation should be carried out to increase network security. It increased standards by developing secure communications interconnecting networks. It is through the provision of very secure gateways.
References
Joshi, A., Bollen, L., Hassink, H., Haes, S. D., Grembergen, W. V., (2018). Explaining IT Governance disclosure through the constraints of IT governance maturity and IT strategic role. Information & Management, 55(3), 368-380
Santi, P. (2018). A design network model for information security management standards depends on ISO 27001. GSTF Journal on Computing, 5(4), 1-11
Bottom of Form
19 hours ago
Rahul Reddy Kallu
Discussion 6
COLLAPSE
Top of Form
IT governance and data governance are subset of Information Governance (IG), which defines set of policies and procedures to concentrate more on how to effectively manage information. These policies include managing structured (records) and unstructured data (e-mails, e-documents). IT governance policies are aimed towards protecting sensitive data such as Protected Health Information (PHI), ensuring privac.
9548086042 for call girls in Indira Nagar with room service
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
1. 2 days ago
Shravani Kasturi
Discussion
COLLAPSE
Top of Form
IT governance refers to the procedures implemented to manage
information technology and the increasing value obtained from
investing in information and technology (Joshi, Bollen,
Hassink, Haes & Grembergen, (2018). It is made up of
frameworks whose aim is to increase the management of risks
arising due to the use of information technology. It aims at
ensuring that information technology is used to increase the
likelihood of achieving objectives for the business. IT
governance is essential in allowing companies to be compliant
with legal guidelines; for instance, those contained in
companies act. It provides a likelihood of an increase in the
investments made by a company regarding information
technology.
Many factors fueled the need for adoption of IT governance.
The first factor is the increase in the number of risks facing
information technology. The increased legal risks due to the
lack of compliance of guidelines is another critical factor that
contributed to a need for IT governance. The ability of IT
governance to reduce the costs used in coming up with new
inventions increased its adoption. Many companies make use of
a lot of resources for discovery.
ISO provides guidelines meant to increase security (Santi,
2018). Its primary role is the provision of guidance concerning
aspects of security. It offers advice on how to operate manage
and make use of the networks effectively. It also provides
guidelines on how the systems can be used effectively to
increase security. The ISO also provides guidelines regulating
the implementation of controls. Therefore, ISO has dramatically
2. affected the standards of network security by increasing the
protection of the networks. It is through the guidelines it
provides that aims at expanding the manner at which the
network security is designed. It also provides an outline of how
the implementation should be carried out to increase network
security. It increased standards by developing secure
communications interconnecting networks. It is through the
provision of very secure gateways.
References
Joshi, A., Bollen, L., Hassink, H., Haes, S. D., Grembergen, W.
V., (2018). Explaining IT Governance disclosure through the
constraints of IT governance maturity and IT strategic
role. Information & Management, 55(3), 368-380
Santi, P. (2018). A design network model for information
security management standards depends on ISO 27001. GSTF
Journal on Computing, 5(4), 1-11
Bottom of Form
19 hours ago
Rahul Reddy Kallu
Discussion 6
COLLAPSE
Top of Form
IT governance and data governance are subset of Information
Governance (IG), which defines set of policies and procedures
to concentrate more on how to effectively manage information.
These policies include managing structured (records) and
unstructured data (e-mails, e-documents). IT governance
policies are aimed towards protecting sensitive data such as
Protected Health Information (PHI), ensuring privacy of
Personally Identifiable Information (PII), legal and regulatory
compliance, records retention and information disposal.
3. According to the IT Governance Institute, “IT governance is the
responsibility of executives and the board of directors, and
consists of leadership, organizational structures, and processes
that ensure that the enterprise’s IT sustains and extends the
organization’s strategies and objectives”. Governance implies
establishing policies and implementing structure around how the
agencies align their IT strategy with their business strategy, to
ensure that they stay on track to achieve their strategic goals,
and implement effective ways to measure the agencies’ IT
performance (Gunawardena & Ramesh, 2014).
IT governance brings value to the organization and its effective
value creation to IT investments has long been recognized,
which is cited as the reason for achieving excellence in
management of IT (Gunawardena & Ramesh, 2014). The
policies developed through IT governance are implemented on
investments, projects and resources in an effort to reduce
redundancy across organization, review opportunities and
improve cost savings (Gunawardena & Ramesh, 2014).
