IT AUDIT AND DATA MANAGEMENT

ONLINE BUSINESS DATABASE FOR COSY PAINT

BY
AYOOLA RASAQ LAWAL (031273ARL)

MBA (INFORMATION SYSTEM)

DECEMBER 2010
 TABLE OF CONTENTS

1.0 Abstract-------------------------------------------------------------------------------------------2-3

2.0 ERD/Normalisation------------------------------------------------------------------------------4-8
2.1 EDR (Entity Relation Diagram)
2.2 Normalisation
3.0 SQL(Structure Query Language)-------------------------------------------------------------9-12

4.0 IT Audit------------------------------------------------------------------------------------------12-13

5.0 Recommendation--------------------------------------------------------------------------------13

6.0 Conclusion----------------------------------------------------------------------------------------13
References --------------------------------------------------------------------------------------------14

1
1.0 ABSTRACT
Cosy paint plc is a paint selling company that sells paints to various types of customer.

Presently, the company operate locally and the aim of this assignment is to propose an online

business in order to reach more customers on market space.

E-commerce and E-business may have gone as far as they can, due to the meltdown in the

telecoms and dot.com as claims in the popular press. Of course, the revolutionary of the

internet-based market space has really only implies that best business practices are now

mandatory for online companies, as well as for their more traditional brethren in the physical

world. The more individuals and companies become more adapted to the ease of doing

business as and when they like, customary companies in all areas are increasingly looking for

ways of internet-enabling their products and services. In this assignment, I look at how to

develop an online business models. For Cosy paint Plc. A review of relevant, literature-based

database models is followed by a series chooses of client – server for small online paint

marketing in UK. I find out that the best client – server for this small online business is the

Three-Tier Client-server Architecture. The reason for these choose is based on the following

advantages

 Scalability

 Technological flexibility

 Long-term cost reduction

 Better match of systems to business needs

 Improved customer service

2
  Competitive advantage

 Reduced risk

The distributed Database design was chosen against centralised Database for the following

reasons.

 Business unit autonomy and distribution

 Data sharing

 Data communication reliability and costs

 Multiple application vendors

 Database recovery

 Transaction and analytic processing.

The type of distributed Database strategy to be used is synchronized replication taking cost

and reliability in to consideration. Finally a report on IT Audit was produced at a later section

in this assignment.

3
2.0 ERD AND NORMALIZATION

2.1 ERD (Entity Relation Diagram)

CUSTOMER PAINT
Customer_ID Paint_ID
Customer_Name
Customer_Address Unit_Price
Customer_Email Paint_Type
Paint_Colour
Places Has

Is for
Is placed by
ORDER ORDER LINE
Order_ID Order_ID
Contains Paint_ID
Customer_ID Is contained in Quantity

Order_Date

Figure 1 ERD diagrams showing the relationships between the tables.

From figure 1 above the following can be deduced.

 One customer may place many orders, but each order is placed by a single customer.

Therefore the relationship is one-to- many.

4
  One order has many order lines; each order line is associated with a single order.

Therefore this is a one-to- many relationships.

 One paint can be in many order lines, each order line refers to a single paint: one-to-

many relationships

 One order involves many paints and one paint is involves in many orders, therefore

the relationships is many-to-many.

2.2 Normalisation

Normalization is a database design technique, which begins by examining the relationships

(called functional dependencies) between attributes. Attributes describe some property of the

data or of the relationships between the data that is important to the enterprise. (T. Connolly

& C. Begg 2005)

Steps in Normalisation

1st Normal Form:

Removing multi value attributes from figure 2 below and I get figure 3, with the help of the

functional dependencies identified, I identify a primary key for the relations. The format of

the resulting 1NF relations are shown on figure 4 below.

2nd Normal Form:

Removing partial dependencies from figure 4 I got the result in figure 5

3rd Normal Form:

On removing the transitive dependencies I got figure 6, which complete the Normalisation

process for these particular assignment. But there are also normalisations of higher order

which are not mentioned because it’s of no use to this study.

