INTERNAL AUDIT INFORMATION SYSTEM (IAIS) FOR INTERNAL AUDIT
advertisement
INTERNAL AUDIT INFORMATION SYSTEM (IAIS) FOR INTERNAL AUDIT DEPARTMENT OF GOLDEN HOPE PLANTATION BERHAD SUZARI BIN SAAID @ SAID UNIVERSITI TEKNOLOGI MALAYSIA ii “I hereby declare that I have read this thesis and in my opinion this thesis is sufficient in terms of scope and quality for the award of the degree of Master of Science (Information Technology – Management)”. Signature : .................................................... Name of Supervisor I : Assoc. Professor Dr. Shamsul Sahibuddin Date : .................................................... Signature : .................................................... Name of Supervisor II : Puan Suzana Abidin. Date : .................................................... INTERNAL AUDIT INFORMATION SYSTEM (IAIS) FOR INTERNAL AUDIT DEPARTMENT OF GOLDEN HOPE PLANTATION BERHAD SUZARI BIN SAAID @ SAID This project report is submitted in partial fulfillment of requirements for the award of Master of Science (Information Technology – Management) Fakulti Sains Komputer dan Sistem Maklumat Universiti Teknologi Malaysia OCTOBER, 2005 ii I declare that this thesis entitled “INTERNAL AUDIT INFORMATION SYSTEM (IAIS) FOR INTERNAL AUDIT DEPARTMENT OF GOLDEN HOPE PLANTATION BERHAD“ is the result of my own research except as cited in the references. The thesis has not been accepted for any degree and is not concurrently submitted in candidature of any other degree. Signature : .................................................... Name : SUZARI BIN SAAID @ SAID Date : .................................................... iii Dedicated to my beloved wife and son, father, my late mother, my in-laws and to all my brothers and sisters iv ACKNOWLEDGEMENT I wish to extend my appreciation to all those who have contributed directly and indirectly to the preparation of this project. In particular, I wish to express my utmost appreciation to my thesis supervisor, Associate Professor Dr. Shamsul Sahibuddin and Puan Suzana Abidin, for his advice, guidance and encouragement throughout the preparation of this project. Special thanks to the Associate Professor Dr. Naomie Salim and to all the staff of Advanced Information Technology Institute (AITI) for their untiring support, and to all my classmates for making this study a wonderful and cherishable experience. Thanks to my fellow colleagues in the Internal Audit Department (IAD) of Golden Hope Plantations Berhad for their cooperation and support and special thanks to the Director of IAD for the advice and permission to use the facilities in performing the project. Finally, I wish to express my sincere thanks to my wife and son, my parents, my in-laws and family members for the encouragement, inspiration and patience through this Master Programme especially in preparing this thesis. v ABSTRACT Internal Audit Department (IAD) of Golden Hope Plantations Berhad (GHPB) current manual performance monitoring is unable to systematically control and monitor each executive audit visits, audit report issuance, department’s monthly performance and categorize the audit findings according to non-compliance and process improvement. Internal Audit Information System (IAIS) is the proposed solution developed to computerize the current manual system. This will speed up the time and reduce the use of resources (manpower and cost). Object-Oriented Software Engineering (OOSE) is the technique used for this IAIS software development project. IAIS is an in-house developed system that is developed with a minimum cost. Any maintenance or trouble-shooting will be carried out by internal personnel. Implementing IAIS involves building a database thus helping the department to handle large amount of data, satisfy multiple users in using the same system concurrently, making the information retrieval and data input faster, and provide greater accuracy. Redundant record keeping is reduced or eliminated. IAIS will also assist the process of submitting the KPI monthly performance report to the KPI’s Committee every month end. IAIS will also indirectly assist management in evaluating each executive’s performance in IAD throughout the financial year and provide an indicator for bonus and increment. The monetary losses for each audit visit will also be identified and calculated. In line with the GHPB ICT Strategic Directions, IAIS will be an IAD’s effort to support the GHICT master plan in enhancing business productivity and efficiency using ICT tools through computerizing IAD’s process of keeping track the entire audit visits and duration reports issued to the auditee, executive/department monthly performance and categorize the audit findings. monitor vi ABSTRAK Proses pemantauan aktiviti secara manual Jabatan Audit Dalaman (IAD), Golden Hope Plantations Berhad (GHPB) sekarang tidak membolehkan pemantauan dan kawalan secara sistematik dilakukan untuk lawatan eksekutif IAD, pengeluaran laporan IAD, prestasi jabatan dan mengakategorikan isu-isu laporan audit kepada ketidak patuhan dan pembaikan proses. “Internal Audit Information System” atau IAIS adalah sistem yang dibina bagi mengambil alih sistem manual untuk mempercepatkan masa dan menjimatkan sumber (tenaga kerja dan kos). “Object-Oriented Software Engineering” (OOSE) adalah teknik yang digunakan dalam membangunkan projek IAIS. IAIS dibina oleh staf IAD dengan kos yang minima. Sebarang pentyelenggaran dan pembaikan juga akan dilakukan oleh staf dalaman. Perlaksanaan IAIS melibatkan pembinaan pangkalan data yang akan membantu dalam mengendalikan data yang banyak, menyelesaikan penggunaan IAIS secara beramai serentak, membantu proses capaian maklumat dan penginputan data yang lebih cepat dan menyediakan data yang lebih tepat. Penyimpanan data yang bertindih juga akan dapat dikurangkan atau dihapuskan. IAIS akan juga membantu dalam proses penyerahan laporan prestasi KPI bulanan. IAIS juga secara tidak langsung membantu pihak pengurusan untuk menilai prestasi setiap eksekutif di IAD sepanjang tahun dan menyediakan penunujuk bagi pemberian bonus dan peningkatan gaji. Kerugian wang untuk setiap audit juga akan di kenalpasti dan dikira. Selari dengan Dasar Strategik GHPB ICT, IAIS adalah usaha IAD untuk menyokong pelan dasar GHICT dalam meningkatkan produktiviti perniagaan dan tahap kecekapan menggunakan peralatan ICT melalui proses pengkomputeran proses pemantauan keseluruhan jadual lawatan audit, pengeluaran laporan IAD, prestasi jabatan dan mengakategorikan isu-isu laporan audit. vii TABLE OF CONTENTS CHAPTER 1 2 TITLE PAGE PROJECT OVERVIEW 1 1.1 Introduction 1 1.2 Background of The Problem 2 1.3 Statement of the Problem 3 1.4 Project Objectives 3 1.5 Project Scope 4 1.6 Importance of Project 5 1.7 Summary 5 LITERATURE REVIEW 6 2.1 Introduction 6 2.2 Plantation Management Concept 6 2.2.1 Plantation Management 7 2.2.2 2.2.3 2.3 Plantation Management Development Trends Towards IT 8 Summary 11 Internal Audit Concept 11 2.3.1 Internal Audit 11 2.3.2 2.3.4 Internal Audit Development Trends Towards IT 12 Summary 14 viii CHAPTER TITLE 2.4 Information System (IS) Concepts 15 2.4.1 Information System (IS) 15 2.4.2 Management Information Systems 2.4.3 2.5 PAGE (MIS) 17 Summary 20 Key Performance Indicators (KPIs) concept 20 2.5.1 Key Performance Indicators (KPIs) 21 2.5.2 Companies’ experience in successfully utilized KPIs to drive Global Excellence21 2.5.3 3 Summary 22 2.6 Samples of Software in the Market 23 2.7 Summary 24 METHODOLOGY 26 3.1 Introduction 26 3.2 Project Methodology 26 3.2.1 The Project Proposal 26 3.2.2 Literature Review 27 3.2.3 Current System Analysis 27 3.2.4 IAIS System Development 3.3 Methodology 27 3.2.5 System Development 28 3.2.6 Report Writing 28 System Development Methodology 28 3.3.1 Methodology Approach 29 3.3.2 Object-Oriented Software Engineering (OOSE) 30 ix CHAPTER 4 TITLE PAGE 3.3.3 Methodology Justification 31 3.3.4 Unified Modeling Language (UML) 32 3.3.5 The detail IAIS System Development Process 33 3.3.5.1 IAIS Requirement Analysis 34 3.3.5.2 IAIS Detailed Design 35 3.3.5.3 IAIS Implementation 36 3.4 Project Schedule 37 3.5 Summary 37 CURRENT SYSTEM ANALYSIS 38 4.1 Introduction 38 4.2 Organizational Analysis 38 4.2.1 Organizational Structure 39 4.2.2 Core Business 40 4.2.3 IAD Organizational Structure and Functions 4.2.4 GHPB Existing IS/IT System 4.2.5 43 Problems With Existing Management Process 4.3 41 47 Current Business Process and Data Model (As-is-process) 48 4.3.1 Subject and Data Sources 48 4.3.2 Feasibility Analysis 49 4.3.3 SWOT Analysis 50 4.3.4 Analysis of the Business Process 51 x CHAPTER TITLE 4.3.5 PAGE Business Process Enhancement Before and After IAIS Implementation 55 4.4 System Requirements 4.5 Conceptual Design (To-be-Process and 4.6 56 Data Model) 57 4.5.1 Business Process and Data Model 57 1) Use Case Diagram 57 2) Interaction(Sequence) Diagram 60 3) Collaboration Diagram 69 Physical Design 75 4.6.1 Class Diagram 75 4.6.2 Database Design 76 4.6.3 Program (Structure) Chart 76 4.6.4 Interface Chart 78 4.6.5 Detailed Modules/Features – System Decomposition 92 4.6.6 IAIS Architecture 94 4.7 Software & Hardware Requirement 100 4.8 Test Plan 101 4.8.1 Unit Test 101 4.8.2 Integration Test 102 4.8.3 User Acceptance Test 102 4.9 Summary 103 xi CHAPTER 5 TITLE Implementation and Testing 104 5.1 Introduction 104 5.2 IAIS Coding Approach 104 5.2.1 Login Module 105 5.2.2 Tracking Audit Visits Module 106 5.2.3 Issuance of Report Modules 107 5.2.4 IAD Performance Index Modules 108 5.2.5 Audit Findings Analysis Modules 108 5.3 5.4 5.5 6 PAGE Test result/System Evaluation 109 5.3.1 Unit Test 110 5.3.2 Integration Test 114 5.3.3 116 User Acceptance Test User Manual for Administrator 120 5.4.1 User Documentation for Administrator 120 5.4.2 IAIS System Integration Summary 121 122 DESIGN IMPLEMENTATION AND TESTING 123 6.1 Introduction 123 6.2 Roll-out Strategy 123 6.3 Change Management 125 6.4 Business Continuity Plan (BCP) 128 6.5 Expected Organizational Benefits 129 6.6 Summary 130 xii CHAPTER 7 TITLE PAGE Discussion & Conclusion 131 7.1 Introduction 131 7.2 Achievements 131 7.3 Constraints and Challenges 132 7.4 Aspirations 133 7.5 Summary 134 REFERENCES 135 Appendices A-J 138 xiii LIST OF TABLES TABLE NO. TITLE PAGE 2.1 Examples of existing system 24 4.1 GHPB Technology Road Map 45 4.2 Feasibility Analysis Table 50 4.3 SWOT Analysis Table 50 5.1 Snapshot of the Login Module 105 5.2 Snapshot of the Tracking Audit Visits Module 106 5.3 Snapshot of the Issuance of Report Module 107 5.4 Rating scale for user acceptance questionnaire 117 5.5 Min value of each question 117 5.6 IAIS User Evaluation Questionnaire for IAD 119 5.7 Min Value for Each Testing Category 119 xiv LIST OF FIGURES FIGURE NO. TITLE PAGE 2.1 Diagram of an overview of selected major plantations key players progress in ICT 10 2.2 Diagram of MIS 17 2.3 MIS and decision-making process 18 3.1 Software Development Activities 29 3.2 Phases of OO system development cycle 31 3.3 IAIS System Development Process 34 4.1 Diagram of GHPB Organisation Structure 39 4.2 GHPB Technology Map 45 4.3 Current Business Process Flowchart Diagram 53 4.4 UML use-case diagram on the current business process 54 4.5 Comparison between current business process and after IAIS 55 4.6 Internal Audit Information System Use Case 58 4.7 Use Case Diagram for Administrator/Management 59 4.8 Use Case Diagram for Senior Executive/Executive 60 4.9 Administrator/Management Login into IAIS 61 xv FIGURE NO. TITLE PAGE 4.10 Senior Executive/Executive Login into IAIS 61 4.11 Administrator/Management Logout of IAIS 62 4.12 Senior Executive/Executive Logout of IAIS 62 4.13 Administrator/Management add new content 63 4.14 Administrator/Management Edit Content 63 4.15 Administrator/Management generate Audit Visit Report 64 Administrator/Management generate Audit Cost Report 64 Administrator/Management generate PIAR Report 65 Administrator/Management generate Auditees Reply Report 65 4.16 4.17 4.18 4.19 Administrator/Management generate Final Report Issuance Report 66 4.20 Administrator/Management generate the Annual KPI Report 66 Administrator/Management generate Department KPI Report 67 Administrator/Management generate Audit Findings Analysis Report 67 4.23 Senior Executive/Executive browse content 68 4.24 Administrator/Management login into IAIS 69 4.25 Administrator/Management add new content 69 4.26 Administrator/Management edit content 70 4.2.7 Administrator/Management browse content 70 4.21 4.22 xvi FIGURE NO. 4.2.8 4.29 TITLE PAGE Administrator/Management generate Audit Visit Report 71 Administrator/Management generate Audit Cost Report 71 4.30 Administrator/Management generate PIAR Report 71 4.31 Administrator/Management generate Auditee’s Reply Report 72 4.32 Administrator/Management generate Final Report Issuance Report 72 4.33 Administrator/Management generate Annual KPI Report 72 Administrator/Management generate Dept KPI Report 73 Administrator/Management generate Audit Findings Analysis Report 73 4.36 Administrator/Management logout 73 4.37 Senior Executive/Executive Login into IAIS 74 4.38 Senior Executive/Executive browse content 74 4.39 Senior Executive/Executive Logout of IAIS 74 4.40 IAIS Class Diagram 75 4.41 IAIS Database Design 76 4.42 IAIS Structure Chart 77 4.43 IAIS Interface Chart 79 4.44 Login Menu Screen 79 4.45 Login Screen 80 4.34 4.35 xvii FIGURE NO. TITLE PAGE 4.46 Main Menu Screen for Administrator/Management 81 4.47 Main Menu Screen for Senior Executive/Executive 81 4.48 Password Change screen 82 4.49 Tracking Audit Visits main screen 83 4.50 Tracking Audit Field Visits Module screen 83 4.51 Audit Visit Cost Module screen 84 4.52 Issuance of Report main screen 85 4.53 PIAR Module screen 86 4.54 Auditee’s Reply Module screen 86 4.55 Final Report Module screen 87 4.56 IAD Performance Index main screen 88 4.57 Annual KPI Module screen 89 4.58 Audit Findings Analysis Main screen 90 4.59 Audit Findings Analysis screen 90 4.60 Auditee’s Information screen 91 4.61 IAD’s Personnel Information screen 92 4.62 IAIS System Decomposition Diagram 93 4.63 IAIS Architecture 95 4.64 IAIS Application Architecture 96 4.65 Tracking Audit Visits Module 97 4.66 Issuance of Report Module 98 4.67 IAD Performance Index Module 99 xviii FIGURE NO. TITLE PAGE 5.1 Audit Findings Analysis Module 109 5.2 Example of the message box for invalid password 110 5.3 Example of run-time error 112 5.4 Example of the use of Visual Basic’s debugging tools 112 5.5 Example of error message for input testing 113 5.6 Example of output testing and the displayed Message 114 5.7 Example’s of user’s input for the integration test 115 5.8 Example’s of user’s corresponding output of the integration test 116 5.9 Bar chart of min value of each question 118 5.10 Pie chart of min value of each testing categories 120 6.1 The changes in the current business process after IAIS 126 xix LIST OF ACRONYMS IAIS Internal Audit Information System IAD Internal Audit Department GHPB Golden Hope Plantations Berhad KPI Key Performance Indicator IS Information System IT Information Technology ICT Information and Communication Technology GHICT GHPB’s ICT Department MIS Management Information System BMPs Best Management Practices PDA Personal Digital Assistance KLSE Kuala Lumpur Stock Exchange H&C Harrison and Crossfield PNB Permodalan Nasional Berhad ECS Estate Computer System GHOMIS Golden Hope Oil Mills Integrated System PAIMS Precision Agriculture Integrated Management System. GAAS Generally Accepted Auditing Standards xx LIST OF ACRONYMS IIA Institute of Internal Auditors BOD Board of Directors UKAIS United Kingdom Academy of Information System EDP Electronic Data Processing System DP Data Processing System DSS Decision Support System ES Expert System EIS Executive Information System AIS Accounting Information System WWF World Wildlife Federation CPO Crude Palm Oil CRM Customer Relationship Management AICPA American Institute of Certified Public Accountant BA British Airways HP Hewlett-Packard BSC Balance Score Card ERP Enterprise Resource Planning UML Unified Modeling Language OO Object-Oriented OOSE Object-Oriented Software Engineering OOA Object-Oriented Analysis xxi LIST OF ACRONYMS OOD Object-Oriented Design OOP Object-Oriented Programming SWOT Strength Weaknesses Opportunity & Threat PIAR Preliminary Internal Audit Report LAN Local Area Network BCP Business Continuity Plan DRP Disaster Recovery Plan xxii LIST OF APPENDICES APPENDIX TITLE PAGE A Gantt Chart for IAIS 139 B IAD Organization Chart 144 C Current Use Forms 146 D Use Case, Sequence & Collaboration Diagram (As-is-Process) 150 E GHPB infrastructure and network 161 F Software Test Plan 164 G Sample of IAIS generated reports 176 H User Acceptance Questionnaire 183 I User Manual 195 J Sample of Change Management Forms 231 CHAPTER 1 PROJECT OVERVIEW 1.1 Introduction Internal Audit Information System (IAIS) is an effort by Internal Audit Department (IAD) to adopt ICT tools in its operations in line with GHPB’s ICT master plan. ICT master plan is drafted to support GHPB in meeting the evolving business requirements, consistent change and competitive marketplace in line with the evolvement of the plantations industry. The paradigm shift has brought forth tremendous changes in the management of plantations industry. IAIS will assist IAD to keep track internal auditors’ audit visits and duration reports issued to the auditees, monitor each executive and department’s monthly performance and categorize the findings according to non-compliance and process improvement. Hence, in this project, the study aims is to bring about the changes, development and better improvement of the current manual process to a computerized system of IAD in monitoring its activities through the effective use of computer technology in terms of information management to provide both value and services to IAD of GHPB. 2 1.2 Background Of The Problem IAD of GHPB is required to visit various operating units or auditee in Malaysia and overseas. Internal Audit Executives will perform financial, compliance, system improvement, operational and management audits of the above operating units. Audit portfolio includes companies in diverse industries and countries throughout the world, including plantations and manufacturing. After completing the audit visits, the executives will then be required to produce audit reports within the specified time throughout the financial year. For every audit visit, IAD’s management will monitor the duration in which reports are prepared and issued to the auditee to enable management to limit and control the process to ensure the budgeted reports to be produced in each financial year as prescribed in the department’s Key Performance Indicator (KPI) are achieved. KPI is a tool to evaluate every department performance in GHPB throughout the financial year. Every department is required to submit each month performance to the KPI’s Committee. Every department’s performance is dependant towards each executive in the department’s performance as every visit completed will carry certain points depending on its objective, whether it’s a normal routine visit, special visit or an investigation etc. This evaluation will enable management to evaluate each executive’s performance in the Group throughout the financial year and provide an indicator for bonus and increment. The findings from the above visits will then be categorized as noncompliance and process improvement findings. The monetary losses for each audit visit will also be identified and calculated. Currently, all the above monitoring and controlling process is executed manually every end of the month by several senior executives and a manager. This process will consume time and resources in order to meet the tight dateline. This creates problems every end of the month for the management to keep track of the 3 audit visits and issuance of reports, monitor each executive and department’s monthly performance and categorizing the findings according to non-compliance and process improvement. A proper system application is needed to keep track the entire audit visits and duration in which reports are prepared/issued to the auditee, monitor each executive and department monthly performance and categorizing the findings according to non-compliance and process improvement. This will ensure a faster time and a reduce use of resources in preparing the monthly performance report to the KPI’s Committee. 1.3 Statement of the Problem IAD is unable to systematically keep track each executive in IAD audit visits and audit report issuance, monitor each executive and department’s monthly performance and categorize audit findings to non compliance and process improvement findings. 1.4 Project Objectives As a guideline to conduct this project, the following objectives are outlined: i. To study and analyze the internal audit visits, report issuance and executive/department’s monthly performance monitoring process. ii. To design and build a prototype of a computerize system for tracking audit visits and duration reports prepared/issued to the auditees, monitor each executive and department’s monthly performance and categorize the findings according to non-compliance and process improvement throughout the financial year. 4 1.5 Project Scope The scope of the project includes the following: i. The study involves conducting research and analysis of the current internal audit visits, report issuance monitoring and executive/department’s monthly performance monitoring process in order to identify and suggest improvement to computerize the current manual system. ii. IAIS keep track internal auditors entire audit visits and duration reports prepared/issued to the auditees, monitor each executive and department’s monthly performance and categorize the findings according to noncompliance and process improvement. iii. The IAIS is developed to cater the requirement of IAD of GHPB in submitting their monthly performance report to the KPI’s Committee, keeping track entire IAD’s audit visits and analyze the audit findings. iv. The project only focus on data related to IAD’s audit visits, audit findings and audit report issuance. v. The intended users of the system are the IAD’s Executives, Senior Executives and the management of IAD which comprises of the Manager, Senior Manager, and Director of IAD. These people are the stakeholders for the proposed system. vi. The hardware used in developing the information system is a computer powered by Intel Pentium® M Processor with 30GB Hard Drive and 0.99GB Shared DDR SDRAM. The Programming Language that will be used is Microsoft Visual Basic version 6.0 with Microsoft Windows XP Professional Version 2002 Operating System environment as the platform and Microsoft Access as the database platform. Crystal Reports Professional is used to design and generate various reports needed by IAD. Microsoft Project 2000 is the project management software that will be used to assist in managing IAIS project which provides Gantt Chart for project planning, controlling and monitoring. vii. Type of testing to be used in testing IAIS is unit, integration and user satisfaction testing. 5 By determining the scope of the study, the following processes in developing the proposed system as the solution of the project problem would be easier and has clearer defined boundaries, which in turn act as a guideline in developing the system. 1.6 Importance of Project This project is important to enable IAD to computerize the process of keeping track of the entire audit visits and duration reports been prepared/issued to the auditee, monitor executive/department’s monthly performance and categorizing the findings according to non-compliance and process improvement. This will shorten the time and reduce the use of resources in preparing the monthly performance report to the KPI’s Committee. 1.7 Chapter Summary This chapter has discussed the background of the problems and how this project will overcome the above problems. This chapter also discusses the objectives, scope and the importance of implementing IAIS in IAD of GHPB. 6 CHAPTER 2 LITERATURE REVIEW 2.1 Introduction In this chapter, the literature review will study and discuss on plantation management and their development towards information technology, the organization in which the IAIS system will be implemented, GHPB, the concept of audit, internal audit and its development trends towards Information Technology. This chapter will also analyze the concept of Information System (IS) and Management Information System (MIS) as this concept are the platform for the IAIS development process. Key Performance Indicator (KPI) concept will also be discussed as IAIS will be developed in line with KPI’s requirements. 2.2 Plantation Management Concept In this section, an overview on the concept of plantation management will be presented. We will also discuss on the plantation management development trends towards information technology and the IAIS effort to computerize the IAD’s operation. 7 2.2.1 Plantation Management “Plantation Management is the art or practice of managing of a large piece of land on which crops such as oil palm, rubber and tea are grown (Longman, 1993).” Palm oil is the second most important oil after soy oil, producing 23.18 million tonnes in year 2001 or 19.8 per cent of the total production of world oils and fats. Malaysia is currently the world's largest palm oil producer, contributing 50.9 per cent of total global production. “The development of Best Management Practices (BMPs) for oil palm plantations has driven the industry by the rationale that these practices enhance the overall productivity of the operations (WWF Forest Conversion Initiative Coordination Office, 2003).” Increasing environmental and social pressures on agriculture, which challenge the supply chain, and growing consumer concerns about the food chain, which challenge the markets, led to the engagement of the project called the Sustainable Agriculture Initiative. “Sustainable agriculture is defined, as productive, competitive and efficient, while at the same time protecting and improving the natural environment and conditions of the local communities (Unilever Research Laboratory, 2001).” Leading plantations companies in Malaysia such as GHPB, Guthrie Berhad, IOI Group, United Plantations Berhad, KL Kepong Berhad, TSH Resources Berhad and other players in the industry are implementing BMPs for its oil palm plantations industry. The above plantations companies similar to GHPB are mainly planting oil palms in their estates throughout Malaysia and Indonesia. They produce Crude Palm Oil (CPO) for their own production or export to overseas companies worldwide. Malaysia is the main contributor to the world’s palm oil demand. The plantations industry downstream activities are not limited to Crude Palm Oil (CPO) production, but production of all ranges of consumer oil and fats products including oleo-chemicals. Apart from producing CPO a small number of these plantation companies diversified into rubber, coco and other fruit and food crops such as guava, dragon fruit, passion fruit and herbal products. 8 At GHPB, it produces the full range of refined and processed palm oil products, as well as specialized palm oil formulations for the specific needs of customers. The special ranges of products are marketed worldwide. Golden Hope is synonymous with the production of specialty oils including Jomalina Red Palm Superolein, Jomalina's Quality Oil and Jomalina Super Palm Olein. GHPB also produce high quality cooking oil for the Malaysian and overseas markets such as under various brand names in different countries such as Golden Joma - Malaysia, Marvela - Vietnam and Golden Spring - China to capture a sizeable share in their respective markets. GHPB also produce Tocotrienols which is derived from palm oil distillates. This food supplement is known to be highly beneficial in the treatment of cardiovascular diseases, cholesterol and breast cancer. 