All-Shop Superstores is a regional chain of superstores in the Boston, New York, and Washington, D.C., corridor.
Question:
All-Shop Superstores is a regional chain of superstores in the Boston, New York, and Washington, D.C., corridor. These stores compete with other giants, such as Wal-Mart, Kmart, Target, and other budget retailers. The stores contain large grocery stores as well as domestics, clothing, automobile, and home improvement products. Overall, the margins in this portion of the retail industry are very small. Grocery profits have always been small, in the range of 5 to 10 percent. The margin for domestics, clothing, and other goods is a little higher, but to compete with Wal-Mart, All-Shop must keep all margins low. To reduce operating costs as much as possible, All-Shop has decided to move very heavily into electronic data interchange (EDI) with its suppliers. All-Shop is aware that several of its more advanced competitors allow their suppliers to manage inventory levels in the stores themselves. For example, paper hygiene products such as disposable diapers and toilet paper are high-volume products that require very close monitoring of inventory levels. All-Shop has already installed sophisticated sales and inventory systems that track activity of each individual item (using the UPC code) daily. These systems not only capture daily activity but also maintain histories in a data warehouse to support online data analysis. The first step for All-Shop was to enable its major suppliers to have access to its daily sales and inventory database. That way, the suppliers could monitor sales activities and check inventory to ensure that deliveries are made on time to maintain optimal inventory levels. The system should also permit each supplier to access and check the status of its individual accounts and a history of past payment activity. Obviously, All-Shop must control all of this information so that suppliers cannot observe each other’s information.
1. Based on what you have learned in this and previous chapters, develop a use case diagram identifying the use cases that apply to the supplier as an actor. Even though this is really a system-to-system interface, the supplier system can be considered an actor. Identify two lists of controls that you consider necessary for this interface. On the first list, identify overall controls for the entire EDI interface. Then, for the second list, for each identified use case, develop a specific set of controls that will be necessary. Base your analysis on the types of controls discussed in the chapter as well as the three primary objectives of integrity controls. In other words, your assignment is to develop a statement of required controls that the system developers can use to ensure that the system adequately protects the assets and information of All-Shop.
2. All-Shop is considering a plan to provide supplier access to its data warehouse to enable executives to analyze past trends and help design promotions to increase overall sales and those of individual products. In other words, All-Shop is building partnerships with its suppliers to maximize its presence in the retail marketplace. One major concern of All-Shop executives is how to ensure that the suppliers treat this information with maximum security and not damage All-Shop. How can they ensure that the suppliers do not use this information to benefit All-Shop’s competitors inadvertently, as suppliers also work with these competitors?
3. Do you think this second step is a wise move for All-Shop? If not, why not? If so, what kinds of controls and contractual arrangements should be made to protect All-Shop? You can see how a narrow focus on integrity controls might be inadequate to protect proprietary information. A broader view and understanding of controls and their objectives are required in this instance.