5
6
 Order Order_Date Customer Customer_Name Customer_Address Paint_ Paint_type Paint_Colour Unit_Price Quantity_
_ID _ID ID Ordered
10052 10/02/2010 32 D Patrick 109, SN2 2DG 1 Text Coat Red 500.00 10
3 Flex Coat Yellow 550.00 10
4 Emulsion Green 300.00 5
10098 11/02/2010 47 J Martins 165B, E16 4LE 2 Emulsion Gold 300.00 20
4 Emulsion Green 300.00 15
Figure 2
Order Order_Date Customer Customer_Name Customer_Address Paint_ Paint_type Paint_Colour Unit_Price Quantity_
_ID _ID ID Ordered
10052 10/02/2010 32 D Patrick 109, SN2 2DG 1 Text Coat Red 500.00 10
10052 10/02/2010 32 D Patrick 109, SN2 2DG 3 Flex Coat Yellow 550.00 10
10052 10/02/2010 32 D Patrick 109, SN2 2DG 4 Emulsion Green 300.00 5
10098 11/02/2010 47 J Martins 165B, E16 4LE 2 Emulsion Gold 300.00 20
10098 11/02/2010 47 J Martins 165B, E16 4LE 4 Emulsion Green 300.00 15
Figure 3: Table with no multi valued attributes and unique rows, in 1st normal form

Anomalies in the figure 2 above

 Insertion–if new paint is ordered for order 10098 of existing customer, customer data must be re-entered, causing duplication

 Deletion–if we delete the Text coat from Order 10052, we lose information concerning this item's colour and price

 Update–changing the price of paint ID 4 requires update in several records

These anomalies exist because there are multiple themes (entity types) in one relation. This results in duplication and an unnecessary
dependency between the entities.

7
Customer
Customer_ID Customer_Name Customer_Address
32 D Patrick 109, SN2 2DG
47 J Martins 165B, E16 4LE

PaintOrderOrderline
Customer Order Order_Date Paint_ Paint_Type Paint_ Unit_ Quantity
_ID _ID ID Colour Price
32 10052 10/02/2010 1 Text Coat Red 500.00 10
32 10052 10/02/2010 3 Flex Coat Yellow 550.00 10
32 10052 10/02/2010 4 Emulsion Green 300.00 5
47 10098 11/02/2010 2 Emulsion Gold 300.00 20
47 10098 11/02/2010 4 Emulsion Green 300.00 15
Figure 4: 1NF Customer and PaintOrderOrderline relations.

Customer
Customer_ID Customer_Name Customer_Address
32 D Patrick 109, SN2 2DG
47 J Martins 165B, E16 4LE

Order
Customer_ID Paint_ID Order_ID Order_Date Quantity
32 1 10052 10/02/2010 10
32 3 10052 10/02/2010 10
32 4 10052 10/02/2010 5
47 2 10098 11/02/2010 20
47 4 10098 11/02/2010 15

Paint
Paint_ID Paint_type Paint_Colour Unit_Price
1 Text Coat Red 500.00
3 Flex Coat Yellow 550.00
2 Emulsion Gold 300.00
4 Emulsion Green 300.00
nd
Figure 5: 2 NF derived from customerOrder relation.

8
Customer
Customer_ID Customer_Name Customer_Address
32 D Patrick 109, SN2 2DG
47 J Martins 165B, E16 4LE

Order
Customer_ID Paint_ID Order_ID Order_Date Quantity
32 1 10052 10/02/2010 10
32 3 10052 10/02/2010 10
32 4 10052 10/02/2010 5
47 2 10098 11/02/2010 20
47 4 10098 11/02/2010 15

PaintForOrder
Paint_ID Paint_Colour Unit_Price
1 Red 500.00
3 Yellow 550.00
2 Gold 300.00
4 Green 300.00

PaintType
Paint_Type Unit_Price
Text Coat 500.00
Flex Coat 550.00
Emulsion 300.00
Figure 6: A summary of 3NF relations derived from the CustomerOrderPaint relation.

9
3.0 SQL (Structure Query Language)

The history of the relational model (and indirect SQL) started with the publication of seminar

paper by E. F. Codd, while working at IBM’s Research Laboratory in San Jose (codd, 1970).

In 1974, D. Chamberlin, also from the IBM San Jose Laboratory, defined a language called

Structure English Query Language, or SEQUEL. A revised version, SEQUEL/2, was defined

in 1976, but the name was subsequently changed to SQL for legal reasons (chamberlin and

Boyce, 1974; chamberlin et al., 1976). Today, many people still pronounce SQL as ‘See-

Quel’, though the official pronunciation is S-Q-L

SQL is the first and, so far, the only standard database language to gain wide acceptance.