2.2.2 Plantation Management Development Trends Towards IT The 1990s witnessed the adoption of the internet as the information super highway. In line with the information era, plantations industry has started the efforts towards the use of IT in managing their plantations. This is the effort towards continual drive in improving the efficiency of operations in plantations industry such as doing things better, optimizing resources and automating processes for more consistently excellent products and services. In the emergence of the information era in 1990s, the plantation industry has begun leveraging on ICT to enhance values in their core business and as the primary factor of change and value creation. Leading plantations companies in Malaysia are engaging the use of ICT such as integrated computer system, e-Commerce, Customer Relationship Management (CRM), internet and Knowledge Management in driving the company and improving the efficiency of plantation sector’s operations. These 9 companies are utilizing these ICT tools to assist its personnel to easily access required information, facilitate better-cost management, and facilitate more effective analysis and decision-making. The in-house integrated computer system built (plantation software) that manages the daily business transactions and produces the relevant reports. This software focuses on the daily business transactions of a company, such as the financial accounts reporting, payroll, inventory management, fixed assets management, billing, etc. The large amount of data and the complexity of the industry require the plantation industry players to equip their organization with the use of software. The plantation players have built their own in-house system in order to customize the integrated computer system with their organization business needs. The examples of an in house integrated computer system utilizes in managing the plantation industry are Golden Hope’s Estate Computer System (GH-ECS), System for Austral Plantation (SAP), KL-Kepong’s Estate Computer System (ECS), Boustead Holdings Berhad’s Plantation Management Information System (PIMS), TH Group’s Plantation Management & Costing System (PlantWare) and FELDA Prodata System. The tremendous change in the management of plantation industry has made auditing this industry more challenging. The in-house integrated computer system (plantation software) used in the plantation industry require the auditors to be proficient in IT system their auditing. The need to scrutinize and verify a large amount of information in the system requires the assistance for audit software. This audit software will assists auditors to appraise the adequacy of internal control system in the organization. The Audit Command Language (ACL) software and Interactive Data Extraction and Analysis (IDEA) software is the most used audit software in the market. This product are actively been used by the auditors in the plantation industry to assist them in auditing the integrated computer system. For example, IAD of GHPB is actively using the IDEA software in their auditing activities such as plantation, refinery and other manufacturing sector throughout the group. 10 . “An overview of selected major plantations key players’ progress in ICT” carried out by Andersen Consulting and GH Group ICT revealed that there appears to be no leader for the traditional plantation-based conglomerates. “IOI Corp Bhd seems to be leading the pack based on its foray into multimedia but the traditional plantation key players are smartly leveraging on ICT to enhance value in existing core businesses. Hong Leong is leading in ICT initiatives for the “Other Conglomerates” category (Andersen and GHPB Group ICT, 2005)”. There are still a lot of opportunities in the ICT or e-business initiatives market-space. Management of all the major players recognizes the importance of ICT to enable their business strategies. As for GHPB, in order for it to leap-frog from the conventional development stages, it must extensively leverage on the application of ICT, with information and knowledge serving as the primary factors of change and value creation. “An overview of selected major plantations key players’ progress in ICT is depicted in the Figure 2.1 (Andersen and GHPB Group ICT, Sh el l Ho n G ol de n Ho Si pe m e Da G rb ut y hr ie IO I Overview of Competitors ICT Progress g Le on Su g nw ay 2005)”. Criteria 1. Group IT/ICT 2. Group-wide E-Business Vehicle 3. E-Business Initiatives a) E-Commerce b) CRM c) SCM d) Knowledge Management e) Digital Marketplace f) Shared Services/ASP g) Web-based Business Implemented 4. Alliance Network WIP 5. ICT Track Record Not Confirmed 6. Management Drive Toward ICT Figure 2.1 Not Started Diagram of an overview of selected major plantations key players’ progress in ICT. 11 2.2.3 Plantation Management Summary In the information era in 1990s witnessed the efforts towards the use of IT in managing the plantations. It is a continual drive by plantation companies in improving the efficiency of operations in plantations sector from the manual system to a work system that utilizes IT tools in managing plantation operations such as the use of an integrated computer system, internet and PDA in their daily work. We can expect more IT tools will be adopted in managing the plantations sector in the near future. 2.3 Internal Audit Concept In this section, the basic internal audit concept will be presented. This is important to provide an overview on the concept of audit and internal audit and its role. We will also discussed on the internal audit development trends towards information technology and the IAIS effort to assist auditors on their task. 2.3.1 Internal Audit “Generally Accepted Auditing Standards (GAAS) define auditing as the accumulation and evaluation of evidence about information to determine and report on the degree of correspondence between the information and established criteria (AICPA, 1947).” “While, Millichamp (1996) define internal audit as an independent appraisal function established by the management of an organization for the review of the internal control system as a service to the organization. It objectively examines, evaluates and reports on the adequacy of internal control as a contribution to the proper, economic, efficient and effective use of resources.” 12 The continuing evolution of the definition of internal control has expanded far beyond accounting controls to a point where there is little difference between the terms "internal control" and "management” and perhaps most important of all, internal auditors are continually challenged to prove that they are indeed providing "value" to today's lean and sometimes mean organizations. “Institute of Internal Auditors (IIA) define internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes (IIA, 1999).” The role of the internal audit function is to evaluate and contribute to the improvement of risk management, control and governance systems. The key is to evaluate and contribute to the improvement. The lack or absence of risk management, control and governance systems has proven to be the leading cause of corporate disasters. Although some risks can be more easily controlled by insuring the risks or simply choosing not to go into the risky areas, corporations simply have to live with some risks. Fraud, theft, embezzlement are examples of risks, which cannot be fully mitigated, and yet they can be disastrous. 2.3.2 Internal Audit Development Trends Towards IT The first business operations were automated in most organizations during the 1960s and 1970s. The computers used were mainframes and processing was centralized. Gradually, more and more of organization’s information were processed by computers. As these higher levels of information were automated, 13 users wanted more flexibility and responsiveness from the systems they were using. Processing first became decentralized and then distributed. The 1990s witnessed the adoption of the internet as the information super highway. “Auditors have the same responsibilities with respect to an automated system as a manual system. This means that auditors must become proficient in the IT system they are auditing (Sawyer, 1998).” The IT system used in any organizations requires the internal auditors to be IT savvy in order for them to be proficient to audit the IT system. The need to scrutinize and verify a large amount of information in the system requires the assistance for audit software. Audit software is a software package that is used to assist auditors in their audit fieldwork in the most effective and efficient manner. It helps auditors to appraise the adequacy of internal control system in the organization by manipulating large amount of data in determining its accuracy, authenticity, validity, etc. The examples of mostly used audit software in any industry in the world are Audit Command Language (ACL) software and Interactive Data Extraction and Analysis (IDEA) software. ACL Services Ltd., the privately-held software developer of ACL is the leading global provider of Business Assurance Analytics to the audit and controls professions and the financial management community. Combining market-leading data analysis software and professional services expertise, ACL solutions give organizations confidence in the accuracy and integrity of the transactions underlying increasingly complex business operations and in the effectiveness of internal controls. ACL technology enables financial decision-makers to assure compliance, reduce risk, detect fraud, and enhance profitability, all with a return on investment measured in weeks, not months. With ACL, organizations can achieve enterprisewide testing and monitoring of controls through independent verification of transactional data, so they can trust their results like never before. Its customer base includes 70 of the Fortune 500 companies and over two-thirds of the Global 14 500, the Big Four public accounting firms, and hundreds of national, state, and local governments CaseWare IDEA Inc. is a privately held software development and marketing company of IDEA software. CaseWare IDEA Inc. is a subsidiary of CaseWare International Inc., the world leader in business-intelligence software for accountants, auditors and other professionals. CaseWare IDEA Inc. is the developer and global distributor of IDEA, the leading data analysis software used by accountants, auditors and systems and financial professionals, around the world. IDEA is used in over 90 countries in 12 languages, by major accounting firms, federal, state, provincial and local government, corporations in all industry sectors and by universities as a teaching tool. The power and functionality of IDEA have attracted users who are financial and internal auditors, forensic accountants and fraud investigators, financial managers, general and systems consultants, educators, statisticians and information systems professionals. With IDEA, auditors can read, display, analyze, manipulate, sample or extract from data files from almost any sources from mainframe to PC, including reports printed to a file. IDEA has functions and features not found in any other product, to help you work more efficiently and effectively and with more value to your organizations. 2.3.3 Internal Audit Summary Internal audit has expanded beyond accounting controls as there is a little difference between internal controls and management, and internal audit are continually challenged to provide “value” to organizations. With respect to the automated system replacing manual system, auditors must equip themselves to become proficient in the IT system they are auditing. GHPB is committed and has outlined several key elements to maintain a sound internal control. IAIS is an 15 effort by the IAD to adopt ICT tools in its operations in line with GHPB’s ICT master plan. 2.4 Information System (IS) Concepts In this section, the basic Information System (IS) and Management Information System (MIS) concepts will be presented and discussed. A good understanding on these concepts is important; as a computerized Internal Audit Information System (IAIS) will be develop in this project. 2.4.1 Information System (IS) “United Kingdom Academy of Information System (UKAIS) defines information systems as the means by which people and organizations, utilizing technology, gather, process, store, use and disseminate information (UKAIS, 2004)”. The IS is the nervous system which allows an organization to respond to opportunities and avoid threats. It is widely acknowledged that organizations with the best and most effective ISs are those that have clear and well thought out IS strategy. “The term information system suggests the use of computer technology in an organization to provide information to users. A computer-based information system is a collection of computer hardware and software designed to transform data into useful information. As indicated below, one might distinguish several types of computer-based information systems (Bodnar and Hopwood, 2001).” 16 Types Of Information Systems There are several types of computer based information systems: i. Electronic Data Processing System (EDP) ii. Data Processing System (DP) iii. Management Information System (MIS) iv. Decision Support System (DSS) v. Expert System (ES) vi. Executive Information System (EIS) vii. Accounting Information System (AIS) The following definitions on IS are gathered from several websites on several authors and practitioners understanding and believes what information system is. i. “IS is a collection of information technology, procedure and people responsible for the capture, movement, management and distribution of data and information. The IS is the mechanism to ensure that information is available to the managers in the form they want it and when they need it. (Martin et al., 2002).” ii. “A group of components that interact to produce information. The minimal system consists of data, procedures and people. Computer information systems include these three (3) plus hardware and programs (Kroenke, 1989).” iii. “A set of organized procedures that, when executed, provide information for decision-making, communications, and control of the organization (Lucas Jr., 1992).” iv. “IS actually is part of the much wider domain of human language and communication, that IS will remaining a state of continual development and change in response both to technological innovation and to its mutual interaction with human society as a whole (Ward and Peppard, 2003).” 17 The above IS definitions are compared to examine the concepts behind the definition. Definition (i) focused on IS as a mechanism to ensure that information is available to the managers. Definition (ii) focused on the components in producing information. Definition (iii) depicts IS as a set of organized procedures that assist in decision-making, communication and control and definition (iv) describes the IS as part a wider domain of human language and communication and will remain in a state of continual development. 2.4.2 Management Information Systems (MIS) “MIS provides a wide variety of information beyond that which is associated with data processing in organizations. MIS recognizes that managers within an organization use and require information in decision-making and that computer-based information systems can assist in providing information to managers (Bodnar and Hopwood, 2001)” The concept of MIS emerged after the growth of EDP departments, where it encourage managers to focus more on planning their organisations’ information systems. “As the EDP departments’ function expanded beyond routine processing of masses of standardised data, they began to be called MIS departments. Figure 2.2 is a diagram of MIS (Kroenke, 1987)” Figure 2.2: Diagram of MIS 18 MIS is every system, which provides information for the managerial activities in an organisation. The term MIS is synonymous with computer-based systems. MIS is the study of providing information to people who make choices about the disposition of valuable resources in a timely, accurate, and complete manner at a minimum of cognitive and economic cost for acquisition, processing, storage, and retrieval. “MIS is also defined as the effective design, delivery, and use of information systems in organizations (Keen, 1980)” Another definition emphasizes the use to which the information is put, rather than the way it is produced; “A system to convert data from internal and external sources into information and communicate that information in an appropriate form, to managers at all levels in all functions to enable them to make timely and effective decisions for planning, directing and controlling the activities for which they are responsible (Bee and Bee, 1999).” Others, however, give it more limited scope. They see it as a system collecting and analysing data and producing reports to help managers to solve problems. “MIS may be viewed as a mean for transformation of data, which are used as information in decision-making processes. Figure 2.3 shows this understanding about information as data processed for a definite purpose (Lucey, 1997).” Figure 2.3: MIS and decision-making process 19 The best characteristic of MIS is that it ties together a whole set of operations that general managers already thought were important such as reporting, financial controls and production scheduling, and connect them to the technology of computer. Efficient MIS enables management to plan co-ordinate, organise and control. It provides information needed for strategic planning and for day-to-day operations. The various levels of management typically require the information they receive to be formatted in different ways. These different levels of management decision-making can be described as follows: • Operational Information Largely internal, mainly historical, detailed information on a daily or weekly basis, often quantitative, high precision, narrow in scope. • Tactical Information Internal and external sources, with concern on the current and future performance, aggregated or summarized information on products, sales, investment profits etc. • Strategic Information Largely external information on economic conditions, technological developments and the actions of competitors, forward looking and qualitative. Information is important, precision is unimportant, wide ranging and incomplete. MIS Characteristics There are several characteristics of an ideal MIS. The followings are the ideal characteristics of an ideal MIS: • A MIS provide decision-oriented information to managers through the use of computer technology. 20 • A MIS provide a basis to analyse warning signals that can originate both externally and internally. • A MIS provide an automate routine operations thus avoiding human work in the processing tasks. • A MIS assist management in making routine decisions and provide the information necessary to make non-routine decisions. • A MIS serve as a strategic weapon to gain competitive advantages. • A MIS uses an integrated database and supports a variety of functional areas. • A MIS is flexible to meet changing information needs of the organization. 2.4.3 Information System (IS) Summary IS allows organizations to respond to opportunities and avoid threats. IS suggests the use of computer technology in an organization to provide information to users. MIS provides managers within organization information to assist them in decision-making on the disposition of valuable resources. Efficient MIS enables management to plan co-ordinate, organize and control. IAIS is a type of MIS that provides managers a tool to keep track the audit visits activities, calculate the department’s monthly performance index and analyzing the findings. 2.5 Key Performance Indicators (KPIs) concept In this section, the basic KPIs concept will be presented and discussed. A good understanding on these concepts are important as IAIS will be develop in line with KPI’s requirement. 21 2.5.1 Key Performance Indicators (KPIs) “KPIs is a good performance measurement system which emphasises on a balanced set of measures for companies, namely, Financial, Customer, Internal Business Process & Learning & Growth (Ethos, 2004)”. There are two (2) main reasons why do we need KPI. Firstly, to stay focus on key and pertinent issues to the business. Second, to drive us towards achieving our goals. In a complex business world, company may not succeed well if it focuses on numerous things in one go. Company may tend to focus on non-key issues, which have very little effect to the company. By monitoring the performance of our KPI consistently, company should be able to measure the health of our company and even able to detect the cause of the illness to some extent. By doing so, company could take timely corrective and preventive actions so that the íllness will not detriment company’s goals. GHPB never neglect on its most valuable assets – human capital. It harnesses human capital by rewarding and recognizing employees’ contribution based on Performance culture via KPIs. It is a continuation of GHPB’s effort in improving the performance measurement using the Balance Score Card (BSC) methodology. 2.5.2 Companies’ experience in successfully utilized KPIs to drive Global Excellence There are several companies’ that had experienced success using KPIs to drive their ‘Global Excellence’. With persistent review and strengthening, they achieved a high degree of internalization after three (3) to seven (7) years. The followings 22 are several companies experience in utilizing KPIs towards achieving global excellence: • Hewlett-Packard (HP) After utilizing KPIs in the company, HP had Increase its revenue from USD 365 million in 1970 to a current revenue more than USD 56 billion. • Ericsson Ericsson becomes the world’s largest supplier of mobile systems after utilising the KPIs of BSC methodology. • British Airways (BA) In 1980, BA faces a deficit of GBP 544 million. In 1983, after utilizing KPIs, BA started positioning itself as the “World’s favourite Airline” and currently BA had won Business Travellers’ Awards for eleven (11) consecutive years. • Telkomsel After utilizing KPIs, with 86% of subscriber base growth between year 2000 to 2002, it becomes one of the most profitable telcos in Asia Pacific at 59% Earnings Before Interest and Tax. 2.5.3 Key Performance Indicators (KPIs) Summary Organizations need KPI to stay focus on key and pertinent issues to the business and to drive organizations towards achieving business goals. KPI is a continuation of GHPB’s effort in recognizing employees’ contribution using the BSC methodology. Hewlett-Packard, Ericsson, British Airways and Telkomsel are among the companies in the world had experienced success using KPIs to drive their ‘Global Excellence’ with persistent review and strengthening after three (3) to seven (7) years practicing KPI. 23 2.6 Samples of Software In the Market In this section, samples of software available in the market will be discussed. Currently, the market only provides accounting and audit software. This software however, are unable to accommodate the requirements needed by IAD of GHPB to keep track the audit visits and duration reports are issued, monitor executive/department’s monthly performance and categorizing the findings according to non-compliance and process improvement. Basically, accounting software packages manages the daily business transactions and produces the relevant report whenever required by the user. The software only focuses on the daily business transactions of a company, such as the financial accounts reporting, payroll, inventory management, fixed assets management, billing, currency transaction functionality, etc. Examples of the small and medium sized business accounting software available in the market amongst others are AccPac and MYOB. For a more complex business environment, it requires a more complex software package such as the Enterprise Resource Planning (ERP) software. Major ERP vendors include SAP, PeopleSoft, Oracle and J.D. Edwards. Audit software is a software package that is used to assist auditors in their audit fieldwork. It helps auditors to manipulate large amount of data to determine its accuracy, authenticity, validity, etc. The auditing software only focuses on providing the auditors tools to scrutinize the data to enable them to capture and verify the required information. Examples of the auditing software available in the market are IDEA Software and ACL Software. The examples of the accounting and auditing software are simplified in the tabular below: 24 Table 2.1: Examples of existing system Descriptions Accounting software (AccPac, Characteristics Weaknesses Manage the daily business Only focus on the daily MYOB, transactions and produces the business transactions. SAP, PeopleSoft, relevant Oracle and report whenever J.D. required. Edwards) Auditing software Used to manipulate large Only focuses on (IDEA Software and amount of data to determine providing tools to ACL Software) data to its accuracy, authenticity, etc. scrutinize determine its accuracy, authenticity, etc. Both the above types of software do not meet the IAD’s requirement to assist IAD in monitoring, controlling and analyzing the department’s performance and evaluating its personnel performance. Due to the unavailability of specific software that could assist IAD’s specific requirement, IAD is proposing to develop its own in-house information system that can be customized according to IAD needs. IAIS feasibility analysis and SWOT analysis on the system are discussed in further detail in Section 4.3.2 on Feasibility Analysis and Section 4.3.3 on SWOT Analysis. IAIS is an effort by IAD to computerize the process of tracking of the audit visits and duration reports are prepared and issued, monitor executive/department’s monthly performance and categorizing the findings according to non-compliance and process improvement findings throughout the financial year. 2.7 Chapter Summary This chapter describes the literature review conducted in this project prior to the development of the IAIS. The literature review conducted is on the concept of plantation management and their development towards information technology, 25 the organization in which the IAIS system will be implemented, GHPB, concept of audit, internal audit and its development trends towards IT, the concept of IS and MIS, KPI concept and several companies’ success experience using KPI as a driving force of Global Excellence. This forms the foundation of the development. By conducting the review, the following processes in developing the IAIS as the solution of the project problem would be easier and has clearer views as a guideline in developing the system. 26 CHAPTER 3 METHODOLOGY 3.1 Introduction In this chapter, the methodology and the notation chosen to be adopted for the whole system development process will be discussed. Methodology is a technical plan that attempts to link the beginning and ending of a study. The software and hardware requirement are also discussed and determined in this chapter. 3.2 Project Methodology The project methodology for this project is further discussed in detail stepby-step processes in the subsequent subsections. The project methodologies include the project proposal, Literature Review, Current System Analysis, IAIS System Development Methodology, System Development and Report Writing. 3.2.1 The Project Proposal The project proposal is the initiation phase of this project in developing the IAIS. Title is selected in this phase with the project objectives, scopes, importance 27 and limitations are determined. After the proposal is being approved by the Project1 Panel, the literature review and current system analysis process are carried out concurrently as to maximize the use of time due to the time constraint in developing IAIS. 3.2.2 Literature Review Literature Review is carried out to generate ideas in developing and designing the IAIS. Books, journals, articles, internet are the sources gathered in doing the literature review. The information gathered from the literature review range from the basic concepts, method, techniques and current IT trends of development as a reference to generate ideas for developing the proposed system. The literature review conducted for this project is presented in Chapter 2. 3.2.3 Current System Analysis The background of the current system scenario is carried out to understand the current manual process through the process of interviewing, questionnaire, observations and collecting relevant documents. Based on the information gathered, the weaknesses and problems of the existing process are identified and analysed. The possible improvement to the current process will be identified and becomes the basis for the proposed system that is the IAIS. The current system analysis will be discussed in further detail in Chapter 4. 