Governance allows organizations to be active in the strategic
management of IT and make sure the basic elements are in place
(Gunawardena & Ramesh, 2014). These basic elements include
Alignment and responsiveness, objective decision making,
resource balancing, organizational risk management, execution
and enforcement, accountability (Gunawardena & Ramesh,
2014). IT governance cannot exist as an individual process and
is a process by which decisions are made around enterprise IT
investments and projects. IT governance enables leadership to
make better strategic decisions and proactively manage and
evaluate future investment as a group (Gunawardena & Ramesh,
2014).
ISO for network security was first published in 2009
as ISO/IEC 27033-1, which is a revision of ISO 18028-1:2006
(The ISO 27000 Directory, n.d.). ISO/IEC 27033 is a multi-part
standard derived from existing five-part ISO/IEC 18028
4. (SecAware Policies, n.d.). “The purpose of ISO/IEC 27033 is to
provide detailed guidance on the security aspects of the
management, operation and use of information system networks,
and their inter-connections. Those individuals within an
organization that are responsible for information security in
general, and network security in particular, should be able to
adapt the material in this standard to meet their specific
requirements.” (SecAware Policies, n.d.). Part 1, ISO/IEC
27033-1 offers guidance on identifying and analyzing network
security risks, offers definition of network security, provides an
overview of security controls to support network technical
security architectures and covers implementation and operation
of network security controls and ongoing monitoring (The ISO
27000 Directory, n.d.). Part 2, ISO/IEC 27033-2 provides
guidelines for the design and implementation of network
security which covers risks, design, technique, control issues
and serves as a foundation for detailed recommendations on
end-to-end network security (SecAware Policies, n.d.). Part 3,
ISO/IEC 27033-3 discusses threats, specifically, rather than all
the elements of risk (SecAware Policies, n.d.). Part 4, ISO/IEC
27033-4 discusses securing communications between networks
using security gateways, outlines how security gateways analyze
and control network through packet filtering, stateful packet
inspection, application proxy, application firewalls, network
address translation and content analysis and filtering (SecAware
Policies, n.d.). Part 5, ISO/IEC 27033-5 discusses securing
communications across networks using virtual private networks
(VPNs) and part 6, ISO/IEC 27033-6 discusses securing
wireless IP network access (SecAware Policies, n.d.).
References
Gunawardena, L., & Ramesh, L. (2014, Aug 15). Understanding
IT Governance and Why It Often Fails. Retrieved from
Architecture & Governance:
https://www.architectureandgovernance.com/it-
22. Computer Science Department, BINUS
Graduate Program – Doctor of
Computer Science, Bina Nusantara
University, Jakarta, Indonesia 11480
[email protected]
Benny Ranti
Faculty of Computer Science,
Universitas Indonesia,
Depok 16424, Indonesia
[email protected]
Suhono Harso Supangkat
Sekolah Teknik Elektro dan
Informatika,
Institut Teknologi Bandung,
Bandung, Indonesia
[email protected]
Abstract— There are many ways for the company to
improve its performance, one of them is optimizing the
internal control of the company's activities. Internal
control is intended to evaluate company activities and
23. operations. This study took a case study at PT. XYZ
related to the evaluation of internal controls in
warehouse management using the COSO framework
approach. From 5 elements and 17 Principle, study
found, there are 2 principles that have not been applied
in PT. XYZ; enforced accountability and control over
technology. The recommendation given is system
improvement as intended the inventory system to be
more accurate and reliable to enable smart warehouse
systems inside organizations.
Keywords: internal control, COSO framework, warehouse
management, evaluation
I. INTRODUCTION
There are many ways for the company to improve its
performance, one of them is optimizing the internal control
of the company's activities and also implementation of the
new system to increase efficiency and effectiveness in all
24. business process activities [4]. Internal control is a process
undertaken by company management to assist the
achievement of operations, reporting and in accordance with
the compliance [9]. The internal optimization is needed
because it describes the overall rules and procedures used by
management to improve management effectiveness in the
business and identify lack of internal control in the business
processes that it can make the organization vulnerable and
possible risks occurs, eventually all these risks can have an
impact on a company's financial performance [2].
In warehouse management, internal controls devoted to
optimizing the functions, including the process of finished
goods inventory, and it useful to organize the distribution
process to the market. According to Rita Makumbi (2013)
[6] the function of the warehouse management is one of a
service that can help the company's operational functions
run smoothly as a store of raw material, unfinished goods,
until stock the finished goods or inventory. One of the
25. problem in warehouse management is high production of
manufacture, company must pay attention to the process
from the beginning of production, to the process of goods
delivery, and inventory calculations.