3.2.4 IAIS System Development Methodology A systematic approach is essential in developing a well-designed system. In order to determine the suitable system development methodology, we need to carry 28 out some research and literature review. IAIS is going to be developed using OO methodology and UML notation. OO methodology is chosen for IAIS software development project because of its systematic approach of developing the system, its use case driven approach and its traceability over the entire system development life cycle. The detail explanation on the OO methodology is further discussed under Section 3.3.2 Object-Oriented Software Engineering (OOSE) and Section 3.3.3 Unified Modeling Language (UML). 3.2.5 System Development OOSE is an approach to object oriented that focuses on real-world objects. The OOSE approach allows the process of gathering, understanding and analyzing the users’ requirement of the system from the user point of view that will ensure the proposed system will conform to the user requirement and specification. UML notation will be use as the language for specifying, constructing, visualizing and documenting the software system. 3.2.6 Report Writing Report Writing is an on going process of the project, which does all the writing up including the documentation of the system and user manual. This is an important phase whereby all the result and discussion will be presented and concluded in the deliverable of this phase. 3.3 System Development Methodology For the purpose of this IAIS project, a system development methodology needs to be determined and justified for the project software life cycle. 29 3.3.1 Methodology Approach “Methodology is a collection of techniques for building models and it is applied across the development of a software system (Bruegge, 1997).” A methodology can be defined as comprehensive, multi-step approaches to system development that will guide our work and influence the quality of our final product that is the information system. System development methodology on the other hand refers to a standard process followed in an organization to conduct all the steps necessary to analyze, design, implement and maintain information systems. “A methodology is composed of one of the software development models used in conjunction with one or more techniques, that is methodology = model + technique(s). The techniques of prototyping, cleanroom, and object-oriented are ways to implement the waterfall, incremental, and spiral models. These techniques may be mixed and matched on a single project. Also, portions of a technique may be used without using all aspects of that technique. This means that a project using the spiral model may combine prototyping with object-oriented analysis and design and also use cleanroom testing techniques (Sorensen, 1995).” “Software development goes through a progression of states that is the software development activities as depicts in Figure 3.1 (Bruegge, 1997).” Conception Pre-Development Childhood Adulthood Retirement Development Figure 3.1: Software Development Activities Post-Development 30 A methodology is chosen for any particular project depending on the size of the system to be implemented and the number of people working on the project. Object-Oriented Software Engineering (OOSE) methodology is chosen for this IAIS software development project. The detail explanation of this methodology will be discussed further in the next section that is Section 3.3.2 on Object-Oriented Software Engineering (OOSE) and Section 3.3.4 on Unified Modeling Language (UML) notation. 3.3.2 Object-Oriented Software Engineering (OOSE) Object-Oriented Software Engineering (OOSE) is a use-case driven methodology introduced by Jacobson et al. (Jacobson et al, 1992).” This methodology uses use cases at all stages of development. These include analysis, design, validation and testing. The object-oriented (OO) approach to software development focuses on real-world objects. “By organizing the analysis and design models around sequences of user interaction and actual usage scenarios, this method is able to produce system that are both more usable and more robust, adapting more easily to changing usage (Bahrami, 1999).” OO approach is based on the premise that there exists a fundamental human limitation to manage more than seven (7) different objects or concepts at one time. “Booch (1994) suggests that the principles of software engineering can help us decompose systems so that we never simultaneously deal with more than seven (7) entities.” OO popularity is increasing in concert with the increasing complexity of software systems. OO approach includes OO analysis (OOA), design (OOD), and programming (OOP). 31 “The emphasis in modeling should be on analysis and design, focusing on front-end conceptual issues, rather than back-end implementation issues, which unnecessarily restrict design choices (Rumbaugh et. al, 1991).” “OO development life cycle consists of three phases – analysis, design and implementation as depicted in Figure 3.2 (Hoffer et al., 1999).” In the early stages of OO system development cycle, the model built is abstract, focusing on external qualities of the application system. As the model evolves, it becomes more and more detailed, shifting the focus to how the system will be built and how it should function – system architecture, data structures and algorithms. Like any IS, the system developer must generate code and database access routines. Implementation System Design Analysis - application what - system architecture subsystem - data structure algorithms controls - programming database access Object Design Figure 3.2: Phases of OO system development cycle 3.3.3 Methodology Justification OO methodology is chosen for this IAIS software development project because of its systematic approach of developing the system, its use case driven approach and its traceability over the entire system development life cycle. The use case driven approach in OOSE allows the process of gathering, understanding and analyzing the users’ requirement of the system from the user point of view. 32 This will ensure the proposed system will conform to the user requirement and specification. The IAIS will provide reports every month on the department’s performance to be submitted to the KPI’s Committee. The accuracy of the generated report is crucial as it reports the departments and each executive’s performance. To ensure the success of this project, all requirements in the development of this system application are identified and resolved using the OOSE. 3.3.4 Unified Modeling Language (UML) The UML builds upon and unifies the semantics and notations of the Booch (Booch, 1994), OOSE (Jacobson et al., 1992) and Object Modeling Technique (Rumbaugh et al., 1991). In this OO approach, UML notation will be used. UML by the Object Management Group (OMG) is adopted in this approach as its language for specifying, constructing, visualizing and documenting the software system and its components. The UML is called a modeling language, and not a method. Most methods consist of at least in principle, both a modeling language and a process. Modeling is the designing of software applications before coding. Modeling is essential for large software project and also helpful to medium and small project. A model plays the analogous role in software development. IAIS uses the UML notation because it is useful for graphically depicting OO analysis and design models. It will specify the requirement of IAIS, capture the design decisions and promotes communication among key personnel involved in the development process. By using UML, the IAIS being developed can assure their business functionality in monitoring, controlling and analyzing IAD’s performance and 33 evaluating its personnel performance is complete and correct, end-user needs are met, and program design supports requirement for scalability, robustness, security, extendibility and other characteristics, before implementation in code. UML also helps to specify, visualize, and document models of IAIS, including their structure and design in a way that meets all of these requirements. By using any one of UML based tools, future application’s requirements can be analysed and solutions that meets them can be design. UML is methodologyindependent. Regardless of the methodology used to perform analysis and design, UML can be used to express the result. UML has twelve (12) standard diagram types. UML defines twelve (12) types of diagrams, divided into three (3) categories, which is the Structural or Static Diagrams (four (4) diagrams), Behavioral or Dynamic Diagrams (five (5) diagrams) and Model Management Diagrams (three (3) diagrams). IAIS use UML in delivering the results using UML’s diagram. 3.3.5 The detail IAIS System Development Process In this section, the detail step-by-step process of system development for this project will be discussed. These include the analysis phase, design phase and implementation phase. The detail IAIS System Development Process for this project is illustrated in the following Figure 3.3. 34 IAIS Requirement Analysis Phase Identify Actors Develop use-case diagram Develop Analysis Object Diagram IAIS Design Phase Identify Implementation Environment Develop Design Object Diagram Develop Interaction Diagram IAIS Implementation Phase Design Class Construct Database Management Design Develop Access & View Layer Design Coding Testing Figure 3.3: IAIS System Development Process 3.3.5.1 IAIS Requirement Analysis Analysis is the first systems development life cycle phase. It provides an in depth understanding of the needs for system or process changes. The goal of the requirement analysis is to capture a complete, unambiguous and consistent picture of the requirement of the system or process and what the system must do to satisfy 35 the users’ requirement and needs. The process of requirement analysis consists of the following steps: i. Identify the actors The actors who will be using the proposed IAIS are the personnel in IAD, which involve directly with monitoring, controlling and analyzing the department’s performance. ii. Develop Use Case Diagram Use case diagram for the proposed system is constructed based on IAD personnel needs in reporting monthly performance index to the KPI’s Committee, tracking of the audit visits and analyzing the findings. This diagram will depict what the user will do with the system and what kind of information would they provide or obtain from the system. The use case diagram is very useful to understand the system requirement as it is developed based on the user point of view. The use case developed will be used, as the main reference throughout the system development process to ensure that the system constructed will conform to the user requirement. 3.3.5.2 IAIS Detailed Design The goal of IAIS is to raise the model developed during analysis phase into actual objects that can perform the required task. Generally, the design phase process consists of the followings: i. Identify implementation environment In order to adapt the IAIS design model to the actual implementation environment, the actual technical constraints where the system will be built needs to be identified. The programming language, Visual Basic 6.0 will be used for the realization of the system. This identification has to be done 36 early, as it will affect how far the analysis model should be refined to transform it into design model. ii. Develop Interaction Diagram Interaction diagram is being developed based on the use case diagram. It is used to depict how the objects identified collaborate with each other to get the task done. For each use case developed in the requirement analysis phase, a sequence diagram is created to illustrate the behavior of a system arranged in a time sequence. iii. Construct Database Management Design In the database design process, relational model is used as IAIS database. Relational model maps data to and from application objects. iv. Develop Access and View Layer design Access Layer design defines the structure of nodes and links of IAIS showing how navigation is supported by the access structures and view layer design is the graphical user interface design that focuses on how the information and access structures are presented to the users. 3.3.5.3 IAIS Implementation For IAIS implementation, Microsoft Visual Basic version 6.0 will be used as the programming language. The implementation process can begin early during the design phase when the class design start to stabilize and are frozen. The models developed during the design phase will be translated and implement with Visual Basic (VB) source code. In the process of coding, the testing process can begin and proceed in parallel. 37 3.4 Project Schedule The project of developing IAIS is divided into two (2) phases which is the Project 1 and Project 2. The Gantt chart for the whole process of developing IAIS is as per Appendix A. Microsoft Project 2000 is the project management software that will be use for project scheduling to assist in managing IAIS project in providing Gantt Chart for project planning, controlling and monitoring. 3.5 Chapter Summary This chapter describes the methodology and the notation used in developing the system. The OO methodology is selected as the system development methodology that will be used to analyze and design the proposed system. UML are later be use to construct the proposed system. 38 CHAPTER 4 SYSTEM DESIGN 4.1 Introduction This chapter will focus on the analysis and design carried out, the analysis of the requirements for the deliverable and the conceptual design. The chapter will discuss on the organizational analysis, the current business process and data model, user requirements, conceptual design which covers current business process and data model, physical design that include database design, structure chart, interface chart, detailed modules/features and system architecture, hardware requirements and test plan. 4.2 Organizational Analysis In this section, the Organizational Analysis will be presented and discussed in the aspect of its structure, functions, core business, existing IS/IT systems and the problem statement of the organization. 39 4.2.1 Organizational Structure GHPB Board of Directors comprises of its Chairman, Tan Sri Dato’ (Dr.) Ahmad Sarji Abdul Hamid, Group Chief Executive, Dato’ Sabri Ahmad with four (4) Non-Independent Director and three (3) Independent Director. GHPB management profile is divided into group operation division and group support services division. GHPB detail organization structure is shown as follows: Figure 4.1: Diagram of GHPB Organisation Structure 40 4.2.2 Core Business GHPB is a leading Malaysian company listed on Kuala Lumpur Stock Exchange (KLSE) with more than 17, 000 shareholders and over 20,000 employees. It was established in 1844 under the name Harrison and Crossfield (H&C) and renamed GHPB in 1990 to reflect change in management when Permodalan Nasional Berhad (PNB) took majority equity of the company. GHPB owns and manages more than 167,000 hectares of oil palm, rubber and fruit plantations. GHPB overseas operations are in Netherlands (Unimills B.V.), Vietnam (Golden Hope-Nhabe), China (Jiangyin-Golden Hope) and Bangladesh (Bangladesh Edible Oils Limited) as well as a distribution centre in Germany (Paul Tiefenbacher). GHPB produces and processes palm oil, palm kernel oil, rubber and fruits at its various processing centre nationwide. It also ventured into value-added manufacturing of resource-based products, including refined edible oils, shortening, oleochemicals, rubber footwear, parquet, tropical fruit juices, spraydried coconut milk powder, concentrated coconut milk and vitamin E. GHPB’s ICT master plan is to support GHPB in meeting the evolving business requirements over the next ten (10) years and consistently takes into account the changing and intensely competitive marketplace to continually improve ICT products of the group and to satisfy operational needs. In line with GHPB’s ICT master plan, GHPB is continuously adopting ICT tools in managing the plantations operations. GHICT initiatives were focused on developing new applications for the expanding oil and fats business, while improving current applications for the plantations business. GHPB is currently using Estate Computer System (ECS) in their plantations and oil mills operations. Other products that have proven successful within the Group include GHOMIS (Golden Hope Oil Mills Integrated System) and PAIMS (Precision Agriculture Integrated Management System). 41 As the current level of IT deployment in plantation sectors are still relatively low, this represents a niche market with large untapped potential. Due to this, plans are in the pipeline for GHICT to market these applications to companies outside GHPB. 4.2.3 IAD Organisational Structure and Functions IAD current workforce strength is twenty eight (28) personnel which is headed by a Director and assisted by a Senior Manager, Manager and Assistant Manager. Other workforce includes seven (7) Senior Executives, thirteen (13) Executives and three (3) Subject Matter Experts. The Subject Matter Experts are from various fields such as mechanical engineering, chemical engineering and construction. The current workforce of the IAD based on the organisation structure as approved by the Audit Committee on 28 August 2002 is summarised as per Appendix B. In view of strengthening the corporate governance, GHPB’s Board of Directors (BOD) gave its committed to maintain a sound system of internal control. In line with above view, the BOD has outlined several key elements to guide GHPB in maintaining a sound internal control system. The risk management, control and governance systems of the GHPB, as with other organisations, are promulgated in the policies and procedures of the company. The details are as follows: i. Risk Management Through understanding of business objective and environment, the internal audit activity monitors and evaluates the effectiveness of the company’s risk management system. 42 ii. Control The internal audit activity assists the company in maintaining effective controls by evaluating their effectiveness and efficiency and also by promoting continuous improvement. Internal auditors ensure that each business unit’s objective, operational programme and its implementation as well as the end results are in conformance with the overall company’s objective. iii. Governance The internal audit contributes to the company’s governance process by evaluating and improving the process through which: • values and goals are established and communicated, • the accomplishment of goals is monitored, • accountability is ensured, and • values are preserved. The function of IAD is complementary to, but different from External Auditors. It undertakes regular monitoring of the Group’s key controls and procedures as an integral part of the Group’s system of internal control. An internal audit review of operating units of the Group is an independent objective assessment of a unit’s compliance with internal controls. Internal auditors conduct scheduled visits to the Group’s operating units in Malaysia and those located overseas. Audit visits are also conducted for several reasons, such as, the impending retirement or transfer of a manager of an operating unit e.g. estate, oil mill etc. or at the request of the Management, Audit Committee, the Board of GHPB or the Board of the subsidiary. Reports prepared by Internal Audit are first circulated to the management of the operating units and their respective Boards for deliberation on the audit findings, recommendations of Internal Audit and corrective actions that management would need to take in respect thereof. “Pre-audit review meetings” are held before the audit reports are tabled to the respective Boards. These meetings are chaired by the Group Chief Executive and are attended by the Director, Internal Audit and heads of operating units. The audit reports are then tabled to the Audit Committee for its review and 43 deliberation. The Audit Committee will be briefed on the progress made in respect of each recommendation (since the audit report). The detail internal audit business process will be further discussed in Section 4.3 Analysis (As-is-process). 4.2.4 GHPB Existing IS/IT System GHPB is in the process of implementing information and communication technology (ICT) master plan to support GHPB in meeting the evolving business requirements over the next ten (10) years and consistently takes into account the changing and intensely competitive marketplace to continually improve ICT products of the group and to satisfy operational needs. To expedite the implementation process, GHPB’s ICT Department (GHICT) is initiating a programme to build ties with local and global technology partners. This synergistic alliance with technology partners will also position GHICT ability to create a significant alternative to the IT outsourcing market, forge a market leadership in agro based IT industry, and create a pool of capable in-house work team. The first GHICT master blue print was based on Gartner Group USA was introduced to the GHPB in April 2000. The blueprint provides the technology map that led to the establishment of ICT infrastructure and the installation of new computer applications for the core business processes. The target was to electronically enable GHPB by year 2002/2003. However, in the mixture of technologies, GHPB has to coincide with the modus operandi of GHPB and the pertinent level of intellectual capital in GHPB. It is the reason GHICT unable to deliver the infrastructure and applications within the designated period. A newer ICT master blueprint was introduced in 2002/2003 and is used as the ICT technology map for year 2002/2003 to year 2005/2006. The technology map is more promising and within reach of GHPB and GHICT team. 44 GHICT master plan is to align IT strategy with business strategies in the following areas: • Business technology planning process, which sponsor collaborative planning processes, • Applications development where new and existing enterprise initiatives and overall coordination for business units and divisional initiatives, • IT infrastructure and architecture (for example computers and networks) are running as well as ensuring ongoing investments are made, • Sourcing where analysis whether to make or buy decisions relative to outsourcing versus in-house provisioning of IT services and skills, • Partnerships by establishing strategic relationships with key IT suppliers and consultants, • Technology transfer by providing enabling technologies that make it easier for customers and suppliers to do business with the organization as well as increase revenue and profitability, • Customer satisfaction by interacting with internal and external clients to ensure continuous customer satisfaction, • Training by providing training for all IT users to ensure productive use of existing and new systems. Figure 4.2 below depicts the “GHPB technology map for year 2002/2003 to year 2005/2006 (GHICT, 2003).” 45 Figure 4.2: GHPB Technology Map The GHICT Technology Road Map has been evolving around the company strategic business plans. The details of the technology road map are as follows: Table 4.1: GHPB Technology Road Map ICT Goals ICT Initiatives • IT Time Frame infrastructure investments Enhance business productivity and efficiency Defend and maintenance • Group wide • Past 3-years • Next 3-years especially in traditional ERP such as agribusiness and implementation existing business value • Workflow Management • Process automation • e-CRM • Business or businesses, property. Market Intelligence • Knowledge Management • Web based applications • Supply Chain Management • Next 2-years 46 ICT Goals ICT Initiatives • Application Time Frame support provider or hostings Create • new business value • through new • Next 2-years (especially for Digital Markets in-house developed products Alliances GH-ECS, business mode GHOMIS KMC Digital Repository In line with GHPB’s ICT master plan, GHPB is continuously adopting ICT tools in managing its overall operations especially the plantations operations. GHICT initiatives were focused on developing new applications for the expanding oil and fats business, while improving current applications for the plantations business. GHPB is currently using Estate Computer System (ECS) in their plantations and oil mills operations. Other products that have proven successful within the Group include GHOMIS (Golden Hope Oil Mills Integrated System) and PAIMS (Precision Agriculture Integrated Management System). GHPB is consistently takes into account the changing and intensely competitive marketplace to continually improve ICT products of the group and to satisfy operational needs. In line with the GHPB’s ICT strategic directions, IAD is initiating the effort to adopt ICT tools in IAD’s operations. IAD is focus in developing new applications for the current daily business operation to replace the current manual operation in order to satisfy the current operational needs. The first step is to computerize IAD’s administration activities before computerizing the overall auditing process and integrating it with the auditing software (IDEA Software) which is currently being used by IAD. The IAIS system development project is the first pilot project in computerizing IAD activities. The commitment of IAD’s Director in pursuing the use of ICT tools in the department’s activities also help smoothen the process of developing and implementing IAIS in IAD of GHPB. IAIS is an information system that will assist IAD to keep track the entire audit visits and duration reports issued to the auditee, monitor executive/department monthly performance and categorize the audit findings according to non- and 47 compliance and process improvement process throughout the financial year. IAIS will be an IAD’s effort to support the GHICT master plan in enhancing business productivity and efficiency using ICT tools through computerizing IAD’s operations as it is currently carried out manually. 4.2.5 Problems with Existing Management Process This section identifies and discusses the problem and limitation of the current process of how IAD keep track the entire audit visits and duration in which reports are prepared/issued to the auditee, monitor executive/department’s monthly performance and categorize the findings according to non-compliance and process improvement. This will ensure a faster time and a reduce use of resources in preparing the monthly performance report to the KPI’s Committee. Currently, all the above monitoring and controlling process is executed manually every end of the month by several senior executives and a manager. This process will consume time and resources for the management in order to meet the dateline every end of the month. The above information were also not presented in a report form but merely calculated as and when the monthly performance report are going to be submitted to the KPI Committee every end of the month. The monthly performance report only covers the numbers of reports issued todate, the numbers of special reports issued todate and the numbers of improvements and non-compliance findings detected todate. Furthermore, the unavailability of such reports did not give the management the overall picture of the total time field visits are carried out, duration in which reports are prepared/issued to the auditee, how many days lapse if reports issued late as expected and the quality of findings detected as at todate. 48 4.3 Current Business Process and Data Model (As-is-process) In this section, an analysis on the current or as-is–process of the business process will be presented and discussed thoroughly. It covers subject and data sources, Feasibility Analysis, SWOT Analysis, Analysis of the Business Process and To-Be Process and Data Model. 4.3.1 Subject and Data Sources The subject involve in this project are focused to the needs of IAD, which would be the ultimate user of the system. The data are collected from the subject through a traditional method, which is conducting interview with people who are directly and indirectly involved in the system or process, distributing questionnaire, observe the user and collecting relevant documents such as reports, forms, procedures and other hard copy related to the current business process. The purpose of this project originates from the requirements to computerize the administration manual system of reporting monthly performance index to the KPI’s Committee. The data pertaining to the management and the process of gathering, organizing, compiling and maintaining the IAD’s information need to be gathered from the department itself. The grasp of the current process scenario and the problem with existing process is vital in order to provide applicable solutions. The detail explanations on the data collecting process are as follows: • Interviewing Interviewing is one of the primary ways to gather information about the current business process in the IAD. Interviewing key personnel involve in monthly reporting to the KPI Committee, tracking of the audit visits and analyzing the findings will explained to the interviewer about their nature of work, the information they use to do it and types of information processing that might supplement their work. During interviewing, facts, 49 opinions, speculation and observation on the body language, emotions and other signs of what IAD personnel want are gathered and how they assess current business process. • Observations Observations are carried out at the IAD to obtain more first hand and objective measures of personnel interaction with the current business process. Observe IAD personnel at selected times is to see how data are handled and what information are needed to do their job. It will add more reflection of reality on the current business process despite information gathered from interview and questionnaire. • Analyzing relevant documents Analyzing relevant documents such as reports, forms, procedures and other hard copy would provide valuable insight to the current business process in IAD. It would also provide concrete examples of the use of data and information in IAD. In the documents, we can find information about problems with existing business process, organizational direction that can influence the requirement of the process, key personnel who have an interest in the IAD existing business process, special information processing circumstances that occurs irregularly and etc. 4.3.2 Feasibility Analysis This section will discuss on the Feasibility Analysis on the implementation of IAIS. The details of the analysis will be tabulated below: 50 Table 4.2: Feasibility Analysis Table Area Descriptions IAIS is an in-house developed system. It will be developed with Financial minimum cost, as the project will be developed by IAD’s personnel. IAIS will improve the economic benefits in terms of time and Economic resources in monitoring and controlling the audit visits, monthly reporting and categorizing the audit findings. Management IAIS will ease and improve the current process of keeping track the audit visits and issuance of reports, monitor the executive/department’s monthly performance and categorizing the findings according to non-compliance and process improvement. IAIS will help to computerize the process of gathering the data Technical needed in reporting to KPI’s Committee and categorizing the audit findings through the use of the current system development technology, OO methodology. 4.3.3 SWOT Analysis This section will discuss the Strengths, Weaknesses, Opportunities and Threats (SWOT) Analysis on IAIS. The details of the SWOT analysis will be tabulated below: Table 4.3: SWOT Analysis Table Strengths Weaknesses Computerizing the current manual system Resistance from IAD’s personnel in of keeping track the audit visits and using the IAIS system would result in monitor duration of audit report issued, delays of the system implementation. monitor executive/department monthly performance and categorizing the audit findings. Reduce IAD’s use of resources in IAD’s personnel have to be trained on submitting the monthly performance report to use of the system. 51 Strengths to the KPI’s Committee. Weaknesses Computerized system reduces time to meet None the tight dateline in submitting the KPI Report. IAIS is cheaper to develop as it is developed in-house. It is carried out by the None IAD personnel. Opportunities Threats Implement the IAIS on other departments Change in company’s methodology of in GHPB and modify or fine-tune the evaluating employees from the current modules to meet other department’s needs BSC methodology will change the in reporting to KPI’s Committee. Harness the Group ICT structure of evaluating the employees. Strategic Directions, in supporting the GHICT None master plan. Enhancing business productivity and efficiency using ICT tools through the None implementation of IAIS. After analyzing the SWOT analysis table above, implementation of the proposed system, IAIS, has more benefits in terms of strengths and opportunities as opposed to the weaknesses and threats. 4.3.4 Analysis of the Business Process GHPB is implementing its IT master plan through its Group Information and Communication Technology (GHICT) to support GHPB in meeting the evolving business requirements over the next ten (10) years. To expedite the implementation process, GHICT is initiating a programme to build ties with local and global technology partners. This synergistic alliance 52 with technology partners will also position GHICT ability to create a significant alternative to the IT outsourcing market, forge a market leadership in agro based IT industry, and create a pool of capable in-house work team. GHPB is consistently takes into account the changing and intensely competitive marketplace to continually improve ICT products of the group and to satisfy operational needs. In line with the Group ICT Strategic Directions, IAIS will be an IAD’s effort to support the GH ICT master plan. IAD is currently reporting KPI’s monthly performance manually to the KPI’s Committee. IAD is unable to systematically keep track each executive in IAD audit visits and audit report issuance, monitor each executive/department’s monthly performance and categorize audit findings to non compliance and process improvement findings. The forms that are currently in use are as per Appendix C. As an effort to increase an efficient internal control body within GHPB, information management is a great and important challenge in the process of providing information within the department and to the outsiders. The current business process of IAD of GHPB will be model using the flowchart diagram as illustrated in Figure 4.3 below. The details of the business process are as follows: 1. The process starts with a team of three (3) or four (4) executives that are lead by a senior executive went for an audit visit, either normal routine visit, special visit or an investigation. The audit visits duration varies depending on the purpose of the visit, from five (5) to ten (10) working days. 2. After returning from the audit visits, the team is required to prepare an audit report within five (5) to ten (10) working days. The findings from the above visits will then be categorise as non-compliance and process improvement findings. 3. The report would then be reviewed and amended by the Manager or the Senior Manager and confirmed the categories of the audit findings. 4. Finally, it will be reviewed and approved for issuing by the Director of IAD. 5. The preliminary internal audit report (PIAR) will be issued to the auditee and the auditee is required to reply within three (3) working days. 53 6. After receiving the reply, the final report will then be issued by IAD to the auditee, board of directors, audit committee and to the external auditor, Ernst & Young. Start Field audit Visit Audit Report Preparation Audit Report Review by the Manager or Senior Manager Amendment to the PIAR Audit Report Review by IAD Director No Audit Report approved for issuance by IAD Director Yes PIAR Issued to Auditee for reply Receive reply from Auditee Final Report Issued to Auditee End Figure 4.3: Current Business Process Flowchart diagram 54 The current manual business process of IAD tracking its audit visits and report issuance, monitor each executive/department’s monthly performance and categorize audit findings will be depict using the UML uses case diagram as illustrated in Figure 4.4. The other use case diagram, sequence diagram and activity diagram are attached in Appendix D. The details of the process are as follows: 1. The Senior Executive and the Manager will keep track the duration of the entire audit visit. 2. IAD’s Manager will monitor the above duration in which reports are prepared and issued to the auditee to enable management to limit and control the process to ensure the budgeted reports to be produced in each financial year are achieved as prescribed in the department’s KPI. 3. Each executive and department monthly performance is monitored and calculated by the Senior Executive and Manager every end of the month before submitting it to the KPI’s Committee. 4. The IAD’s Senior Executive and Manager analyze the findings and categorize the findings according to non-compliance and process improvement. 5. Finally, the Manager fills in the KPI Report Forms and submits the monthly performance index to KPI’s Committee. Track Audit Visit Monitor Rpt Issuance Manager Performance Monitoring Senior Executive Categorize Audit Findings Submit KPI Rpt Figure 4.4: UML use-case diagram on the current business process 55 4.3.5 Business Process Enhancement Before and After IAIS Implementation This section will discuss on the comparison between the current manual business process and after IAIS is being implemented. The details of the comparison are depicted below: Current business process Business process after IAIS Start Start Field audit Visit Field audit Visit Audit Report Preparation & Issuance Fill in the Audit Control Sheet Audit Report Preparation & Issuance Key-in the duration of audit visit and preparing the report Calculate the duration of the audit visits Calculate the duration of the report preparation Calculate the duration of the report issuance Analyze & categorize the audit Calculate department’s monthly performance index Submit monthly performance index to KPI’s Committee IAIS process the data and ready to generate the preformatted reports Print analysis report based on analysis features Print the monthly performance index report Submit monthly performance index to KPI’s Committee End End Figure 4.5: Comparison between current business process and after IAIS 56 The above comparison between the current manual business process and after IAIS is being implemented showed major reduction in the process of tracking the entire audit visits, calculate the department’s monthly performance index and categorizing the findings according to non-compliance and process improvement. This will shorten the time and reduce the use of resources, manpower and cost, in executing the above tasks. The manual processes of calculating the duration of the audit visits, preparation of report and issuance, analyzing and categorizing the audit findings, calculating the department’s monthly performance index will be eliminated. It will be replaced by an computerized system. IAIS will also provide the ability for the user to view report through the use of the query analysis features, which allow analysis and forecasting based on the database in the system and print an autocalculated IAD’s monthly performance index report. 4.4 System Requirements This section will discuss on the system requirements in implementing the IAIS. The user of the system is all the IAD’s personnel that involves of the Senior Executives, Manager, Senior Manager, the Director of the IAD and the KPI’s Committee requirements will be taken into account in the analysis of the project, as they require special format of reporting. These people are the stakeholders for the proposed system. Amongst the requirement needed for the development system are as follows: • IAIS will provide an automated mechanism for IAD’s personnel to keep track the audit visits, calculate the department’s monthly performance index and categorize the audit findings. • The deliverables documents shall conform to deliverables required by the KPI’s Committee reporting format. • The system modules shall be in line with the requirement needed by the IAD’s system user. 57 • IAIS shall be equipped with security features that can only be accessed by authorized personnel, which is the Senior Executives, Manager, Senior Manager and Director of IAD. The information in the system will not be exposed and transferred to the outside parties. • Each user of IAIS will be provided their own login user name to track their access and activities in the system. • The entire interface and information within the proposed system shall be in English language. 4.5 Conceptual Design (To-Be Process and Data Model) This section will discuss and proposed a solution for the problem identified in the current management system. Based on the as–is process analysis, an IAIS is proposed in order to facilitate the monthly performance report to the KPI’s Committee. 4.5.1 Business Process and Data Model 1) Use Case Diagram Use Case Diagram is categorized under Behavioral Diagram, which represent how the actors will use the system to achieve their tasks, thus providing a general overview of the system functionality. The following figure shows several use cases diagram designed for IAIS. The documentation of use cases diagrams of IAIS are discuss in further detail below. The overall use case diagram designed for IAIS is illustrated in Figure 4.6. 58 Login Generate Audit Visit Report Generate Audit Cost Report Generate PIAR Report Generate Reply Report Generate Final Report Issuance Report Senior Executiv e/Executiv e Administrator/Ma nagement Generate Annual KPI Report Generate Department KPI Report Generate Audit Findings Analy sis Report/Statistics Add new content Edit content Browse Content Logout Figure 4.6: Internal Audit Information System Use Case Figure 4.7 illustrates the use Administrator/Management actor of the IAIS. case diagram for the Administrator/Management 59 functionality includes login, add content, edit content, browse content, generate audit visit report, generate audit cost report, generate PIAR report, generate reply report, generate final report issuance report, generate Annual KPI report, generate department KPI report and generate audit findings analysis report/statistics and logout. Login Generate Audit Visit Report Generate Audit Cost Report Generate PIAR Report Generate Reply Report Generate Final Report Issuance Report Administrator/Ma nagement Generate Annual KPI Report Generate Department KPI Report Generate Audit Findings Analy sis Report/Statistics Add new content Edit content Browse Content Logout Figure 4.7: Use Case Diagram for Administrator/Management 60 Figure 4.8 illustrates the use case diagram for the Senior Executive/Executive actor of the IAIS. Senior Executive/Executive functionality includes login, browse content and logout. Login Senior Executive/Executive Browse Content Logout Figure 4.8: Use Case Diagram for Senior Executive/Executive 2) Interaction (Sequence) Diagram The Sequence Diagram, which is classified under Interaction Diagram, which model the interaction, occurs between objects participating in that use case. The interaction takes place as the objects send messages to each other. These messages are actually the method of the object. The main purpose of the use case design is thus to define the method of the object. The following figure shows several sequence diagram designed for IAIS. Figure 4.9 depicts the Administrator/Management actor sequence diagram who wants to login to IAIS by providing user name and password. 61 : User Validator : Login Menu : Valid User Session : Admin Menu : Administrator/Management Login() Check Login() All valid record Compare() Create() Display() Figure 4.9: Administrator/Management Login into IAIS Figure 4.10 shows the Senior Executive/Executive initiate logging into IAIS by providing its user name and password. : Login Menu : User Validator : Seni or Executive/Executive Login() : Valid User Session : Exec/Sen. Exec Menu Check Login() All valid record Compare() create() display() Figure 4.10: Senior Executive/Executive Login into IAIS 62 Figure 4.11 illustrates the sequence diagram for Administrator/Management who logout of IAIS. This is to ensure once the user logout, the restricted access area is not accessible anymore unless the user login again. : Admin Menu : Administrator/Mana Logout() : Valid User Session : Main Page Abandon() Display() Figure 4.11: Administrator/Management Logout of IAIS Figure 4.12 illustrates the Senior Executive/Executive sequence diagram of logging out of the IAIS. : Senior Executive/Executive Logout() : Exec/Sen. Exec Menu : Valid User Session : Main Page Abandon() Display() Figure 4.12: Senior Executive/Executive Logout of IAIS 63 Figure 4.13 depicts the Administrator/Management sequence diagram on how it creates new content in the IAIS. : Content Editor : Admin Menu : Administrator/Management Add Content() : Content display() save() add new() content saved() Figure 4.13: Administrator/Management add new content Figure 4.14 illustrates the Administrator/Management sequence diagram on the ability to edit the existing content in the IAIS. : Admin Menu : Administrator/Management : Content Editor Get VisitID() : Content Retrieve() Display() Save() Update() Content saved() Figure 4.14: Administrator/Management Edit Content 64 Figure 4.15 illustrates the sequence diagram of Administrator/Management ability to create and view the list audit visit as at the date report being generated that contain amongst others the auditee, audit report number, date audit start and end and the list of team members. : Report Generator : Administrator/Mana : AuditVisitsReport Generate Report () create() display() Figure 4.15: Administrator/Management generate Audit Visit Report Figure 4.16 illustrates the sequence diagram of Administrator/Management ability to create a report that contains the total cost and its detail cost component for every audit visit as at the date report being generated. : Administrator/Mana : Report Generator Generate Report() : AuditCostReport create() display () Figure 4.16: Administrator/Management generate Audit Cost Report 65 Figure 4.17 shows the PIAR Issuance Report which contains the date of the report start, date PIAR been reviewed by Manager, Senior Manager and Director, the date PIAR are sent and reply by the auditee as at the date report being generated. : Administrator/Mana : Report Generator Generate Report() : PIAR Issuance Report create() display() Figure 4.17: Administrator/Management generate PIAR Issuance Report Figure 4.18 illustrates the Reply Report which contains the date of reply received from third party such as ICT Department, Estate Operations Department (EOD), Engineering Services Unit (ESU), etc. to enable the reply are closely monitored to avoid delays. : Administrator/Mana Generate Report() : Report Generator : ReplyReport create() display() Figure 4.18: Administrator/Management generate Reply Report 66 Figure 4.19 illustrates the Final Report Issuance Report which contains the duration report are prepared until its date of issuance to monitor the durations report are prepared. : Report Generator : Administrator/Mana Generate Report() : FinalReport create() display () Figure 4.19: Administrator/Management generate Final Report Issuance Report Figure 4.20 shows the sequence diagram for the Annual KPI Report which displays the list of audit visits made by every executive as at the date report being generated. : Administrator/Mana : Report Generator Generate Report : AnnualKPIReport Create() display () Figure 4.20: Administrator/Management generate the Annual KPI Report 67 Figure 4.21 illustrates the Department KPI Report sequence diagram which displays the list of audit visits made according to the audit category and the statistical data in the form of graphs as at the date report being generated. : Administrator/Mana : Report Selector : Chart : DeptKPIReport Generate Report() create() build chart() chart() display () Figure 4.21: Administrator/Management generate Department KPI Report Figure 4.22 illustrates the Audit Findings Analysis Report sequence diagram which displays the list of audit findings categorise according to noncompliance and process improvements findings for every audit visits and the monetary lost incurred. The statistical data in the form of graphs are also generated in this report. : Administrator/Mana : Report Generator : AuditFindingsAnaly sisReport : Chart Generate Report() create() build chart() chart() display () Figure 4.22: Administrator/Management generate Audit Findings Analysis Report 68 Figure 4.23 illustrates the browse content sequence diagram for Administrator/Management to navigate through all information in IAIS. : Main Page : Administrator/Management Click Content() : Content display() Figure 4.23: Administrator/Management browse content Figure 4.23 illustrates the browse content sequence diagram for Senior Executive/Executive to navigate only through information in Tracking Audit Visits Module, Issuance of Report Module, Auditee’s Information Module and IAD Personnel Information Module in IAIS. : Main Page : Content : Senior Executive/Executive Click Content() display() Figure 4.23: Senior Executive/Executive browse content 69 3) Collaboration Diagram The Collaboration Diagram is classified under Interaction Diagram. The diagram depicts the interaction occur between objects participating in that use case. The interaction takes place as the objects send messages to each other. These messages are actually the method of the object. The main purpose of the use case design is thus to define the method of the object. The following figure shows several sequence diagram designed for IAIS. Figure 4.24 illustrates the collaboration diagram of the Administrator/Management activity of logging into IAIS. : User Validator 2: Check Login() 4: Compare() 3: All valid record 1: Login() 5: Create() : Valid User Session : Login Menu 6: Display() : Administrator/Management : Admin Menu Figure 4.24: Administrator/Management Login into IAIS Figure 4.25 shows the collaboration diagram of the Administrator/Management ability to add new content into the system. 1: Add Content() : Admin Menu 3: save() 2: display() : Administrator/Management 5: content saved() : Content Editor : Content 4: add new() Figure 4.25: Administrator/Management add new content 70 Figure 4.26 depicts the collaboration diagram of the Administrator/Management ability to edit the existing content of the IAIS. 1: : Admin Menu 5: Save() : Administrator/Management 2: Get VisitID() 4: Display() 7: Content saved() : Content Editor 3: Retrieve() : Content 6: Update() Figure 4.26: Administrator/Management edit content Figure 4.27 illustrates the Administrator/Management ability to browse the whole content of information in the IAIS. 1: Click Content() : Main Page : Administrator/Management 2: display() : Content Figure 4.27: Administrator/Management browse content Figure 4.28 shows the activity of Administrator/Management generating the list of audit visit in the Audit Visits Report. 71 3: display() 2: create() 1: Generate Report () : AuditVisitsReport : Report Generator : Administrator/Management Figure 4.28: Administrator/Management generate Audit Visits Report Figure 4.29 depicts the activity of Administrator/Management generating the Audit Costs Report of every audit visit. 3: display() 1: Generate Report() 2: create() : Report Generator : AuditCostReport : Administrator/Management Figure 4.29: Administrator/Management generate Audit Cost Report Figure 4.30 shows the activity of Administrator/Management generating the PIAR Issuance Report. 4: display() 1: Generate Report() 2: Generate Report (Report Type) : Report Selector 3: create() : Report Generator : User1 Figure 4.30: Administrator/Management generate PIAR Report : PiarReport 72 Figure 4.31 illustrates the activity of Administrator/Management generating the Reply Report from the third party (if any) for every audit visit. 3: display() 1: Generate Report() 2: create() : ReplyReport : Report Generator : Administrator/Management Figure 4.31: Administrator/Management generate Reply Report Figure 4.32 illustrates the activity of Administrator/Management generating the Final Report Issuance Report for every audit visit. 3: display() 1: Generate Report() 2: create() : Report Generator : FinalReport : Administrator/Management Figure 4.32: Administrator/Management generate Final Report Issuance Report Figure 4.33 shows the collaboration diagram for the Annual KPI Report for every executive’s audit visits. 3: display() 2: Create() 1: Generate Report : Report Generator : AnnualKPIReport : Administrator/Management Figure 4.33: Administrator/Management generate Annual KPI Report 73 Figure 4.34 shows the collaboration diagram for the Department KPI Report according to the audit category. 5: display() 1: Generate Report() 2: create() 3: build chart() : Report Selector : DeptKPIReport : Chart 4: chart() : Administrator/Management Figure 4.34: Administrator/Management generate Dept KPI Report Figure 4.35 illustrates the Audit Findings Analysis Report collaboration diagram according to non-compliance and process improvements findings for every audit visits and the monetary lost incurred. 5: display() 1: Generate Report() 2: create() 3: build chart() : AuditFindingsAnalysisReport : Report Generator : Chart 4: chart() : Administrator/Management Figure 4.35: Administrator/Management generate Audit Findings Analysis Report Figure 4.36 shows the collaboration diagram for Administrator/Management who logout of IAIS. 1: Logout() 2: Abandon() : Admin Menu 3: Display() : Valid User Session : Main Page : Administrator/Management Figure 4.36: Administrator/Management Logout of IAIS Figure 4.37 shows the Senior Executive/Executive activity of logging into IAIS by providing its user name and password. 74 4: Compare() 2: Check Login() 1: Login() : User Validator : Login Menu 3: All valid record : Senior Executive/Executive 6: display() 5: create() : Valid User Session : Exec/Sen. Exec Menu Figure 4.37: Senior Executive/Executive Login into IAIS Figure 4.38 shows the collaboration diagram for Senior Executive/Executive activity of navigating through information in Tracking Audit Visits Module, Issuance of Report Module, Auditee’s Information Module and IAD Personnel Information Module in IAIS. 1: Click Content() : Main Page 2: display() : Senior Executive/Executive : Content Figure 4.38: Senior Executive/Executive browse content Figure 4.39 shows the collaboration diagram for Senior Executive/Executive activity of logging out of IAIS. 3: Display() 2: Abandon() 1: Logout() : Exec/Sen. Exec Menu : Valid User Session : Senior Executive/Executive Figure 4.39: Senior Executive/Executive Logout of IAIS : Main Page 75 4.6 Physical Design This section will describe thoroughly the original design of the IAIS physical design. It will describe the class diagram, database design, program (structure) chart, interface chart, detailed modules/features and system architecture (physical design). 4.6.1 Class Diagram This section describes the class diagram of IAIS. It involves defining the attributes and methods for each class of the class diagram. Figure 4.40 illustrates the class diagram for IAIS. <<Form>> f rmTrackAuditVisit (from IAIS) Form_Unload() datPrimaryRS_Error() datPrimaryRS_MoveComplete() datPrimaryRS_WillChangeRecord() cmdAdd_Click() cmdDelete_Click() cmdRefresh_Click() cmdUpdate_Click() cmdClose_Click() <<Form>> f rmIssuanceRpt (from IAIS) <<Const>> EM_UNDO = &HC7 <<Declare>> SendMessage() <<Declare>> OSWinHelp() MDIForm_Unload() Back_Click() <<Form>> f rmLogin (from IAIS) ubah : Double simpan : Double LoginSucceeded : Boolean CmdCancel_Click() cmdOK_Click() txtPassword_KeyPress() txtUserName_KeyPress() (from IAIS) Form_Unload() datPrimaryRS_Error() cmdAdd_Click() cmdDelete_Click() cmdRefresh_Click() cmdUpdate_Click() cmdClose_Click() <<MDI Form>> f rmMain (from IAIS) <<Const>> EM_UNDO = &HC7 <<Declare>> SendMessage() <<Declare>> OSWinHelp() MDIForm_Unload() Command7_Click() Command10_Click() Command9_Click() Command8_Click() Command11_Click() Command12_Click() Exit_Click() <<Form>> frmIADPerformanceIndex (from IAIS) <<Const>> EM_UNDO = &HC7 <<Declare>> SendMessage() <<Declare>> OSWinHelp() MDIForm_Unload() Back_Click() <<Form>> f rmIADInf o <<Form>> FrmAdtFind (from IAIS) <<Const>> EM_UNDO = &HC7 <<Declare>> SendMessage() <<Declare>> OSWinHelp() MDIForm_Unload() Back_Click() Figure 4.40: IAIS Class Diagram <<Form>> f rmAuditeeInf o (from IAIS) Form_Unload() datPrimaryRS_Error() cmdAdd_Click() cmdDelete_Click() cmdRefresh_Click() cmdUpdate_Click() cmdClose_Click() 76 4.6.2 Database Design This section describes the database design of IAIS. The database design is created based on the system database requirement. Detailed database design has been created in the form of a table that represents the fields and characters. The database is created using Microsoft Access tools. Table 4.41 describes the detailed database design for the IAIS. Figure 4.41: IAIS Database Design 4.6.3 Program (Structure) Chart This section will discuss the IAIS’s structure chart. In the structure chart, there is an entry for every type of categorization under consideration. The IAIS Program (Structure) Chart is depicted in Figure 4.42 below. 