One of famous approach for warehouse management
control is using COSO framework. COSO framework is one
of tools to maintain the effectiveness and efficiency of
inventory process in organizations [12]. COSO framework
also known as integrated framework that can help company
to:(1) warehouse operation process more effective and
efficient; (2) accountable and reliable of inventory stock
calculation; (3) compliances with government law and
regulations [8].
This research took case study from PT. XYZ as one of
company who implemented the warehouse management.
Based on observing in PT. XYZ, we found that company
still difficulty to balance the production and inventory
storage in warehouse which impact to lack of inventory
26. control.
II. LITERATURE REVIEW
Early definition of internal control is the plan of
organization to coordinate methods and measure all the
element in process business safe, accurate, reliable,
encourage the prescribed managerial policies [10]. Another
definition of internal control is philosophy of risk alignment,
risk management, ethics, policies, resources, tasks and
responsibilities according to organizational capacity to
manage risk [12].
In warehousing planning and control, company produces
various product, company needs good control over its
inventory which two main objectives such as (1) warehouse
inventory planning and control; (2) reliable inventory report
to support financial statements [11]
Related to COSO framework, basic concepts of internal
control are:(a) internal control is an integrated process and a
27. tool that can be used to achieve organization goals; (b)
Internal control is not only limited to policies and
procedures but should include all levels within the
organization; (c) Internal control can only provide a
reasonable guarantee, not an absolute guarantee, because
there are limitations that can obstruct the absoluteness of the
internal control itself; (d) Internal Control will ultimately
result in achievement of goals in categories of financial
statements, compliance, operational activities [13].
Using COSO framework for evaluating the internal
control helps company to calculate the probability of risk
which can occur adversely [2]. However COSO can
maintain and support the company to maintain risk which
known can give positive feedback nor negative [12].
COSO framework is consist of five: (1) Control
environment; (2) Risk assessment; (3) Control activities; (4)
Information & Communication; (5) Monitoring activities
28. [7].
Figure 1. The COSO Cube [3]
Table 1. Component of Internal Control in COSO [1]
III. METHODOLOGY
With COSO framework approach this research starting
with process business analysis as preliminary measurement
and basic analysis in PT. XYZ then continue with internal
control evaluation as follow:
Figure 2. The Research Flow for Warehouse Management
Evaluation in PT. XYZ
For detail performed as follows:
1) Meeting related to explaining flow of evaluation
process.
2) Conducting interviews with stakeholders such as IS
team leader operations, IS analyst, supervisor factory
logistics, team leader factory logistics, warehouse staff,
29. forklift drivers, internal control, and IPG (Information
Protection & Governance) to observe and also learn
detail about how the business process run, systems
used and also the company's internal control
procedures.
3) Documents checking related to the process of the
finished goods inventory.
4) Doing directly observations in order to learn and
understand more clearly about the working procedures
associated with the process of finished goods
inventory.
IV. ANALYSIS AND RESULT
A. FINDINGS
Based on the results of research and interviews as
part of internal control evaluation, here are the results:
Based on the result above, total of 17 principles from
COSO framework known as 2 principles is in red area for
medium and high risk area, 6 principles is in yellow area
which “not fully adapted” for medium and high risk area
and green area for total 9 principles from low and high
risk area.
30. For the red area, we conducted deeply investigation
as high level evaluation for give the best
recommendation. We found incorrect procedure during
the process of inventory cycle in warehouse, due to goods
receipt in warehouse is not loaded to the shelf directly
and it put to wrong shelf. The impact, a lot of expired
inventory due to incorrect process in goods issue. The
inventory are stored in a multilevel shelf. During the
good issue and shipment for delivery, it was taken
randomly.
Another issued for the red area is control activities for
control over technology. PT. XYZ not only use
warehouse management but also already used one of the
systems like robot machine systems for put the inventory
during the goods receipt. The process starts when
shipping case sent by the conveyor and the systems will
create into one pallet by robot machine then the next step
is data will be stored in the robot database, but once in
while systems went down, there is no back up so the
process will be stopped or create manually. The effect for
this case is lack of control for goods receipt.
B. RECOMMENDATION
After we found the fact findings about internal control
evaluation for warehouse management in PT. XYZ, the
recommendation is as follow:
31. • Conducting customization through warehouse
management system at PT. XYZ.
• Change business processes related to system
requirements.