77 IAIS Tracking Audit Visits Module Audit Field Visit Module Issuance of Report Module Audit Visits Cost Module Annual KPI Module Auditees Reply Module PIAR Module IAD Performance Index Module Audit Finding Analysis Module Department KPI Module Final Report Module Figure 4.42: IAIS Structure Chart i. Tracking Audit Visits Modules IAIS is an information system developed to assist the IAD in tracking the entire audit visits to Estates, Oil Mills and subsidiaries throughout the financial year. It will provide analysis on the duration of the audit field visits and the cost of every audit visit. It has two (2) sub-modules as follows: ii. • Audit Field Visit Module. • Audit Visit Cost Module. Issuance of Report Modules IAIS will provide monitoring tool to enable management to limit and control the duration in which reports are prepared and issued to the auditee in ensuring the department’s KPI are achieved. It will provide analysis on the duration of audit report prepared and issued to the auditee. It has three (3) sub-modules (as follows): 78 iii. • Preliminary Internal Audit Report (PIAR) Module. • Reply Module. • Final Report Module. IAD Performance Index Modules IAIS will provide a tool to calculate the department’s monthly performance index, which will enable the management to evaluate each executive’s performance throughout the financial year and for bonus and increment purposes. It will provide analysis on the calculation of performance index. It has two (2) sub-modules as follows: iv. • Annual KPI Module. • Department KPI Module. Audit Findings Analysis Modules IAIS will provide a tool to categorize the findings according to noncompliance and process improvement findings that will be used to produce a statistics to analyze the findings for KPI purposes. It will provide analysis on the audit findings on every audit visits. The analysis features is according to non-compliance and process improvement findings and monetary loss for each visits. 4.6.4 Interface Chart This section will discuss the interface chart and the proposed screen design of IAIS based on the modules requested by IAD’s personnel. The tools used for the Interface Design is Microsoft Visual Basic version 6.0. The detail explanations for each screen design are as follows: 79 Login Menu Login Module Main Menu Main Menu Tracking Audit Visit Module Audit Field Visit Module Issuance of Report Module Audit Visits Cost Module PIAR Module IAD Performance Index Module Department KPI Module Annual KPI Module Auditees Reply Audit Finding Analysis Module Audit Field Visit Module Final Report Module Figure 4.43: IAIS Interface Chart • Tracking Audit Visits Module LOGIN MENU Figure 4.44: Login Menu screen PIAR Module Issuance of Report Module Audit Visits Cost Module Auditees Reply Final Report Module 80 The first screen the IAIS display is the login menu screen. The user must choose between the Administrator/Management and Senior Executive/ Executive path button. • LOGIN The first screen the IAIS will display is the login screen. The users are required to fill in the password for the predefined user name in login screen in order to login to the predefined system functionality. Figure 4.45: Login screen • MAIN MENU for Administrator/Management After login to the system using Administrator/Management path button, IAIS will display the main menu screen. The screen will have seven (7) options for the users to go, which is the Tracking Audit Visits, Issuance of Report, IAD Performance Index, Audit Findings Analysis, Auditee’s Information, IAD’s Personnel Information and exit. 81 Figure 4.46: Main Menu screen for Administrator/Management • MAIN MENU for Senior Executive/ Executive Figure 4.47: Main Menu screen for Senior Executive/ Executive 82 After login to the system using Senior Executive/ Executive path button, IAIS will display the main menu screen. The screen will only have five (5) options for the users to go, which is the Tracking Audit Visits, Issuance of Report, Auditee’s Information, IAD’s Personnel Information and exit. • PASSWORD CHANGE Password Change screen will display the screen to add, update, delete, refresh and close the screen. Figure 4.48: Password Change screen • TRACKING AUDIT VISITS Tracking Audit Visits screen will display the main menu for Audit Field Visit Module, Audit Visit Cost Module and exit function to the main menu. 83 Figure 4.49: Tracking Audit Visits main screen • AUDIT FIELD VISITS Figure 4.50: Audit Field Visit Module screen 84 Audit Field Visits screen will display the screen to add the details of the audit visits, update, delete and refresh the audit visits details. It also provides close the screen button to the Tracking Audit Visits main menu screen. • AUDIT VISITS COST Audit Visits Cost screen will display the screen to add, update, delete and refresh the cost details for every audit visits. It also provides close the screen button to Tracking Audit Visits main menu screen. Figure 4.51: Audit Visit Cost Module screen • ISSUANCE OF REPORT Issuance of Report Module consists of three (3) submodules, which are the Preliminary Internal Audit Report (PIAR) Module, Auditees Reply Module 85 and Final Report Module. Issuance of Report main menu screen will display the path button to the above module and exit button to the main menu screen. Figure 4.52: Issuance of Report main screen • PRELIMINARY INTERNAL AUDIT REPORT (PIAR) Preliminary Internal Audit Report (PIAR) screen will display the screen to add, update and delete the details on the preparation of the audit report and the details of the report reviews by the management. It also provides the refresh the screen button and close screen button to the Issuance of Report main menu screen. 86 Figure 4.53: Preliminary Internal Audit Report (PIAR) Module screen • PIAR REPLY Figure 4.54: Auditee PIAR Reply Module screen 87 Auditee PIAR Reply Module screen will display the screen to add, update and delete the details on the third party reply of the audit report. It also provides the refresh the screen button and close screen button to the Issuance of Report main menu screen. • FINAL REPORT Final Report screen will display the screen to add, update and delete the details of the final audit report. It also provides the refresh screen button and close screen button to the Final Report main menu screen. Figure 4.55: Final Report Module screen • IAD PERFORMANCE INDEX IAD Performance Index Modules provide a tool to monitor each executive’s performance and the department’s monthly performance. IAD Performance Index main menu screen will display the path button to the 88 Annual KPI Module, IAD KPI Module and exit button to the main menu screen. Figure 4.56: IAD Performance Index Main screen • ANNUAL KPI Annual KPI Module screen will display the screen to add, update and delete the details on each executive’s audit visit as at the date of report generated. It also provides the refresh screen button and close screen button back to the IAD Performance Index main menu screen. 89 Figure 4.57: Annual KPI Module screen • IAD KPI IAD KPI Module screen will generate the report of overall IAD audit visits according to its category (Estate, Oil Mill, Corporate and Special visits) as at the date of audit report. • AUDIT FINDINGS ANALYSIS main Audit Findings Analysis main screen will display the audit findings analysis path button, print function button and exit function button back to the main menu. 90 Figure 4.58: Audit Findings Analysis Main screen • AUDIT FINDINGS ANALYSIS Figure 4.59: Audit Findings Analysis screen 91 Audit Findings Analysis screen provide analysis on the audit findings on every audit visits and the auditee’s monetary losses. It will display the screen to add, update and delete the details of the audit findings. It also provides the refresh screen button and close screen button to the Audit Findings Analysis main screen. • AUDITEE’s INFORMATION The auditee’s information screen in the IAIS will display the form for the user to key-in all auditee’s in GHPB details. Figure 4.60: Auditee’s Information screen • IAD’s PERSONNEL INFORMATION The IAD’s personnel information screen in the IAIS will display the form for the user to key-in all the details of IAD’s personnel information. 92 Figure 4.61: IAD’s Personnel Information screen 4.6.5 Detailed Modules/Features - System Decomposition An information system is proposed to keep track the entire audit visits and duration reports prepared/issued to the auditees, monitor each executive and department’s monthly performance and categorize the findings according to noncompliance and process improvement. IAIS is developed to assist IAD in preparing of the monthly performance report to the KPI’s Committee by IAD. It is hope to fasten the time and reduce the use of resources in preparing the monthly performance report. Based on the information gathered using the interview with IAD personnel, questionnaire submitted to the personnel in IAD, observations on IAD’s business process and analyzing documents related, there are several modules identified required by IAD. 93 This section will discuss on the IAIS System Decomposition. The IAIS system decomposition is depicted in Figure 4.62 below: IAIS Tracking Audit Visits Issuance of Report IAD Performance Index Audit Finding Analysis Figure 4.62: IAIS System Decomposition Diagram From the requirements by the IAD’s personnel, IAIS will contain several modules that are requested by IAD: i) Tracking Audit Visits Modules IAIS assist IAD in tracking the entire audit visits to Estates, Oil Mills and subsidiaries throughout the financial year. It will provide analysis on the duration of the audit field visits and the cost of every audit visit. It will be categorize according to Estate, Oil Mill, Corporate and Special Audit/Investigation visits. It has two (2) sub-modules as follows: ii) • Audit Field Visit Module. • Audit Visit Cost Module. Issuance of Report Modules IAIS provide monitoring tools to enable management to limit and control the duration in which reports are prepared and issued to the auditee in ensuring the budgeted reports to be produced are achieved in each financial year as prescribed in the department’s KPI. It will provide analysis on the duration of the preparation and issuance of audit report. It has three (3) sub-modules. The sub-modules are as follows: • Preliminary Internal Audit Report (PIAR) Module. • Reply Module. • Final Report Module. 94 iii) IAD Performance Index Modules IAIS will provide a tool to calculate each executive’s performance and the department’s monthly performance index throughout the financial year, as a guideline which will enable the management to evaluate for bonus and increment. It will provide analysis on the calculation of performance index. It has two (2) sub-modules as follows: iv) • Each executive todate performance index. • Department’s monthly performance index. Audit Findings Analysis Modules IAIS will provide a tool to categorize the findings according to noncompliance and process improvement findings that will be used to produce a statistics to analyze the findings for KPI purposes. It will provide analysis on the audit findings on every audit visits. The analysis features is according to the audit findings - non-compliance and process improvement findings according to normal routine visit, special visit or an investigation etc. and monetary loss for each visits. 4.6.6 IAIS Architecture The proposed information system enables IAD to computerize the process of keeping track of the entire audit visits and duration reports prepared/issued to the auditees, monitor each executive and department’s monthly performance, categorize the findings according to non-compliance and process improvement and provide the ability for the user to view report, in which analysis based on the database stored in the system could be carried out. The IAIS system network is supported by GHPB local area network (LAN) available. The GHPB infrastructure and network is depicted in Appendix E. The IAIS architecture is shown in Figure 4.63 below. 95 IAIS Database Server IAIS HP Printer Printer Senior Executive/ Executive Administrator/Management Figure 4.63: IAIS Architecture IAIS is comprises of several major components, which includes database management, user interface and user. It is the backbone of the IAIS. The functioning IAIS is comprises of four (4) major modules that is the Tracking Audit Visits Module, Issuance of Report Module, IAD Performance Index Module and Audit Finding Analysis Module. Each of IAIS modules is accessible only to the specified users with the specified designation, for example the executives of IAD can only access Tracking Audit Visits Module and Issuance of Report Module while Director, Senior Manager and Manager (Management) of IAD can access all the four (4) modules available in IAIS. Figure 4.64 below illustrates the IAIS Application Architecture which consists of four (4) major modules that is the Tracking Audit Visits Module, Issuance of Report Module, IAD Performance Index Module and Audit Finding Analysis Module and the user access right towards the above major modules. 96 IAIS Database Issuance of Report Module IAD Performance Index Module Audit Finding Analysis Module User 1 Tracking Audit Visits Module Issuance of Report Module User 2 Tracking Audit Visits Module User Interface Administrator Director Senior Manager Manager All IAD Senior Executive and Executives Figure 4.64: IAIS Application Architecture 1) Tracking Audit Visits Module Tracking Audit Visits Module is accessible by all users using IAIS in IAD. The module is comprises of two (2) submodules, which is the Audit Field Visit Module and Audit Visits Cost Module. Figure 4.65 below shows the component of Tracking Audit Visits Module. 97 Tracking Audit Visits Audit Field Visit Module Audit Visits Cost Module Figure 4.65: Tracking Audit Visit Module i) Audit Field Visit Module This submodule help keeps tracks on the duration of every audit field visits carried out by IAD’s personnel according to the auditees category (Estates, Oil Mills, Corporate and Special/Investigation Audit) and total duration of audit visits according to categories. ii) Audit Visit Cost Module This submodule keeps tracks on the cost of every audit field visits carried out by IAD’s personnel according to the auditees category (Estates, Oil Mills, Corporate and Special/Investigation Audit) and total cost of audit visits according to its respective categories. 2) Issuance of Report Module Issuance of Report Module assist the management to limit and control the duration in which reports are prepared and issued to the auditee in ensuring the budgeted reports to be produced are achieved in each financial year. This module is accessible by all users using IAIS in IAD. It consists of three (3) submodules, which are the Preliminary Internal Audit Report (PIAR) Module, Auditees Reply Module and Final Report Module. Figure 4.66 below shows the component of Issuance of Report Module. 98 Issuance of Report Auditees Reply Module PIAR Module Final Report Module Figure 4.66: Issuance of Report Module i) Preliminary Internal Audit Report (PIAR) Module This submodule keeps tracks on the duration of IAD’s personnel in preparing of Preliminary Internal Audit Report (PIAR) according to Estates, Oil Mills, Corporate and Special/Investigation Audit category. This will ensure the management can monitor and control the duration in which reports are prepared. ii) Auditees Reply Module This submodule keeps tracks on the duration of audit findings reply from the third party related directly to the auditee according to Estates, Oil Mills, Corporate and Special/Investigation Audit categories. This would help the management to monitor the auditee’s reply as to ensure the auditee will reply in the time specified by IAD. This would ensure the internal audit reports can be issued within the time frame. iii) Final Report Module This submodule keeps tracks on the duration of issuance of final report according to Estates, Oil Mills, Corporate and Special/Investigation Audit categories. This would finally ensure the management could limit and control the duration the final reports are prepared and issued to the auditees in ensuring the budgeted reports to be produced are achieved in each financial year. 99 4) IAD Performance Index Module IAD Performance Index Module provides a tool to calculate each executive performance and the department’s monthly performance, which will enable the management to evaluate each executive’s performance throughout the financial year for bonus and increment purposes. As for the department’s monthly performance calculation will ensure IAD’s KPI are achieved. Apart from the administrator, this module is only accessible to the Manager, Senior Manager and Director of IAD. This module consists of two (2) sub-modules that are the Annual KPI Module and Department KPI Module. Figure 4.67 below shows the component of IAD’s Performance Index Module. IAD Performance Index Annual KPI Module Department KPI Module Figure 4.67: IAD Performance Index Module i) Annual KPI Module This submodule calculates each executive’s todate performance which provides input in reporting the monthly performance report to the KPI Committee. ii) Department KPI Module This submodule calculates and provides summary for each IAD personnel monthly performance report that contributes to the overall department’s performance that will be submitted to the KPI Committee. 100 5) Audit Findings Analysis Module Audit Findings Analysis Module provide a tool to categorize the findings according to non-compliance and process improvement findings that will be used to analyze the audit findings for KPI purposes. This module is only accessible to the Administrator, Manager, Senior Manager and Director of IAD. i) Audit Findings Analysis Module This submodule categorizes the findings according to non-compliance and process improvement findings according to Estates, Oil Mills, Corporate and Special/Investigation Audit. It is a tool to produce a statistics to analyze the audit findings for the KPI monthly report submission. It will provide analysis on the audit findings on every audit visits and the monetary loss for each auditee for the period under review. 4.7 Software & Hardware Requirement The hardware and software involves in this study refers to the minimum hardware and software requirements of developing, designing and implementation of the proposed system. The hardware used in developing the information system is a computer powered by Intel Pentium® M Processor with 30GB Hard Drive and 0.99GB Shared DDR SDRAM. The programming language that will be used as the platform is Microsoft Windows XP Professional Version 2002 Operating System environment and Microsoft Access as the database platform. Crystal Reports Professional is used to design and generate various reports needed by IAD. Microsoft Project 2000 is the project management software that will be use to assist in managing IAIS project in providing Gantt Chart for project planning, controlling and monitoring. 101 Besides the above hardware and software requirement, for the purpose of testing the usability and effectiveness of the IAIS system, interviews and questionnaires will be designed to gather feedback from the end-user. 4.8 Software Test Plan A software test plan is written to thoroughly describe how the tests are carried out. It is done to satisfy the requirements stated in the detailed description of IAIS process. The plan will provide an overview of the test activities, schedules and resources required to perform testing. The plan will describe how the testing specifications in the following sections will be implemented. The detail software test plan is as per Appendix F. 4.8.1 Unit Test All code will be unit tested to ensure that the individual unit (class) performs the required functions and outputs the proper results and data. Unit testing is typically white box testing. Path testing is used to ensure the system is properly functioning. Unit testing is typically white box testing and may require the use of software stubs and symbolic debuggers. This testing helps ensure proper operation of a module because tests are generated with knowledge of the internal workings of the module. The example unit tests carried out is user authentication testing, program debugging and input/output testing. User authentication testing is to ensure the user’s access right to access IAIS database. Program debugging is to ensure programming code’s error are rectified and input/output testing is to ensure user’s input and output displayed are consistent. 102 4.8.2 Integration Test Integration testing is conducted to verify integration between modules, which has been created. The testing also verifies the modules dependability on each other. The testing is to ensure that the system is able to communicate with each other to ensure that the IAIS operates effectively. Integration testing is testing the IAIS as a whole. Integrated test plans are made and executed so that the whole system can be tested from end to end. The administrator and users test the system during pilot testing. Detailed testing will ensure the system’s stability before installation for production usage. Every text fields being input by the users in the system’s interface are tested with the displayed outputs to avoid any error occurrence to ensure error free system. This type of testing addresses the issues associated with the dual problems of verification and program construction. Integration is a systematic technique for constructing the program structure while at the same time conducting tests to uncover errors associated with interfacing. The objective is to take unit tested modules and build a program structure that has been dictated by design. In the integration testing, each module is treated as a black box. Conflicts between functions or classes and between software and appropriate hardware are resolved. After sufficient modules have been integrated to demonstrate a real world situation, composite builds, or baselines, of the software are married to the engineering versions of the hardware to evaluate the combined hardware/software performance for each operational function. 4.8.3 User Acceptance Test User Acceptance Test is the process of quantifying the usability test with some measurable attributes of the test, such as functionality, cost or ease of use. The best measure of user satisfaction is the software itself. For the user acceptance 103 test, ten (10) users out of thirty-three (33) users have been approached to test the implemented prototype system. There are two (2) types of users for this system, the ten (users) will be divided into two (2) groups to assume two (2) roles of the users/actors. This is to ensure all of the roles perform in the system can be examined its effectiveness and efficiency. 4.9 Summary This chapter has analyzed and discussed about the analysis and design carried out, the analysis of the requirements for the deliverable and the conceptual design. The chapter will first discuss on the organizational analysis, the current business process and data model. Then it will discussed the user requirements, conceptual design which covers current business process and data model, physical design that include database design, structure chart, interface chart, detailed modules/features and system architecture, hardware requirements and test plan. 104 CHAPTER 5 IMPLEMENTATION AND TESTING 5.1 Introduction Implementation involves transforming the analysis and design models of IAIS into executable form. For IAIS implementation, Visual Basic 6.0 is used as the scripting language. Based on the analysis and design model, the source code (implementation) of IAIS will be discussed. IAIS testing procedure and results will also be discussed in this chapter. The testing strategies adopted in the development of IAIS include program debugging, input and output testing, usability testing and user satisfaction testing. Some of these testing procedures, such as program testing and input/output testing are carried out from time to time so that any error or mistakes can be corrected earlier. The other testing procedures such as usability testing and user satisfaction testing are conducted after the system is completed. 5.2 IAIS Coding Approach IAIS four (4) main modules are Tracking Audit Visits Module, Issuance of Report Module, IAD Performance Index Module and Audit Finding Analysis Module. Each submodules are decomposed into several submodules. This section will discuss on the moduless implemented in IAIS which include Login Module, Tracking Audit Visits Module, Issuance of Report Module, IAD Performance Index Module, Audit Finding Analysis Module, Audit Field Visit Module, Audit 105 Visits Cost Module, PIAR Module, Auditees Reply Module, Final Report Module, Audit Findings Analysis Module. 5.2.1 Login Module This Login module controls the login process of member or administrator trying to access IAIS. Table 5.1 shows the code extraction of validating the login name and password. Table 5.1: Snapshot of the Login Module The login form is an interface is displayed for users to fill in which consists of login name and password. The login name and password will check in the IAIS 106 database for matching login name and password. If the login name and password match with the login name and password in the database, then the process is successful and the user can proceed to the main menu. If not an error message will be displayed and the user will be asked to reenter the login name and password and will not be able to proceed. 5.2.2 Tracking Audit Visits Modules Tracking Audit Visits Modules consists of Audit Field Visit Module and Audit Visit Cost Module. For new audit visits information, all fields in the application form will be empty. In the case of updating or editing an existing audit visits particulars, the details for each field will be retrieved from the Control Sheet Master table of the IAIS database and displayed accordingly. Table 5.2 shows the code extraction of adding and editing the audit visits information. Table 5.2: Snapshot of the Tracking Audit Visits Module 107 The Tracking Audit Visits Module will generate an analysis report on the duration on every field audit visits and summary on the duration on auditees category (Estates, Oil Mills, Corporate and Special Audit Visit/Investigation) and the cost for every visits and total cost of audit visits throughout the year. Appendix G shows the Audit Field Visit Module report and the Audit Visit Cost Module report. 5.2.3 Issuance of Report Modules Issuance of Report Modules consists of Preliminary Internal Audit Report (PIAR) Module, Auditee Reply Module and Final Report Module. The new audit report information, all fields in the application form will be empty and ready to be added. For editing an existing audit report particulars, the details for each field will be retrieved from the IAIS database Control Sheet Master Table. Table 5.3 shows the code extraction of adding and updating the audit report information. Table 5.3: Snapshot of the Issuance of Report Modules 108 Issuance of Report Modules generated report analysis on the duration of the preparation and issuance of audit report and several other related analysis such as duration in preparing of Preliminary Internal Audit Report (PIAR), duration of reply from the auditees and duration issuance of final report according to normal routine visit, special visit or an investigation etc. Appendix G shows the PIAR, Auditee’s Reply and Final Report Module report. 5.2.4 IAD Performance Index Modules IAD Performance Index Modules provide a tool to calculate each executive’s performance and the department’s monthly performance index, which will enable the management to evaluate the performance throughout the financial year and for bonus and increment purposes. Appendix G shows the Annual KPI Module and the Department KPI Module report. 5.2.5 Audit Findings Analysis Module Audit Findings Analysis Module analyzes the audit findings and categorizes it according to non-compliance and process improvement findings. It will be then be used to produce a statistics to analyze the findings for KPI purposes. It will provide analysis on the audit findings on every audit visits and the monetary loss for each visits. Figure 5.1 below shows the Audit Findings Analysis Module report. 