The recommendation above expected, will support and
improved the process in PT. XYZ such as:(1) Eliminate the
manual process; (2) Provide reliable information about
location of inventory stored and retrieved; (3) Trackable
inventory; (4) Provide real-time information related to
inventory in the warehouse.
The recommendation of design architecture for
warehouse management customization is using Three-Tier
Architecture. While the warehouse management will
integrated with robot machine and the application will store
into one single application server. This design purpose with
benefit: (1) optimized the server for storage, data process
and retrieving database; (2) Reduce data duplication [5].
Figure 3. Three-Tier Architecture [5]
32. The business process changes purposed as follow:
Robot Machine
Systems
Warehouse
Management
Systems
DATABASE
Interface Process Integration
Mobile Scanner (Goods Issue)
Inventory Barcode Create
Automatic Inventory Stock Calculation
Recommendation for Goods Issue
Movement (First In First Out Method
Adoption)
Figure 4. System Design
System design from figure 4, describes about additional
33. interface process integration as bridging between warehouse
management systems and robot machine systems which all
data from the systems will save into single database.
Otherwise the process will improve since the inventory
movement will follow with FEFO (First Expired First Out),
like picture describe in figure 5.
Table 2. Coso Matrix Performance in PT. XYZ
In the figure 5 shown the inventory movement while
systems automatically will scan and check the criteria. If the
criteria of the product proper the next step systems will
input into inventory systems and robot systems will take the
product into the pallet specifically based on criteria and
create delivery notes, afterwards the inventory staff will put
into shelf storing. For the next process, PT. XYZ move the
process of inventory into FEFO System (First Expired First
34. Out): the systems will create the delivery note (inventory
selection based on expired date) and show which the
inventory should out and help the inventory staff find the
correct inventory.
V. CONCLUSION
COSO framework not only providing better internal
control but also measurement of compliance risk due to
reviewing the organization operational as well. COSO
framework can support the risk mitigation, which can give
recommendation and also solution to the company.
Through 5 elements and 17 principles, it will help
company reach the objective nor goal of effectiveness and
efficiency company operation. Another opinion COSO
framework is likely common audit that enables controls not
the business operations but also all personnel inside of
company.
REFERENCES
[1] COSO Framework. (2016). Retrieved from
http://www.bussvc.wisc.edu/intcntrls/cosoframework.h
tml
35. [2] Diane J. Janvrin, E. A. (2012). The Updated COSO
Internal Control— Integrated Framework:
Recommendations and Opportunities for Future
Research. JOURNAL OF INFORMATION SYSTEMS,
189-213.
[3] J. Stephen McNally, C. (2013, June 2013). The 2013
COSO Framework & SOX Compliance : ONE
APPROACH TO AN EFFECTIVE TRANSITION.
Retrieved from
https://www.coso.org/documents/COSO%20McNallyT
ransition%20Article-
Final%20COSO%20Version%20Proof_5-31-13.pdf
[4] Jokipii, A. (2009). Determinants and consequences of
internal control in firms: a contingency theory based
analysis. Springer Science-Business Media, 115-144
[5] Kambalyal, C. (2010). Three Tier Architecture.
Retrieved from
http://channukambalyal.tripod.com/NTierArchitecture.
36. pdf
[6] Makumbi, R. (2013). Introduction to Warehousing
Principles and Practices. Lambert Academic
Publishing.
Figure 5 – The Process of Inventory Movement
[7] Martin, K., Sanders, E., & Scalan, G. (2014). The
Potential Impact of COSO Internal Control Integrated
Framework Revision on Internal Audit Structured
SOX Work Program . Elsivier - Research in
Accounting Regulations.
[8] Mary B. Curtis, F. H. (2000). The components of a
comprehensive framework of internal control. The
CPA Journal, 64-66.
[9] Miles E.A. Everson, S. E. (2013). Internal Control —
Integrated Framework. NY: Committee of Sponsoring
Organizations of the Treadway Commission.
[10] Procedure, A. I. (2008). Codification of auditing
37. standards and procedures . University of Mississippi
Library. Accounting Collection.
[11] Ravee, J. M. (2009). Pengantar Akuntansi-Adaptasi
Indonesia . Jakarta: Salemba Empat.
[12] Thomas V. Scannell, S. C. (2013). Supply Chain Risk
Management within the Context of COSO’s Enterprise
Risk Management Framework. Journal of Business
Administration Research, 15-28, Vol. 2, No. 1.
[13] Tsay, B.-Y. (2010). Designing an Internal Control
Assessment Program Using COSO's Guidance on
Monitoring. New York: The CPA Journal.