109 Figure 5.1: The Audit Findings Analysis Module Report 5.3 Test Result/System Evaluation In this section, it will discuss the system testing result based on the testing procedure or plan defined in section 4.8 on Software Test Plan. Three levels of testing occur during the realization phase of the IAIS development, which is unit or function testing, integration testing and user acceptance test. This testing is important as it determines the flaws in the system that needs to be given attention. There are a few testing reviews carried out on IAIS in the following sections. 110 5.3.1 Unit Test Each individual unit or function is tested on individually to ensure that the every unit performs the required functions and outputs the proper results and data. Unit testing is typically white box testing. Path testing is used to ensure the system is properly functioning. Unit testing such as user authentication, program debugging and input/output testing are executed during the development process of the system in order to rectify the error at the earlier stage. In this Unit or Functional Test, the basic functions of the system are tested. This includes: 1) User Authentication Test There are two (2) types of authentication tests. The first authentication is done when a user logs in to the system. This will check the user’s credentials against the database to determine if that user has the right to access the information. This is apart of the IAIS security testing. Figure 5.2 illustrates an example of the message box for invalid password entered in the login module. Figure 5.2: Example of the message box for invalid password 111 The second authentication is authorization. This is where it determines what details the accessible user has control of. A typical example would be the Administrative page. Administrator/Management and Senior Executive/Executive have access to it. But both have a different level of access rights to it. The Administrator/Management has full access authority over the system whereas Senior Executive/Executive only has limited access rights to it which is the Tracking Audit Visits Module and Issuance of Report Module. 2) IAIS Program Debugging Program debugging of IAIS is conducted using Visual Basic 6.0 debugging tools. Debugging is the process of locating errors and solving problems that may interfere with program execution or produce incorrect results. Program debugging is carried out by executing each function available on every user interface. The purpose of debugging is to check whether: i) program syntax is correct. ii) program logics correct. iii) program is able to execute accordingly and produce the desire or expected result. iv) program does not affect other files or unrelated data. Among the debugging tools provided by Visual Basic 6.0 are Toggle Breakpoints, Clear All Breakpoints, Step Into and Run are useful to test the program. These debugging tools are important in debugging procedures and in helping to discover compile, run-time and logic errors. These debugging functions allow part of the program stop temporarily during execution at line where Breakpoint is inserted, freezes in time, and preserves variable values and property settings. Users can check values to find the cause of the errors and make necessary adjustments to the programming code. Examples of a run-time error occur is shown in Figure 5.3. 112 Figure 5.3: Example of a run-time error Examples of the use of Breakpoint in Figure 5.4 show that the program is being stopped at line with a block error pointing at it. Figure 5.4: Example of the use of Visual Basic’s debugging tools 113 3) Input/Output Testing Input testing is required for those program code which request input from the user. Generally, there are several types of input field, which include textbox, dropdown list, radio button, checkbox and text area. Input testing is required to check and validate that the user had entered or select appropriate value for each field. Figure 5.5 shows the example of error in the input provided by user; message box containing types of error will be displayed for user further action to rectify the error. Figure 5.5: Example of error message for input testing Output testing is similar with program debugging. Output testing being implemented by executing the program and compare the output displayed. It is required to verify whether the system processes the data correctly. 114 Figure 5.6 shows that a user is updating IAD personnel’s information. After updating the personnel’s previous information, when the user clicked the update button, the system should process the changes and update the changes to the database. If it is successfully been process, the system should display the message “Data have been successfully updated. Thank You” as been depicted below. The updated information can be further checked to the report generated on the IAD’s Personnel Information. Figure 5.6: Example of output testing and the displayed message 5.3.2 Integration Test Integration testing is conducted to verify integration between modules, which has been created. The testing also verifies the modules dependability on each other. The testing is to ensure that the system is able to communicate with 115 each other to ensure that the IAIS operates effectively. Integration testing is testing the IAIS as a whole. Integrated test plans are made and executed so that the whole system can be tested from end to end. The administrator and users test the system during pilot testing. Detailed testing will ensure the system’s stability before installation for production usage. Every text fields being input by the users in the system’s interface are tested with the displayed outputs to avoid any error occurrence to ensure error free system. Figure 5.7 shows the example of user’s input for the integration test Figure 5.7: Example of user’s input for the integration test 116 Figure 5.8 illustrates the example of user’s corresponding output of the integration test. Figure 5.8: Example of user’s corresponding output of the integration test 5.3.3 User Acceptance Test Ten (10) IAD’s personnel or users out of thirty-three (33) users have been approached to test the implemented prototype system. There are two (2) types of users for this system, the ten (users) will be divided into two (2) groups to assume two (2) roles of the users/actors. This is to ensure all of the roles perform in the system can be examined its effectiveness and efficiency. For each role, a user acceptance questionnaire is prepared and distributed for the IAD’s personnel to evaluate the system. These questionnaires are included in Appendix H. The following table shows the rating scale used in these questionnaires. 117 Table 5.4: Rating scale for user acceptance questionnaire Rating Very Poor Poor Moderate Good Very Good Score 1 2 3 4 5 Basically, the questions in questionnaires are divided into few categories, which include: i) System Output ii) User interface iii) Reporting Tools iv) Others For system output category, user’s input on the system will verify whether the system output; that is in generating reports is accurate and complete. As for the interface category, user commentary is very useful to ensure that the user interface is suitable, simple, easy to use and user friendly. Reporting tools category commentary purpose is to ensure that IAIS reporting tools is suitable and meet the IAD’s requirements. Others category which comprises of the system availability and whether is meeting the department usage is to ensure the level of the system availability and whether it’s useful to the targeted department. IAIS responds level also being monitor to identify the user opinion when using the system. Several questions have been created for each category to seek respond from the IAIS users in IAD. Responds from users are collected and analyzed using Microsoft Excel to get the mean value of each category. Table 5.5 below shows the mean value for each question in the questionnaire circulated to them. Table 5.5: Mean value for each question Question Mean 1 2 3 4 5 5.8 5.6 5.4 5.2 4.3 118 Question Mean 6 7 8 9 10 11 12 5.2 4.8 2.8 5.4 5.0 5.4 4.9 Figure 5.9 shows the bar chart of mean value of each user acceptance question answered by the ten (10) users. USER ACCEPTANCE TEST 7 6 5.8 5.6 5.4 5.2 5.4 5.2 4.8 5 5.4 5 4.9 Rating 4.3 4 2.8 3 2 1 0 1 2 3 4 5 6 7 8 9 10 11 Question Number Figure 5.9: Bar chart of mean value of each question Based on the result of the analysis, question number 1 has the highest mean value, which is 5.8. This result shows that user agree that IAIS system output information are very accurate. The results for question 2,3,4,6,7,9,10, 11 and 12 has mean value approximately to 5.0 shows that the majority of the users agree that the development of IAIS improves the work efficiency and assisting them a lot in 12 119 the department’s reporting. Figure 5.9 above shows the bar chart of mean value of each question. The details results on the questionnaire for IAIS are shown in table 5.6 below. Table 5.6: IAIS User Evaluation Questionnaire for IAD Rating Scale Question Mean 1 2 3 4 5 6 Accuracy of information 0 0 0 0 2 8 5.8 Completeness of information 0 0 0 0 4 6 5.6 Ease of use 0 0 0 0 6 4 5.4 Response time 0 0 0 0 8 2 5.2 Clarity of instruction 0 0 0 2 5 3 4.3 Ease of use 0 0 0 1 4 5 5.2 Appropriateness of options 0 0 0 1 7 2 4.8 Authentication Required 0 0 0 6 2 2 2.8 Management Report 0 0 0 1 6 3 5.4 Cost Report 0 0 0 1 5 4 5.0 System Availability 0 0 0 0 6 4 5.4 Department Oriented 0 0 0 1 5 4 4.9 System Output User Interface Reporting Tools Others Based on the outcome of each question mean value, the data analysis also captures the mean value for each aspect. Table 5.7 shows the mean value for each testing category. Table 5.7: Mean Value for Each Testing Category Category Mean System Output 5.5 User Interface 4.275 Reporting tools 2.6 Others 2.575 120 Based on the table 5.7, majority of the users have an excellent perception on the IAIS system output with mean value 5.5. In conclusion, the result shows that users agree to utilize the system as part of routine working activity in the department and their responds are very encouraging. Figure 5.10 shows the pie chart of mean value on each testing categories. IAIS User Evaluation Others System Output Reporting Tools User Interface Figure 5.10: Pie chart of mean value on each testing categories. 5.4 User Manual for Administrator The user manual for Administrator is important for users’ review to enables them to manage the system after implementation. The documentation created has to be user friendly and simple for review and system management purposes. 5.4.1 User Documentation for Administrator Administrator documentation provides details on how to manage or administrate the system with different functionalities compared to users. It covers 121 the hardware configuration, installation procedure and system integration manual. The user manual for Administrator documentation on the hardware configuration, installation procedure can be referred to Appendix I. 5.4.2 IAIS System Integration IAIS system integration will undergo a phase by phase implementation from the manual system towards a computerized system. In the implementation phases, IAIS is implemented module by module. IAIS system implementation will go through three (3) months period of implementations and testing, another three (3) months period for the test project system running in parallel with the manual recordings. After a successful six (6) months trial, then the operational system are ready to be operational. This roll-out strategy is chosen because it is less disruptive to business and the IAIS project is easier to manage. IAIS is implemented in IAD that does not have any prior legacy system. This is an enhancement of the overall process of keeping track of the entire audit visits and duration in which reports are prepared and issued to the auditee, calculate the department’s monthly performance index and analyzing the findings. This will shorten the time and reduce the use of resources in preparing the monthly performance report to the KPI’s Committee. IAIS will be implemented throughout IAD based on the requirements gathered in the analysis phase. The system will be configured in accordance with the management’s requirement. The project team member will install a base system, customizing it to the organization’s requirement, and testing the implementation to check that this customizing realizes IAD’s business processes, check the design, and test interfaces, and reports. In this phase, the IAIS will be put on test, end user training are given to all IAD’s staff at the end of this phase. It is a final step to prepare all the IAD staff before fully implementing the IAIS. 122 During the transition from a project-oriented environment to a successful operational IAIS, it involves ongoing efforts to monitor system performance, verifying the accuracy of the operational system, refinement of systems administration procedures and tune the system as appropriate to optimize performance. It also involves the continuing process of training employees on the new system (IAIS). At this stage, all critical issues are resolved in making sure the smoothness process of implementing the IAIS. Upon successful completion of this phase, IAD is ready to run IAIS. At the completion of this phase, the implementation project is closed. 5.5 Summary This chapter has analyzed and discussed on the IAIS implementation and testing. For IAIS implementation, Visual Basic 6.0 scripting language used as the source code of IAIS are discussed. IAIS testing procedure and results will also be discussed in this chapter. The testing strategies adopted in the development of IAIS include program debugging, input and output testing, usability testing and user satisfaction testing. The testing procedures, such as program testing and input/output testing are carried out from time to time so that any error or mistakes can be corrected earlier. The other testing procedures such as usability testing and user satisfaction testing are conducted after the system is completed. 123 CHAPTER 6 DESIGN IMPLEMENTATION AND TESTING 6.1 Introduction This chapter will describe the organization strategy for the IAIS project. It will describe detail explanations on the roll-out strategy, change management, business continuity plan (BCP) and expected organizational benefits gained from implementing IAIS in IAD of GHPB. 6.2 Roll-out Strategy Roll-out strategy chosen in the implementation of IAIS is implementation by phases. In the implementation phases, IAIS is implemented module by module. This roll-out strategy is chosen because it is less disruptive to business and the IAIS project is easier to manage. IAIS system integration will undergo a phase by phase implementation from the manual system towards a computerized system. IAIS system implementation will go through three (3) months period of implementations and testing, another three (3) months period for the test project system running in parallel with the manual recordings. After a successful six (6) months trial, then the operational system are ready to be operational. IAIS is implemented in IAD that does not have any prior legacy system. This is an enhancement of the overall process of keeping track of the entire audit 124 visits and duration in which reports are prepared and issued to the auditee, calculate the department’s monthly performance index and analyzing the findings. This will shorten the time and reduce the use of resources in preparing the monthly performance report to the KPI’s Committee. Before the implementation by phases, the preparation for project implementation is carried out. The project team will provide initial planning and preparation for IAIS project implementation. On this basis, a common understanding of how IAD’s management intends to run their business within the IAIS is achieved. The project team will carry out an executive kickoff meeting with the management of IAD to stimulate motivation, and outline procedures and responsibilities in implementing IAIS. In realizing IAIS module by module, IAIS will be implemented throughout IAD based on the requirements gathered in the analysis phase. The system will be configured in accordance with the management’s requirement. The project team member will install a base system, customizing it to the organization’s requirement, extending it if necessary, and testing the implementation to check that this customizing realizes IAD’s business processes, check the design, and test interfaces, and reports. In this phase, the IAIS will be put on test, end user training are given to all IAD’s staff at the end of this phase. It is a final step to prepare all the IAD staff before fully implementing the IAIS. A support team will also be set up in IAD among the users (with a background of IT) not just for the first days of operations but also long term. During the implementation stage, users have many questions. Therefore, there should be a solid user support team that is easily accessible to all users. During the transition from a project-oriented environment to a successful operational IAIS, it involves ongoing efforts to monitor system performance, verifying the accuracy of the operational system, refinement of systems administration procedures and tune the system as appropriate to optimize performance. It also involves the continuing process of training employees on the new system (IAIS). 125 At this stage, all critical issues are resolved in making sure the smoothness process of implementing the IAIS. Upon successful completion of this phase, IAD is ready to run IAIS. At the completion of this phase, the implementation project is closed. 6.3 Change Management Change management is managing of changes to the IT environment and the change in the people and processes. Change management includes everything from how to manage the versions of software changes in the technical environment to how to manage the behavioral change required of end users. Implementing a computerized system means changing the current business process. The changes from the current manual business process and after IAIS is being implemented showed major reduction in the process of tracking the entire audit visits and issuance of reports, calculate the department’s monthly performance index and analyzing the findings. This will shorten the time and reduce the use of resources, manpower and cost, in executing the above tasks. The manual processes of calculating the duration of the audit visits, preparation of report and issuance, analyzing and categorizing the audit findings and calculating the department’s monthly performance will be eliminated. It will be replaced by a computerized system. IAIS will also provide the ability for the user to view report through the use of the analysis features, which allow analysis and forecasting based on the database in the system and print an auto-calculated each IAD’s executive monthly performance report. The changes in the current manual business process to a computerized business process are depicted below: 126 Current business process Business process after IAIS Start Start Field audit Visit Field audit Visit Audit Report Preparation & Issuance Fill in the Audit Control Sheet Audit Report Preparation & Issuance Key-in the duration of audit visit and preparing the report Calculate the duration of the audit visits Print analysis report based on analysis features Calculate the duration of the report preparation Calculate the duration of the report issuance Analyze & categorize the audit Calculate department’s monthly performance index Print the monthly performance index report Submit monthly performance index to KPI’s Committee End Submit monthly performance index to KPI’s Committee End Figure 6.1: The changes in the current business process and after IAIS Changes in the business processes mean that people in the organization need to do some of the task differently. Change management involves 127 understanding where the behavioral and technical changes are likely to happen in performing future task, which is going to be affected and how the management is planning to manage the affects. The project team will use several forms in monitoring and managing the changes in implementing IAIS in IAD. Among the forms (as shown in Appendix J) used in monitoring and managing the changes are Installation Report Form (which covers version of software changes), Problem/Change Report, Error Log Sheet, Non-Conformance Report, Bill of Materials and Daily and Weekly Backup Report. IAD’s staffs are mostly IT literate and do not have any problem in using a computer. The biggest challenge for IAD in adopting the IAIS to the IAD current system is to convince the IAD staff in using the system. The human element is essential in ensuring the success of the IAIS implementation. The most crucial element in this organization transformation process is the commitment of IAD’s Director in pursuing the use of ICT tools in the department’s activities, implementation of IAIS in IAD. This is in line with GHPB’s ICT master plan to support GHPB activities in meeting the evolving business requirements. The Group’s ICT master plan align IT strategy with business strategies. IAIS will be IAD’s effort to enhance business productivity and efficiency using ICT tools through computerizing IAD’s process of keeping track the entire audit visits and duration reports issued to the auditee, monitor executive/department monthly performance and categorize the audit findings. The reports generated by IAIS will in the end help IAD in its monthly performance reporting to the KPI’s Committee. The management initiatives through the head of department‘s commitment and allocation of time has tremendously help the whole department to undergo this journey. The project team also has the big task of convincing all the personnel in the IAD to accept the idea of adopting IAIS in the department. Firstly, the project team will give a briefing on the implementation of IAIS to all the IAD’s staff. They will be briefed and convinced that all the process of implementing IAIS will 128 not jeopardize their jobs but would assist them in their daily work. They will also be presented with blueprint on their job path after implementation of the IAIS and their gains by the implementation of this IAIS. A support team will be set up in IAD among the users to provide a long term team-building support team towards the IAD personnel that is easily accessible to all users. A continuous training and a procedural change for end users of the affected processes are needed in managing the change by implementing IAIS in IAD of GHPB. Change management is considered a major success factor in changing an organization and lack of managing the change could result an implementation failure towards an organization. . 6.4 Business Continuity Plan (BCP) Business Continuity Plan (BCP) is a process of developing advance arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions continue with planned levels of interruption or essential change. In other terms, Contingency Planning, Disaster Recovery Planning, Business Resumption Planning, or Continuity Planning. The BCP issues are going to be discussed at the start of the implementation process in order to ensure business continuity. A support team will be set up in IAD among the users to provide a long term support towards the IAD personnel that is easily accessible to all users. The project team with the cooperation of IAD management team will draft a Disaster Recovery Plan (DRP) to ensure business continuity after an interruption to the system where the support team will assist in the recovery procedures. The DRP procedures are drafted depending on how severe the disaster is encountered to facilitate the recovery effects. The DRP will enable IAD to restore its critical computer operations in the event of a disaster to minimize data and asset loss. 129 The plan will be fully documented. All recovery tasks should be clearly spelled out. Responsibility for every task should be assigned to an individual or team. The plan should be based on a careful analysis of the impact of loss of resources. Data that are critical require plans for immediate recovery. Data that are less essential to the system can be recreated or replaced over a longer period of time. The plan should deal with recovery from all possible system security failures. Such failures range from simple computer operator errors to complete destruction of the computer facilities by fire or other catastrophe. The plan should be adequately tested to ensure that it works as intended. Emergency drills are an excellent way of determining whether the plan can be relied upon to ensure individuals may understand their responsibilities. The plan will be a comprehensive in its coverage of system resources. Recovery procedures should be provided for computer facilities and equipment, software, data, personnel, and supplies. 6.5 Expected Organizational Benefits IAIS is an in-house developed system that it will be developed with a minimum cost, as the project will be executed by IAD’s personnel. Any maintenance or any support will be carried out by internal personnel. Implementing IAIS involves building a database, in doing so it will help the department to handle large amounts of data, satisfy multiple users using the same system concurrently, making the information retrieval faster, make data input faster and provide greater accuracy. The information gathered are maintained in one (1) database, which allows all users to utilize the same customer information. Redundant record keeping is reduced or eliminated. Computerizing the current manual system of keeping track the audit visits, calculate the department’s monthly performance and categorizing the findings will reduce IAD’s use of time and human resources to meet the tight dateline in 130 submitting the KPI report. IAIS will ease and improve the efficiency of the current processes of keeping track the audit visits, calculate the department’s monthly performance index and analyzing the findings according to non-compliance and process improvement by computerizing the above processes. IAIS are being developed through the use of the latest system development technology, OO methodology. This will enhance the business productivity and efficiency using ICT tools through the implementation of IAIS in IAD. Utilizing a computerized system improves an organizations (IAD) competitive advantage by improving their business processes and by controlling their cost. This in the end will also harness the Group ICT strategic directions, in supporting the GHICT master plan to support GHPB activities in meeting the evolving business requirements. 6.6 Summary This chapter has discussed about the the organization strategy for the IAIS project. It discusses in detail the roll-out strategy, change management, business continuity plan (BCP) and expected organizational benefits gained from implementing IAIS in IAD of GHPB. 131 CHAPTER 7 DISCUSSION & CONCLUSION 7.1 Introduction This chapter will describe the discussion and conclusion of this project. It will describe the achievements, constraints and challenges and the aspirations of IAIS project. This chapter is a conclusion chapter of what has been completed and a review analysis of the project. It is important to analyse and discuss the project implementation as a “post-mortem” report. During implementation stage of IAIS, several constraints/challenges had arisen due to several limitation factors such as time and resources. Future development and business potential has also been covered to continue the commercialization, of the product. However, the expected system and solution had been created while achieving the objectives of the projects. 7.2 Achievements The main achievement of this project is the success of computerizing the whole IAD process from a manual processes of tracking the duration of the audit visits, preparing the report and issuance, analyzing and categorizing the audit findings and calculating the department’s monthly performance a through a 132 thorough study of the above processes. This will assist the process of submitting the KPI monthly performance report to the KPI’s Committee every month end. IAIS will also indirectly assist management in evaluating each executive’s performance in IAD throughout the financial year and provide an indicator for bonus and increment. The monetary losses for each audit visit will also be identified and calculated. Computerizing the above process, will shorten the time and reduce the use of resources, manpower and cost, in executing the above tasks thus making the process more systematic and efficient. For every audit visit, IAD’s management will monitor the duration in which reports are prepared and issued to the auditee. IAIS will assist the management to monitor, limit and control the duration reports are prepared and issued to ensure the budgeted reports to be produced in each financial year as prescribed in the department’s Key Performance Indicator (KPI) are achieved. The development of this system is in line with the ICT master plan in meeting the evolving business requirements. IAIS will be IAD’s effort to enhance business productivity and efficiency using ICT tools. 7.3 Constraints and Challenges Among the constraints and challenges faced when developing the IAIS project is time constraint. The IAIS project is developed with several shortcomings which need to be overcome in the near future such as its usability, interface design, security and functionality. Security aspects of the system need to be strengthened to prevent illegal access into the system to prevent any damage and information losses in the IAIS database. The presentation design of the IAIS user interface can be improved for clearer guide for the user to navigate in the IAIS and to add more color to the user interface. The current system capability of accessing the system only in the IAD 133 environment can be further improve to allow remote access of the database from any part of the world through the use of the internet by upgrading the system in a web-based environment. The biggest challenge for IAD in adopting the IAIS to the IAD current system is to convince the IAD staff in using the system. The human element is essential in ensuring the success of the IAIS implementation. The other challenge is convincing all the personnel in the IAD to accept the idea of adopting IAIS in the department. Apart from that is the challenge to provide a continuous training and a procedural change for the end users in managing the change by implementing IAIS in IAD of GHPB. 7.4 Aspirations Due to the time constraint in developing the IAIS project, a functional system was developed with several shortcomings which needs to be overcome in the near future such as its usability, interface design, security and functionality. The future IAIS system development project (continuing the current project) should address the following aspects: • Security aspects of the system need to be strengthened to prevent illegal access into the system to prevent any damage and information losses in the IAIS database. • The presentation design of the IAIS user interface can be improved for clearer guide for the user to navigate in the IAIS. • The system capability of accessing the system are only in the IAD environment can be further improve to allow remote access the database from any part of the world through the use of internet by building the system in a web-based environment. 134 7.5 Summary This chapter has discussed and concludes the overall development of IAIS and highlighted the achievements, constraints and challenges and the aspirations of IAIS project. The discussion also further recommends on the future possible improvement to the IAIS implemented in this project 135 REFERENCES A.H. Millichamp (1996), “Auditing 7th Edition”, Letts Educational, London. Andersen and GHPB Group ICT (2005). Analyzing IT Metrics For Informed Management Decision. Group ICT Division of GHPB. Bahrami, A. (1999), “Object-oriented Systems Development: Using The Unified Modelling Language”, McGraw-Hill Inc., Singapore. Bee, R. and Bee, F. (1999), “Managing Information and Statistic”, Cromwell Press, Trowbridge. Bernd Bruegge (1997), “Software Life Cycle”, Carnegie Mellon University, Pittsburgh. Booch Grady (1994), Software Engineering with Ada, p. 25. British Library Cataloguing (1987). Dictionary of Contemporary English. Longman Singapore Publishers Pte. Ltd., Singapore. David Kroenke (1989), “Management Information System”, MacGraw-Hill, Inc., Watsonville, CA. Ethos Consulting Sdn. Bhd. (2004). Using Key Performance Indicators (KPIs) to Drive Global Excellence. GHPB, Kuala Lumpur. George H. Bodnar, and William S. Hopwood (2001), “Accounting Information Systems Eighth Edition”, Prentice Hall Inc., New York. 136 Golden Hope Plantations Berhad Group ICT (2003). Review Of Group ICT 2002/2003. GHPB, Kuala Lumpur. Henry C. Lucas, Jr. (1992), “The Analysis, Design, and Implementation of Information Systems 4th Edition”, MacGraw-Hill, Inc., New York University. J. Rumbaugh, M. Blaha, W. Premerlani, F. Eddy, W. Lorensen (1991), “ObjectOriented Modeling and Design”, Prentice Hall, Englewood Cliffs, New Jersey. Jacobson, I., Christenson, M., Jonsson, P., Overgaard, G. (1992), “Object-Oriented Software Engiineering: A Use Case Driven Approach”, Addison-Wesley, U.S. Jeffrey A. Hoffer, E. Wainright Martin, Carol V. Brown, Daniel w. DeHayes and William C. Perkins (2002), “Managing Information Technology Fourth Edition”, Prentice Hall., New Jersey. John Ward, and Joe Peppard (2003), “Strategic Planning for Information System 3rd Edition”, John Wiley & Sons Ltd., Bedfordshire, UK. Keen, Peter G.W. (1980), “MIS Research: Reference Disciplines and a Cumulative Tradition, Proceedings of the First International Conference on IS”, Ephraim R.McLean, ed., Philadelphia, Pa. Kroenke, D. and Dolan K. (1987), “Business Computer Systems”, Cal, Santa Cruz. Lucey T. (1997), “Management Information Systems”, London. 137 Reed Sorensen (1995), “A Comparison of Software Development Methodologies”. Software Technology Support Center, Utah. Sawyer (1998). Information Technology and the Internal Auditor. Information Systems Audit and Control Association (ISACA), Illinois. Unilever Research Laboratory (2001). Palm Oil (A Sustainable Future). Gros Monti Ltd., Holland. United Kingdom Academy of Information System (UKAIS) (2004). What are Information Systems .UKAIS Newsletter. Volume 3: 4. The American Institute of Certified Public Accountant (1947), http://www.aicpa.org The Institute of Internal Auditors (1999), http://www.theiia.org WWF Forest Conversion Initiative Coordination Office (2003). Better Management Practices (The Way Forward To A Sustainable Future For The Oil Palm Industry). WWF Switzerland. 1 ID Task Name Duration Start 12/5 12/12 12/19 12/26 1 Project 01 80 days Tue 12/7/04 3 days Tue 12/7/04 2005 1/2 1/9 1/16 1/23 2 3 Project Identification 4 Meeting with Project Supervisor-Dr. Shamsul 1 day Tue 12/7/04 5 Submit Borang Tajuk proposal 1 day Tue 12/7/04 6 Project Title Review 2 days Wed 12/8/04 7 8 Lecture 1-Problem formulation 9 Prepare Mini Proposal 1 day Fri 12/10/04 2 days Sat 12/11/04 10 11 Lecture 2-Literature review&Research Design 1 day Tue 12/14/04 12 Meeting with Project Supervisor-Dr. Shamsul 1 day Tue 12/14/04 13 14 Preliminary Study 3 days Wed 12/15/04 15 Fact finding 1 day Wed 12/15/04 16 Prepare questionaires/survey 1 day Thu 12/16/04 17 Prepare Literature study documentation 1 day Fri 12/17/04 10 days Sat 12/18/04 18 19 Literature Review 20 Understanding Literature 1 day Sat 12/18/04 21 Identify relevant topics 1 day Mon 12/20/04 22 Plantations Management Concept 2 days Tue 12/21/04 23 Internal Audit Concept 2 days Thu 12/23/04 24 Information System Concept 25 KPI Concept 26 Samples software in the market 1 day Sat 12/25/04 2 days Sun 12/26/04 1 day Tue 12/28/04 15 days Wed 12/29/04 27 28 Methodology 29 Project Methodology 2 days Wed 12/29/04 30 System Development Methodology 3 days Fri 12/31/04 Project: gantt chart 01 Date: Fri 11/25/05 Task Milestone External Tasks Split Summary External Milestone Progress Project Summary Deadline Page 1 1/30 2/6 2/13 2/20 2/27 3/6 3/13 ID Task Name Duration Start 12/5 1 Project 02 56 days Wed 7/20/05 3 System Analysis 10 days Sat 7/16/05 4 System Requirement 2 days Sat 7/16/05 5 Conceptual (to-be-Process and Data Model) 3 days Tue 7/19/05 6 Use Case Diagram 2 days Fri 7/22/05 7 Sequence Diagram 2 days Tue 7/26/05 8 Collaboration Diagram 2 days Thu 7/28/05 Mon 8/1/05 12/12 12/19 12/26 2005 1/2 2 9 10 Physical Design 10 days 11 Database Design 2 days Mon 8/1/05 12 Structure Chart 2 days Wed 8/3/05 13 Interface Chart 2 days Fri 8/5/05 14 Detailed Features 2 days Tue 8/9/05 15 IAIS Architecture 2 days Thu 8/11/05 17 Software & Hardware Requirement 2 days Mon 8/15/05 18 Meeting with Project Supervisor-Puan Suzana 1 day Tue 8/16/05 16 19 20 Test Plan 6 days Wed 8/17/05 21 Unit Test 2 days Wed 8/17/05 22 Integration Test 2 days Fri 8/19/05 23 User Acceptance Test 3 days Tue 8/23/05 25 IAIS Implementation Testing 6 days Fri 8/26/05 26 Coding Approach 2 days Fri 8/26/05 27 Test Result 4 days Tue 8/30/05 1 day Sun 9/4/05 24 28 29 Meeting with Project Supervisor-Puan Suzana 30 Project: gantt chart 02 Date: Fri 11/25/05 Task Milestone External Tasks Split Summary External Milestone Progress Project Summary Deadline Page 1 1/9 1/16 1/23 1/30 ID Task Name Duration Start 12/5 31 User Manual for Administrator 3 days Mon 9/5/05 33 Deployment 8 days Thu 9/8/05 34 Roll-out strategy 2 days Thu 9/8/05 35 Change Management 2 days Mon 9/12/05 36 Business Continuity Plan (BCP) 3 days Wed 9/14/05 37 Expected Organizational Benefits 2 days Sun 9/18/05 39 Project 02 Progress Presentation 1 day Sun 9/18/05 40 Meeting with Project Supervisor-Dr. Shamsul 1 day Wed 9/21/05 12/12 12/19 12/26 2005 1/2 32 38 41 42 Discussion& Conclusion 6 days Tue 9/20/05 43 Achievements 2 days Tue 9/20/05 44 Constraints & Challenges 2 days Thu 9/22/05 45 Aspirations 2 days Mon 9/26/05 Meeting with Project Supervisor-Dr. Shamsul 1 day Fri 9/30/05 Submit Project 02 Report 1 day Sun 10/2/05 Meeting with Project Supervisor-Dr. Shamsul 1 day Tue 10/4/05 2 days Sat 10/8/05 1 day Sun 10/16/05 46 47 48 49 50 51 52 53 Project 02 Final Presentation 54 55 Submit Project 02 Final Report Project: gantt chart 02 Date: Fri 11/25/05 Task Milestone External Tasks Split Summary External Milestone Progress Project Summary Deadline Page 2 1/9 1/16 1/23 1/30 2/6 2/13 Project: gantt chart 02 Date: Fri 11/25/05 2/20 2/27 3/6 3/13 3/20 3/27 4/3 4/10 4/17 4/24 5/1 Task Milestone External Tasks Split Summary External Milestone Progress Project Summary Deadline Page 3 5/8 5/15 5/22 5/29 6/5 6/12 2/6 2/13 Project: gantt chart 02 Date: Fri 11/25/05 2/20 2/27 3/6 3/13 3/20 3/27 4/3 4/10 4/17 4/24 5/1 Task Milestone External Tasks Split Summary External Milestone Progress Project Summary Deadline Page 4 5/8 5/15 5/22 5/29 6/5 6/12 6/19 6/26 Project: gantt chart 02 Date: Fri 11/25/05 7/3 7/10 7/17 7/24 7/31 8/7 8/14 8/21 8/28 9/4 9/11 9/18 Task Milestone External Tasks Split Summary External Milestone Progress Project Summary Deadline Page 5 9/25 10/2 10/9 10/16 10/23 6/19 6/26 Project: gantt chart 02 Date: Fri 11/25/05 7/3 7/10 7/17 7/24 7/31 8/7 8/14 8/21 8/28 9/4 9/11 9/18 Task Milestone External Tasks Split Summary External Milestone Progress Project Summary Deadline Page 6 9/25 10/2 10/9 10/16 10/23 2 ID Task Name Duration Start 12/5 12/12 12/19 12/26 31 Object-Oriented Software Engineering (OOSE) 3 days 32 Methodology Justification 2 days Mon 1/10/05 33 Unified Modelling Language (UML) 3 days Wed 1/12/05 34 Project Schedule 2 days Sat 1/15/05 36 Current System Analysis 8 days Mon 1/17/05 37 Organizational Analysis 2 days Mon 1/17/05 38 Feasibility Analysis 1 day Wed 1/19/05 39 SWOT Analysis 1 day Thu 1/20/05 40 Current Business Process Analysis 2 days Fri 1/21/05 41 Business Process Enhamcement 2 days Mon 1/24/05 Prepare Project Design study documentation 2 days Sat 2/12/05 1 day Sat 2/12/05 3 days Thu 2/17/05 Progress presentation 1 day Sun 2/20/05 50 Submit Project 1 Report 1 day Sun 2/20/05 51 Meeting with Project Supervisor-Dr. Shamsul 1 day Tue 3/1/05 53 Project 1 Final Presentation 1 day Sat 3/5/05 54 Submit Project 1 Final Report 1 day Tue 3/15/05 2005 1/2 1/9 1/16 1/23 Wed 1/5/05 35 42 43 44 45 Submit Project 1 draft report 46 Review Literature Study & Project Design 47 48 49 52 Project: gantt chart 01 Date: Fri 11/25/05 Task Milestone External Tasks Split Summary External Milestone Progress Project Summary Deadline Page 2 1/30 2/6 2/13 2/20 2/27 3/6 3/13 145 INTERNAL AUDIT DEPARTMENT OF GOLDEN HOPE PLANTATIONS BERHAD ORGANIZATION CHART Director, Internal Audit GHPB Core Team -1 Senior Manager -1 Manager -7 Senior Executives -21 Executives (Financial & Operations) Industries & International Business Agribusiness 1 Secretary 1 Driver AEB Team -1 Manager -3 Executives 2 Audit Clerks 2 Audit Clerks Property Corporate Support Functions (Finance & Accounts, HR, Commodities, Product Marketing etc. Information Technology Audit (IT Audit should be performed for all information systems Specials BASED ON CORE TEAM (Cross functional) Suggested team composition 1 Senior Executive Operations/Financial 1 Chemical Engineer or Industrial Engineer 2 Executives Suggested team composition Suggested team composition 1 Senior Executive Operations/Financial 1 Agricultural Expert (estates) or Chemical/ Industrial Engineer (mills) 2 Executives 1 Senior Executive Operations/Financial 1 Agricultural Expert (estates) or Chemical/ Industrial Engineer (mills)* 2 Executives 1 Senior Executive Operations/Financial 1 Agricultural Expert (estates) or Chemical/ Industrial Engineer (mills)* 2 Executives 1 Senior Executive (4 teams) Operations/Financial 2 Executives Suggested team composition 1 Senior Executive Operations/Financial 1 Quantity Surveyor* 2 Executives Suggested team composition 1 Senior Executive 2 Executives Suggested team composition Suggested team composition 2 Executives 1 Senior Executive 1 Subject Matter Experts (if required) Executives (Composition depends on nature of assignments) Routine ESTATE/MILL /C0: Special Report No: Period Review: to Date of Audit: to Use of IDEA Yes Team : No Account HR/Checkroll Fixed Asset Store Weighbridge Others: DRAFT REPORT Date Received Date Forwarded Initial Remarks Prepared By: Reviewed By: Manager Senior Manager Director ISSUANCE OF DRAFT REPORT Remarks Preliminary Internal Audit Report Date Draft Sent File Name & Path: Compulsory if Reply Date exceeds Due Date Date Due (3 working days) Date Reply Received Appendices: Third Party Response: EOD ICT Others: FINAL REPORT Updated By: Date: ------------------------------THIS SECTION IS TO BE FILLED BY THE MANAGER AND SENIOR MANAGER ONLY--------------------------------------STATISTICS FOR KPI A) AUDIT FINDINGS: Total no. of audit findings Total no. of non-compliance findings Total no. of process improvements Summary of process improvements: Finding No. Issue B) RECOMMENDATIONS SUBMITTED TO AC: No. of recommendation endorsed: No. of recommendation not endorsed: Reason:________________________________________________ C) E-REPOSITORY No. of findings submitted to E-Repository: Exception No. Initiated by: Total Date Prepared by: Manager Verified by : Senior Manager Golden Hope Group of Companies Company ABC Sdn. Golden Hope Bhd. Plantations Bhd. Department NA Internal Audit ANNUAL Key Performance Indicators Name Abu bin Hassan Shamsuddin Bin Roslan Designation General Manager Executive 2004/2005 Financial Year 2005/2006 Balanced Scorecard Perspective No. (1) A (2) Customer 1 2 Role Executive, Internal Audit Key Performance Indicator Definition Rationale (3) (4) (5) Unit of Measure/ Benchmark Reference Value-metric Weight Base (7) (8) (9) NA 35% 11 NA 5% 1 Number of recommendations NA 25% 60% (6) Internal Audit reports Total number of Internal Audit Reports issued from Standard (excluding specials) issued to the Audit Audits Committee and management To provide Audit Committee an Number of reports independent view on the state of internal controls of all business units group wide, locally and overseas. To provide management with the areas of control weaknesses and appropriate recommendations for follow up. This KPI is to measure the effectiveness of Internal Audit and the areas covered in a To report on the findings Number of reports Internal Audit reports Total number of Internal Audit Reports resulting from special issued to the Audit Committee and issued from Special management resulting from Special Audits investigations or audits Audits requested by the Audit / Investigations Committee / management / follow up on leads from standard audits. 3 Total number of process / control improvements identified Total number of improvements identified for internal processes and controls included in the audit committee report. The role of internal audit extends beyond detection of policy breaches but also improvements which lead to operational effectiveness and efficiency. B Business Processes 4 Compliance with group policies and procedures Total number of non-compliances with group policies and procedures (including internal controls) Compliance with group policies and procedures is a corner stone for good governance. Timely detection and ensuing rectification of practices which do not comply with policies and procedures will lead to operational effectiveness. Number of noncompliances NA 20% 7 C Learning and Growth 5 Solution sets for all The percentage of solution sets required functions and to cover all the functions and business business areas within areas within the group the group Internal audit should have solution sets for all the various functions and businesses within the group e.g. understanding of the processes and controls for oils and fats, treasury and commodities trading % NA 15% 60% Total 100% Proposed By : Designation : Date : Date : Target (2004/05) Mid-Term Actual (10) Scores Full Year Anticipated results (11) (12) Actual (13) Adj % (14) Weighted Score (15) 13 3 14 125% 100% 35% 1 0 1 100% 100% 5% 70% 35% 70% 100% 100% 25% 40 0 50 115% 100% 20% 70% 35% 60% 50% 50% 8% 53% SUMMARY OF KPI SCORES Review Period : First Half of 2004/2005 Company : Golden Hope Plantations Bhd Department/Sections/Estates: Internal Audit Department No. Name Overall Weighted Score / KPI Designation Overall Weighted Score 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Zalily Zaman Khan Kamaruzaman Md Riffin Shamsul Kamal Bin Roslan Razlanshah Bin Abd Malek Noorizan Bin Mustaffa Hairul Anuar Bin Sarip Ahmad Haznizan Bin Mohd Nor Shahruddin Bin Tembol Suzari Bin Said Hamzani Bin Ibrahim Rosli Bin Ismail Suhaimi Bin Misran Mohd Afzan Bin Alwi Ahmad Syazwan Bin Razali Senior Manager Manager Senior Executive Senior Executive Senior Executive Senior Executive Senior Executive Senior Executive Senior Executive Executive Executive Executive Executive Executive 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score Current Year Score 2004/2005 41% 0.00% 0.00% 106.25% 41% 0.00% 0.00% 106.25% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% Reasons (under delivery/gross overdelivery Remedial/Recommended Actions 15 16 17 18 19 20 21 22 23 24 25 26 27 Mohd Azizul Bin Ramli Mohd Izray Bin Ibrahim Muhammad Hafez Firdaus Bin Halim Ahmad Zamani Bin Alip Marhalim Bin Yusuf Shahrizal Bin Daud Abd Jalil Bin Hj Zawawi Nadzmi Bin Mohd Baharan Nik Hamdi bin Hj Wan Mahmood Imran Bin Mohd Sahim Ahmad Rizal Bin Ismail Azlan Bin Ali Shamsudin Bin Roslan Executive Executive Executive Executive Executive Executive Executive Executive Executive Executive Executive Executive 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Overall Weighted Score 1 Customer 2 3 Business Processes Learning and Growth Executive 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 53% 125.00% 100.00% 100.00% 115.00% 50.00% 151 USE CASE DIAGRAM (As-is-Process) Track Audit Visit Monitor Rpt Issuance Manager Performance Monitoring Senior Executive Categorize Audit Findings Submit KPI Rpt Current Manual Business Process Calculate Audit Visit Senior Executive Manager Fill in the KPI Form Verify audit visit calculation Track Audit Visits 152 Manager Calculate duration Rpt issued & prepared Fill in to the KPI Form Issuance of Report Calculate executive performance Senior Executive Fill in the KPI Forms Verify executive performance Calculate department performance IAD Performance Index Manager 153 Categorize audit findings Senior Executive Manager Fill in the KPI Forms Verify categorization Categorize Audit Findings Fill in the KPI Rpt Form Manager Submit KPI form to KPI Comm. Submit KPI Report 154 SEQUENCE DIAGRAM (As-is-Process) : Control Sheet Form : Senior Executive : KPI Report Calculate audit visit Fill in the KPI Forms Track Audit Visits-Senior Executive : KPI Report : Manager Verify audit calculation Track Audit Visits – Manager 155 : KPI Report : Control Sheet Form : Manager Calculate duration rpt issued & prepared Fill in the KPI Forms Issuance of Report : Senior Executive : Control Sheet Form : KPI Report Calculate executive performance Fill in the KPI Forms IAD Performance Index – Senior Executive 156 : KPI Report : Summary KPI Scores : Manager Verify executive performance Calculate department performance IAD Performance Index - Manager : Senior Executive : Control Sheet Form : KPI Report Categorize findings Fill in the KPI Forms Categorize audit findings – Senior Executive 157 : KPI Report : Manager Verify Categorization Categorize audit findings - Manager : KPI Report : Summary KPI Scores : Manager Verify executive performance Calculate department performance Submit KPI Report 158 COLLABORATION DIAGRAM (As-is-Process) 1: Calculate audit visit 2: Fill in the KPI Forms : Control Sheet Form : KPI Report : Senior Executive Track Audit Visits-Senior Executive 1: Verify audit calculation : KPI Report : Manager Track Audit Visits – Manager 1: Calculate duration rpt issued & prepared : Control Sheet Form : Manager 2: Fill in the KPI Forms : KPI Report Issuance of Report 159 1: Calculate executive performance : Control Sheet Form : Senior Executive 2: Fill in the KPI Forms : KPI Report IAD Performance Index – Senior Executive 1: Verify executive performance : KPI Report : Manager 2: Calculate department performance : Summary KPI Scores IAD Performance Index - Manager 160 1: Categorize findings : Control Sheet Form : Senior Executive 2: Fill in the KPI Forms : KPI Report Categorize audit findings – Senior Executive 1: Verify Categorization : KPI Report : Manager Categorize audit findings - Manager 1: Fill in the KPI Forms : KPI Report : Manager 2: Submit KPI Forms : KPI Committee Submit KPI Report 162 APPENDIX E ICT INFRASTRUCTURE AND NETWORK GHPB NETWORK TOPOLOGY 163 GHPB HARDWARE CONFIGURATION - SYSTEM CONFIGURATION 165 APPENDIX F SOFTWARE TEST PLAN 1.0 Introduction The Software Test Plan (STP) provides an overview of the Internal Audit Information System (IAIS) project and the software test strategy, a list of testing deliverables, the plan for development and evolution of the STP. The STP is designed to prescribe the scope, approach and resources schedule of all testing activities. The plan identifies the items to be tested, the features to be tested, the types of testing to be performed, the personnel responsible for testing and the resources required to complete the testing. 1.1 Objectives Identifying and fixing bugs and inconsistencies in the system before the software is delivered and ready to use. 166 1.2 Scope Testing will be performed at several points in the life cycle as the software is constructed. The testing is a very “dependent’ activity. As a result, the test is a continuing activity performed throughout the system development life cycle. 1.3 Test Items The test item for this system includes: Administrator/Management Module • Testing the Administrator/Management function • User friendly level testing • Operation Testing • Security Testing • Database Access Testing Senior Executive/Executive Module • Testing the Senior Executive/Executive function • User friendly level testing • Operation Testing • Security Testing Index Module • Login Testing • Performance Testing 167 1.4 Job Control Procedure A system manual is drafted for the system attendant reference. This reference guide includes the technical aspects of the IAIS and how the database access is done both from the Senior Executive/Executive point of view and Administrator/Management point of view. 1.5 User Procedure A User is drafted describing the user level access and responsibilities. This manual describes the user tasks and functionalities. 1.6 Operator Procedure An Administrator Manual is drafted highlighting the Administration access level and functionality tasks. This manual gives an in depth review of the system from the Administrator point of view. 2.0 Feature To Be Tested The feature to be tested is identified before the testing phase is carried out as not to overboard the testing procedure. Following are the identified features: • User Interface • Admin Interface • Index Interface • Database Access 168 • Performance 3.0 Testing Approach 3.1 Unit Testing • User Authentication Test i) The authentication is done when a user logs in to the system. This test will check the user’s credentials against the database to determine if that user has the right to access the information. • IAIS Program Debugging i) Locating errors and solving problems that may interfere with program execution or produce incorrect results. Program debugging is carried out by executing each function available on every user interface. • Input/Output Testing i) Input testing is required to check and validate that the user had entered or select appropriate value for each field. • Text Field - Each text field in the interface forms are tested for user inputs and display results. • Command Button – Each command button is tested to see if it corresponds to its desired trigger. • Database Tables – All tables are tested to ensure it is perfectly planned and integrated without any conflict. 169 ii) Output testing being implemented by executing the program and compare the output displayed. It is required to verify whether the system processes the data correctly. 3.2 Integration Testing Module 1, 2 and 3 is integrated to ensure each module is working together smoothly. If any complications occur it will be resolved immediately. Every text fields being input by the users in the system’s interface are tested with the displayed outputs to avoid any error occurrence to ensure error free system. 3.3 Security Testing Security testing was done by testing the login function. Administrator/Management and Senior Executive/Executive authentication works perfectly well. 170 INTERNAL AUDIT DEPARTMENT GOLDEN HOPE PLANTATIONS BERHAD Internal Audit Information System (IAIS) Test Plan Document Test Case Number ___________________________ Date ___________________________ Test Administrator ___________________________ Description of Test Data Expected Results Actual Result Test Pass/Fail 171 INTERNAL AUDIT DEPARTMENT GOLDEN HOPE PLANTATIONS BERHAD Internal Audit Information System (IAIS) Test Plan Document ____________1________________ Test Case Number 23/9/2005_____________________ Date Suzari_Said____________________ Test Administrator Description of Test Data 1. Performance & Stability 2. Security Issues Expected Results 1. No undesired results in performing operation 2. No breach of access level across users Actual Result 1. Error friendly Message given alerting their error 2. Privileges are strictly enforced Test Pass/Fail 172 INTERNAL AUDIT DEPARTMENT GOLDEN HOPE PLANTATIONS BERHAD Internal Audit Information System (IAIS) Test Plan Document Test Case Number ____________2_______________ Date _23/9/2005___________________ Test Administrator _Suzari Said__________________ Description of Test Data 1. Database transaction 2. Data mining Expected Results 1. Information retrieval should be easy from the database Server 2. Administrator & Manager should be able to extract data from database into reports. Actual Results 1. All database transaction is successful 2. Reports are successful generated from database Test Pass/Fail 173 INTERNAL AUDIT DEPARTMENT GOLDEN HOPE PLANTATIONS BERHAD Internal Audit Information System (IAIS) Test Plan Document Test Case Number ___________3_______________ Date 23/9/2005___________________ Test Administrator Suzari Said__________________ Description of Test Data 1. User Login Control Expected Results 1. User Login should work and validate users Actual Result 2. Login validation works fine Test Pass/Fail 174 INTERNAL AUDIT DEPARTMENT GOLDEN HOPE PLANTATIONS BERHAD Internal Audit Information System (IAIS) Test Plan Document Test Case Number ____________4______________ Date 23/9/2005___________________ Test Administrator Suzari Said______________________ Description of Test Data 1. User Management 2. Tracking Audit Visits Control 3. Issuance of Report Control 4. IAD Performance Index Control 5. Audit Finding Analysis Control 6. Generate Reports Expected Results 1. Add/Edit user records control audit visits duration 2. Administrator able to control the issuance of duration 3. Administrator able to calculate IAD Performance Index 4. Administrator able to analyze audit findings 5. able to generate all reports Actual Result 1. All user records are editable by the administrator 2. Administrator is able to control all audit visits duration 3. Successfully edited issuance of report duration 4. Successfully managed to calculate IAD Performance Index 5. Successfully managed to analyse all audit findings 6.Successfully managed reports Test Pass/Fail 175 INTERNAL AUDIT DEPARTMENT GOLDEN HOPE PLANTATIONS BERHAD Internal Audit Information System (IAIS) Test Plan Document Test Case Number ____________5______________ Date _23/9/2005__________________ Test Administrator _Suzari Said_____________________ Description of Test Data 1. User Authentication and password control 2. Administrator should be able to edit profile Auditee’s Expected Results 1. Access denied to invalid user login 2. Administrator should be able to edit Auditee’s Actual Result 1. Invalid user access is denied and only valid users are Authorized 2. Auditee’s profiles are successfully edited Test Pass/Fail 177 SAMPLE OF IAIS GENERATED REPORTS 178 179 180 181 182 183 APPENDIX H System : User Evaluation Form Evaluator : Date : Please evaluate the information system by circling the one number for each factor that best represents your assessment. System Output 1 Accuracy of information 2 Completeness of information 3 Ease of use 4 Response Time None Poor Average Good 0 0 0 0 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5 5 5 6 6 6 6 0 0 0 0 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5 5 5 6 6 6 6 0 0 1 1 2 2 3 3 4 4 5 5 6 6 0 0 1 1 2 2 3 3 4 4 5 5 6 6 User Interface 5 Clarity of instruction 6 Ease of use 7 Appropriateness of options 8 Authentication Required Reporting Tools 9 Management Report 10 Cost Report Others 11 System Availability 12 Department Oriented Signature : 196 APPENDIX I USER MANUAL FOR SYSTEM ADMINISTRATOR This documentation provides an in depth walkthrough of the Internal Audit Information System (IAIS) and how it functions from an Administrator point of view. This documentation is intended for the Administrator only. Each activity will be explained with detail. HARDWARE CONFIGURATION/SETUP For Windows Environment CPU 300MHz Pentium or better recommended OS Preinstalled versions of Windows XP Home Edition, Windows XP Professional, Windows 2000 Professional, Windows Millennium Edition (ME), Windows 98 Hard Disk Space 60MB required for installation RAM Minimum 64MB Video Resolution 800x600 or more with 16-bit colour (High Colour) or better 197 INSTALLATION PROCEDURE Planning the Install Ensure that Windows 98/ME/2000/XP or any subsequent 32 bit version of Windows is already installed on your computer or workstation and that you have the rights to install the software. Ensure that no other Windows programs are loaded. It is possible that some programs are automatically loaded and these should be closed. VISUAL BASIC 6.0 Installation Instructions for Visual Basic Programs This section lists installation-related information on programs and files shipped with Visual Basic 6.0. 198 Installing Over Visual Basic Beta, Pre-Release, and Technical Preview Installations Do not install the final release of Visual Basic 6.0 on computers that have prerelease, technical preview, or beta versions of any Visual Basic product. File copy targets and registration settings have evolved over the development cycle. Installing the final version on computers with a technology preview, pre-release, or other beta version can result in some final components not being installed, while the earlier beta version remain on the system. The outcome could be an unstable product or worse, an unstable system. Reformat the hard disk and reinstall the operating system before returning a machine used as a beta test platform into the production environment. "Side by Side Installation": Installing Multiple Versions of Visual Basic 6.0 Products on the Same Computer Visual Basic products with the same version and in the same language—Visual C++ and Visual Basic version 6.0 in English, for example—can be installed separately on the same workstation. Such installations are supported by Microsoft. The Visual Basic 6.0 Installation Wizard detects if other versions of the 6.0 product line have been installed on a developer's workstation. Mixing different language versions, point releases, or product tiers on the same workstation is generally not supported. This means that the installation may fail, one or more of Visual Basic 6.0 products may not work even if the installation succeeds, or in the worst case you may not be able to uninstall any of the products completely. If the Wizard generates a warning during installation, the safest course of action is to uninstall the Visual Basic 6.0 product before proceeding. The detection scheme checks for the following scenarios: 199 • Users installing different language versions of the same product. For example, Japanese Visual Basic and English Visual Basic. Installation of certain combinations is supported. • Users installing stand-alone versions of Visual Basic 6.0 products over the versions installed from Visual Basic 6.0 Professional or Enterprise. Installing Visual Basic from a Shared CD Drive If you are installing Visual Basic 6.0 from a shared compact disc drive, name the share with less than nine characters and with no embedded spaces in the name. Let Microsoft Internet Explorer Setup Finish Before Proceeding with Visual Basic Installation During Visual Basic setup, the Installation Wizard will install Internet Explorer 4.01 Service Pack (SP) 1. Near the end of the Internet Explorer setup, the Internet Explorer setup wizard will restart your computer. The Internet Explorer setup wizard will automatically restart and continue copying updated files and configuring your system. On some computers, the Visual Basic Installation Wizard may also start while the Internet Explorer setup wizard is finishing this task. You must let the Internet Explorer setup wizard complete its processing before continuing with Visual Basic setup. Specifically, it is vital that you do not continue with setup to the point of restarting the computer again. Restarting the computer during the final configuration phase of Internet Explorer will corrupt the Visual Basic setup. The Internet Explorer setup wizard shows progress indicators while in its final phase. When these progress indicators disappear, it is safe to proceed with the Visual Basic Installation Wizard. 200 MICROSOFT ACCESS 2003 This section shows you how to install Microsoft Access 2000 locally from the product CD. The Microsoft Access 2000 is part of the Microsoft Office suite. The Microsoft Access 2000 Installation Wizard works with Microsoft Windows Installer to guide you through the installation process. The Installation Wizard automatically recognizes your computer’s operating system and updates files as required. This section provides step-by-step instructions for installing As one of the final steps in the installation process, you’ll be asked if you want to register the product. Follow the on-screen instructions to complete this process. Installation requirements Local installation (from CD) requirements: ¾ Microsoft Windows 95/98/2000, Windows NT 4.0, or higher ¾ Minimum RAM: 16 MB (32 MB for Windows NT) ¾ Recommended RAM: 32 MB 201 ¾ Minimum hard drive space required (all editions): 60 MB ¾ Maximum hard drive space required: Professional Edition: 350 MB Standard Edition: 155 MB. We also recommend having an additional 100 MB of free disk space on your C: drive for use by Windows during the installation. If your system does not meet these requirements, the program may not run correctly. 202 CRYSTAL REPORT 8.5 Installing Crystal Reports 8.5 This section shows you how to install Crystal Reports locally from the product CD. The Crystal Reports Installation Wizard works with Microsoft Windows Installer to guide you through the installation process. The Installation Wizard automatically recognizes your computer’s operating system and updates files as required. This section provides step-by-step instructions for installing Crystal Reports and shows how to customize your installation. The main topics are: ¾ Installation requirements ¾ Installing on a local machine from CD ¾ Customizing your installation ¾ Installing Crystal Enterprise. As one of the final steps in the installation process, you’ll be asked if you want to register the product. Follow the on-screen instructions to complete this process. Installation requirements Local installation (from CD) requirements: ¾ Microsoft Windows 95/98/2000, Windows NT 4.0, or higher ¾ Minimum RAM: 16 MB (32 MB for Windows NT) 203 ¾ Recommended RAM: 32 MB ¾ Minimum hard drive space required (all editions): 60 MB ¾ Maximum hard drive space required: Developer Edition: 350 MB Professional Edition: 350 MB Standard Edition: 155 MB. We also recommend having an additional 100 MB of free disk space on your C: drive for use by Windows during the installation. If your system does not meet these requirements, the program may not run correctly. 204 Network installation requirements ¾ Microsoft Windows 95/98/2000, Windows NT 4.0, or higher ¾ Minimum RAM: 16 MB (32 MB for Windows NT) ¾ Recommended RAM: 32 MB ¾ Typical hard drive space required on a network server: 217 MB ¾ Typical hard drive space required on a workstation: 105 MB. We also recommend having an additional 100 MB of free disk space on your C: drive for use by Windows during the installation. If your system does not meet these requirements, the program may not run correctly. Installing on a local machine from CD If you are installing Crystal Reports on a computer running Windows NT or Windows 2000, you must have Administrator privileges. The installation process creates registry entries and may update some system files that require Administrator rights. Close all currently running programs and stop as many services as possible when installing Crystal Reports. Note: The Crystal Reports 8.5 installation removes theWeb Component Server that was included in the Professional and Developer editions of Crystal Reports 8. To regain the ability to distribute reports over theWeb, install Crystal Enterprise, which is included in the box with the Professional and Developer editions of Crystal Reports 8.5. To install on a local machine 1. Insert the Crystal Reports CD and, if the CD does not start automatically, browse to your CD-ROM drive and double-click Setup.exe. 205 Note: Depending on the configuration of your current system, you may receive a dialog box informing you to update existing files. If this happens, click Yes and restart your machine. The Installation Wizard updates the required files. 2. Read and accept the License Agreement to proceed with the installation. 3. In the User Information dialog box, type your name, organization, and the CD Key Code. 4. Tip: The CD Key Code is printed on the sticker on the back of the CD envelope. 5. Click Next. Installing Crystal Enterprise Crystal Enterprise replaces Crystal Report’s web capabilities and introduces new features such as report scheduling, security, and scalability. The Crystal Enterprise Standard CD (shipped with Crystal Reports 8.5) includes a temporary product license keycode that lets users install and operate the Crystal Enterprise system for a period of 30 days. To obtain a free, non-expiring product activation license keycode, users must register their copy of Crystal Enterprise Standard. Please use the Crystal Registration Wizard located in the Crystal Enterprise Program Group to complete your registration. The version of Crystal Enterprise included with the Professional and Developer editions of Crystal Reports 8.5 installs all the components necessary for running Crystal Enterprise on one machine. The following components are installed when you install Crystal Enterprise: ¾ ePortfolio ¾ Crystal Publishing Wizard ¾ Crystal Management Console (CMC) ¾ Crystal Configuration Manager ¾ Crystal Import Wizard ¾ Crystal Web Component Server (WCS) ¾ Crystal Automated Process Scheduler (APS) 206 ¾ Crystal Cache Server ¾ Crystal Page Server ¾ Crystal Input File Repository Server ¾ Crystal Output File Repository Server ¾ Crystal Job Server. All services are enabled after the installation is complete. An Administrator account is created aswell as a guest user account. Sample reports are also installed. Getting Started Crystal Enterprise uses a wizard to guide you through the installation process. The installation wizard automatically recognizes your computer’s operating system and updates files as required. System requirements A stand-alone installation of Crystal Enterprise has the following minimum system requirements: ¾ Microsoft Windows NT 4 SP5, Windows 2000 ¾ Microsoft Internet Information Services (IIS) 3, Netscape Enterprise Server 3.6 (and the latest SP), Netscape FastTrack 3.01 (and the latest SP), or a web server that supports the Common Gateway Interface (CGI) ¾ 128 MB RAM minimum ¾ 400 MB free disk space ¾ Microsoft Internet Explorer 4.01 SP2 minimum, 5.5 SP1 recommended, ¾ Netscape 4.72 minimum (4.75 recommended). If your system does not meet these requirements, the program may not run correctly. 207 Running the installation This section describes two options for installing Crystal Enterprise: 1. The first option can be used if you receive a message after installing or upgrading Crystal Reports; the second option can be used at any time. 2. Installing Crystal Enterprise immediately after Crystal Reports 3. If the computer you’re installing or upgrading Crystal Reports on has a web sever, the installation program prompts you with the following dialog box: 4. If you want to install Crystal Enterprise now, insert the Crystal Enterprise CD, or enter the path of the network directory you want to run the installer from. To continue, go to step 2 of “Installing Crystal Enterprise at a later time.” 5. If you don’t want to install Crystal Enterprise now, click Finish to exit the dialog box. You can install later by using the “Installing Crystal Enterprise at a later time” procedure. Installing Crystal Enterprise at a later time 1. Insert the Crystal Enterprise CD and, if the CD does not start automatically, browse to your CD-ROM drive and double-click Setup.exe. 2. The Wise Installation Wizard starts the installation and the Crystal Enterprise Setup program searches for previously installed components. 3. Follow the instructions displayed on your screen regarding licensing, and so on. 4. In the User Information dialog box, enter your name, organization name, and license key. 5. Click Next. 208 The Installation Type dialog box appears: 1. Click Browse if you’d like to specify a different destination folder from the one chosen by default. 2. Search for the new folder on your computer. 3. Select New as your installation type. 4. Click Next. 5. Click Next on the Start Installation dialog box when you are ready to begin the installation. 6. The installation of files begins immediately. When the installation program has finished copying files, the final setup screen appears. 7. Clear Launch Report Publish Wizard if you don’t want the wizard to begin immediately. 8. Click Finish. 209 Internal Audit Information System (IAIS) Installation Instruction of IAIS System Requirements Internal Audit Information System (IAIS) can be hosted using the following hardware and software configurations. • Windows 98/ 2000/ ME/ XP • Memory minimum: 64MB • Hard Disk Space: 60MB • Local Area Network • Database Server 210 We also recommend having an additional 100 MB of free disk space on your C: drive for use by Windows during the installation. If your system does not meet these requirements, the program may not run correctly. To use IAIS you need: ¾ A suitable computer for running Windows meeting the specification below. ¾ A graphics card which supports VGA, SVGA, XGA or other card compatible with Microsoft Windows. ¾ Microsoft Windows 95, 98, ME, 2000 or XP or any subsequent 32-bit versions. ¾ A printer is optional. A mouse or compatible pointing device is required. IAIS Installation Procedure: 1. Locate the C:\ directory and place a project folder with Internal Audit Information System (IAIS) name (C:\IAIS). 2. Copy the whole IAIS system into the project folder and then run the “register.exe” file in the IAIS folder. 3. As soon as the system has been installed, the computer needs to be restart to ensure the system is up and operational effectively. 211 USER MANUAL FOR USER This documentation provides a brief walkthrough of the Internal Audit Information System (IAIS) and how to use it. This documentation is intended for endusers. Each screen shot an activity of the system. To start using the system, users first have to click in to the IAIS icon on the desktop of their respective computers. Upon clicking the icon, the login main menu as shown below will be displayed. Figure 1: Login Menu screen 212 The figure above shows IAIS Login Menu where the user has to choose which user category has to be chosen between Administrator/Management and Senior Executive/Executive. Figure 2: IAIS Login Menu The figure above shows IAIS Login which is used by the user for Login before going to Main Menu and chooses any functionality offered by the system. The figure below shows the Main Menu for Administrator/Management offer seven (7) functionalities that is the Tracking Audit Visits Module, Issuance of Report Module, IAD Performance Index Module, Audit Finding Analysis Module, Auditee’s Information Module and IAD’s Personnel Information Module. 213 Figure 3: IAIS Main Menu for Administrator/Management The figure 4 shows the Main Menu for Senior Executive/Executive, offer four (4) functionalities that is the Tracking Audit Visits Module, Issuance of Report Module, Auditee’s Information Module and IAD’s Personnel Information Module. 214 Figure 3: IAIS Main Menu for Senior Executive/Executive 1.0 Module: Internal Audit Information System (IAIS) Internal Audit Information System (IAIS) has four (4) main modules, which is the Tracking Audit Visits Module, Issuance of Report Module, IAD Performance Index Module, Audit Findings Analysis Module. • Tracking Audit Visits Module Tracking Audit Visits Module controls all field audit visits duration and costs. All audit visits duration and costs details can be viewed and controlled from this module. 215 • Issuance of Report Module Issuance of Report Module controls all duration of the Preliminary Internal Audit Report (PIAR) Module, Auditees Reply Module and Final Report Module issuance. All audit issuance report duration details can be viewed and controlled from this module. • IAD Performance Index Module IAD Performance Index Module calculates calculate the department’s monthly performance index and executive’s performance throughout the financial year. All audit performance index can be viewed and controlled from this module. • Audit Findings Analysis Module Audit Finding Analysis Module controls the findings categorizations according to non-compliance and process improvement findings. It also provides analysis on the monetary loss for each audit assignments and categorizes it according to normal routine visit, special visit or an investigation etc. All audit findings analysis module details can be viewed and controlled from this module. 216 Each of these modules performs a specific task which will be detailed below with the screenshot. Module 1: Tracking Audit Visits Figure 4: Tracking Audit Visits Module When the Tracking Audit Visits Module is displayed, the user can choose field audit visits duration or costs module. 217 Figure 5: Audit Field Visit Module Figure 6: Audit Visit Cost Module 218 Viewing Tracking Audit Visits Details • By default when the page is displayed, it displays the first audit visits in the record. • To view subsequent records, click ► and it moves to the second record. Subsequently, if you want to view the previous record, click ◄. This will navigate to the previous record. • When navigating the records, the detail associated to the currently selected audit field visit and audit visit cost record the associated s are shown in its appropriate field. • The administrator has the rights to make changes, update the records. • By clicking the update link in the table for a particular row, the associated details will be displayed in the above fields. Adding New Tracking Audit Visits Details • To add new audit visits, click “Add” button and fill the form with the audit visit details. • After all the details are checked for errors, click “Update” button to save the addition. • This will be automatically being included into the Tracking Audit Visits database. Editing Tracking Audit Visits Details • To edit an existing audit visits details, click the “Update” button. • This would enable the fields for editing under edit mode. • After editing the information, click “Update” button to save changes and proceed. 219 Below is the sample of the Audit Visits Cost Report: Figure 7: Audit Visit Cost Report 220 Module 2: Issuance of Report Module Figure 8: Issuance of Report Module When the Issuance of Report Module is displayed, the user can choose PIAR, Auditee Reply and Final Report duration module. 221 Figure 9: Preliminary Internal Audit Report (PIAR) Module Figure 10: Auditee Reply Module 222 Figure 11: Final Report Module Viewing Issuance of Report Details • By default when the page is displayed, it displays the first report issuance details in the record depending on the submodules chosen. • To view subsequent records, click ► and it moves to the second record. Subsequently, if you want to view the previous record, click ◄. This will navigate to the previous record. • When navigating the records, the detail associated to the currently selected report issuance submodules records the associated s are shown in its appropriate field. • The administrator has the rights to make changes and update the records. • By clicking the update link in the table for a particular row, the associated details will be displayed in the above fields. 223 Adding New Issuance of Report Details • To add new audit visits, click “Add” button and fill the form with the audit report details. • After all the details are checked for errors, click “Update” button to save the addition. • This will be automatically being included into the Issuance of Report database. Editing Issuance of Report Details • To edit an existing Issuance of Report suibmodules details, click the “Update” button. • This would enable the fields for editing under edit mode. • After editing the information, click “Update” button to save changes and proceed. 224 Module 3: IAD Performance Index Module Figure 11: IAD Performance Index Main screen The IAD Performance Index is the most desired analysis by the management of IAD to monitor the todate or current performance of the department and each of the IAD’s personnel performance. The input from the analysis will help IAD to calculate and submit the KPI monthly submission to the KPI Committee. IAD Performance Index Module provides a tool to calculate the department’s monthly performance index, which will enable the management to evaluate each executive’s performance throughout the financial year and for bonus and increment purposes. When the IAD Performance Index is displayed, the user can choose Annual KPI and Department KPI Module. Department KPI Module is derived from the Annual KPI Module that only display the summary of the department’s overall performance. 225 Figure 12: Annual KPI Module screen Viewing IAD Performance Index Details • By default when the page is displayed, it displays the first IAD personnel performance (staff visits) details in the record depending on the submodules chosen. • To view subsequent records, click ► and it moves to the second record. Subsequently, if you want to view the previous record, click ◄. This will navigate to the previous record. • When navigating the records, the detail associated to the currently selected IAD performance index module records the associated s are shown in its appropriate field. • The administrator has the rights to make changes and update the records. • By clicking the update link in the table for a particular row, the associated details will be displayed in the above fields. 226 Adding New IAD Performance Index Details • To add new audit visits, click “Add” button and fill the form with the IAD personnel performance (staff visits) details. • After all the details are checked for errors, click “Update” button to save the addition. • This will be automatically being included into the IAD Performance Index database. Editing IAD Performance Index Details • To edit an existing IAD Performance Index suibmodules details, click the “Update” button. • This would enable the fields for editing under edit mode. • After editing the information, click “Update” button to save changes and proceed. 227 Module 3: Audit Findings Analysis Module Figure 13: Audit Findings Analysis Main screen The Audit Findings Analysis is the most desired analysis by the management of IAD to monitor the progress of audit’s visits and the quality of its findings. This module categorize the findings according to non-compliance and process improvement findings according to normal routine visit, special visit or an investigation etc. It is a tool to produce a statistics to analyze the findings for KPI purposes. It will provide analysis on the audit findings on every audit visits. It also provides analysis on the monetary loss for each audit assignments and categories. 228 Figure 14: Audit Findings Analysis screen Viewing Audit Findings Analysis Details • By default when the page is displayed, it displays the first Audit Findings Analysis details in the record depending on the submodules chosen. • To view subsequent records, click ► and it moves to the second record. Subsequently, if you want to view the previous record, click ◄. This will navigate to the previous record. • When navigating the records, the detail associated to the currently selected Audit Findings Analysis module records the associated s are shown in its appropriate field. • The administrator has the rights to make changes and update the records. • By clicking the update link in the table for a particular row, the associated details will be displayed in the above fields. 229 Adding New Audit Findings Analysis Details • To add new audit visits, click “Add” button and fill the form with the Audit Findings Analysis details. • After all the details are checked for errors, click “Update” button to save the addition. • This will be automatically being included into the Audit Findings Analysis database. Editing New Audit Findings Analysis Details • To edit an existing Audit Findings Analysis module details, click the “Update” button. • This would enable the fields for editing under edit mode. • After editing the information, click “Update” button to save changes and proceed. 230 Below is the sample of the Audit Findings Analysis Report: Figure 15: The Audit Findings Analysis Module Report 232 INTERNAL AUDIT DEPARTMENT GOLDEN HOPE PLANTATIONS BERHAD INSTALLATION REPORT FORM Project Title : Owner : Site : Item Installation Status Remarks Remarks: Checked by: Name: Date: Verified by: Name: Date: 233 INTERNAL AUDIT DEPARTMENT GOLDEN HOPE PLANTATIONS BERHAD Vendor : Customer : Contact Name : Contact No. : Date: ERROR LOG SHEET Problem : Comment : Prepared By: By: Name : Date : Approved Name : Date : 234 INTERNAL AUDIT DEPARTMENT GOLDEN HOPE PLANTATIONS BERHAD NON-CONFORMANCE REPORT Project Title : Owner NCR No. : NCR Title : : No. of Pages : Description of Non-Conformance : Status of Disposition : Date for Pre-Test : Originator: Review By Name : Date : Name: Date : : Approved By: Name : Date : 235 INTERNAL AUDIT DEPARTMENT GOLDEN HOPE PLANTATIONS BERHAD Bill Of Material Item Equipment Specifications Serial No Quantity Remark 236 INTERNAL AUDIT DEPARTMENT GOLDEN HOPE PLANTATIONS BERHAD PROBLEM/CHANGE REPORT SOURCE DATE: PRODUCT IDENTIFICATION ID: TITLE OF THE MODIFICATION ID: DESCRIPTION OF THE MODIFICATION ID: STATUS OF THE MODIFICATION Responsible Signature Date 64 237 INTERNAL AUDIT DEPARTMENT GOLDEN HOPE PLANTATIONS BERHAD Daily & Weekly Backup Report No Server & Services Backup Started Date 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Time Backup Completed Date Time Problem Solutions Backup Started Backup Completed By By