SQL database definition commands for Cosy Paint (Overall table definations)
CREAT TABLE CUSTOMER_T
(CUSTOMER_ID NUMBER(11,0) NOT NULL,
CUSTOMER_NAME VARCHR2(25) NOT NULL,
CUSTOMER_HOUSE_NO NUMBER(11,0),
POSTAL_CODE VARCHR2(8)
CUSTOMER_EMAIL VARCHR2(30) NOT NULL,
CONSRAINT CUSTOMER_PK PRIMARY KEY (CUSTOMER_ID));

CREAT TABLE ORDER_T

(ORDER_ID NUMBER(11,0) NOT NULL,
ORDER_DATE DATE DEFAULT SYSDATE,
CUSTOMER_ID NUMBER(11,0),
CONSTRAINT ORDER_PK PRIM ARY KEY (ORDER_ID),
CONSTRAINT ORDER_FK FOREIGN KEY (CUSTOMER_ID) REFRENCES CUTOMER_T(CUSTOMER_ID));

CREAT TABLE PAINT_T

(PAINT_ID INTEGER NOT NULL,
PAINT_TYPE VARCHR2(10),
PAINT_COLOUR VARCHR2(10)
CHECK (PAINT_COLOUR IN (‘RED’, ‘GREEN’, ‘YELLOW’, ‘GOLD’,)),
UNIT_PRICE DECIMAL(6,2),
CONSTRAINT PAINT_PK PRIMARY KEY (PAINT_ID));

CREAT TABLE ORDER_LINE_T

(ORDER_ID NUMBER(11,0) NOT NULL,
PAINT_ID INTEGER NOT NULL,
ORDER_QUANTITY NUMBER(11,0) NOT NULL,
CONSTRAINT ORDER_LINE_PK PRIMARY KEY (ORDER_ID, PAINT_ID)
CONSTRAINT ORDER_LINE_FK1 FOREIGN KEY(ORDER_ID) REFERENCES ORDER_T (ORDER_ID),
CONSTRAINT ORDER_LINE_FK2 FOREIGN KEY(PAINT_ID) REFERENCES PAINT_T (PAINT_ID));

From the above overall table definition, the following tables are created

10
Customer_T
Customer_I Customer_Nam Customer_House_N Customer_Postalco Customer_Ema
D e o de il

Order_T
Order_ID Order_Date Customer_ID

Paint_T
Paint_ID Paint_Type Paint_Colour Unit_Price

Order_line_T
Orderr_ID Paint_ID Quantity

To insert a record in to the Customer table using SQL statement

INSERT INTO CUSTOMER_T VALUES (‘32’, ‘D. Patrick’, ‘109’, ‘SN2 2DG’,
‘dpatrick@gmail.com’);

Customer_ Customer_Name Customer_House_ Customer_ Customer_Email

ID No Postalcode
32 D. Patrick 109 SN2 2DG dpatrick@gmail.com
To insert another record

INSERT INTO CUSTOMER_T VALUES (‘47’, ‘J. Martins, ‘165B’, ‘E16 4LE’,
‘jamesmart@yahoo.com’);

Customer_ Customer_Name Customer_House_ Customer_ Customer_Email

ID No Postalcode
32 D. Patrick 109 SN2 2DG dpatrick@gmail.com
47 J, Martins 165B E16 4LE jamesmart@yahoo.com

To update a record in the customer table above using SQL statement, i.e updates the customer
house no and postal code for customer ID 32 to 130 SN1 2EP.

UPDATE CUSTOMER_T SET CUSTOMER_HOUSE_NO = ‘130’ AND

CUSTOMER_POSTALCODE = ‘SN1 2EP’ WHERE CUSTOMER_ID = 32;

Then the table is updated as shown below

Customer_ Customer_Name Customer_House_ Customer_ Customer_Email

ID No Postalcode
32 D. Patrick 130 SN1 2EP dpatrick@gmail.com
47 J, Martins 165B E16 4LE jamesmart@yahoo.com
To delete a row from the customer table, using SQL statement.

11
DELETE FROM CUSTOMER_T WHERE CUSTOMER_EMAIL =
‘jamesmart@yahoo.com’;

Customer_ Customer_Name Customer_House_ Customer_ Customer_Email

ID No Postalcode
32 D. Patrick 109 SN2 2DG dpatrick@gmail.com

To delete all row

DELETE *FROM CUSTOMER_T;

Customer_I Customer_Nam Customer_House_N Customer_Postalco Customer_Ema

D e o de il

Select statement

SELECT CUSTOMER_NAME, CUSTOMER_EMAIL FROM CUSTOMER_T WHERE

CUSTOMER_ID = 32;

Customer_Name Customer_Email
D. Patrick dpatrick@gmail.com

Further search criterion using the SQL can be clarify using the paint table below.

PAINT_T
Paint_ID Paint_Type Paint_Colour Unit_Price
1 Text Coat Red 500.00
2 Emulsion Gold 300.00
3 Flex Coat Yellow 550.00
4 Emulsion Green 300.00

Find paint which unit price is greater than 300 using SQL

SELECT PAIT_TYPE, UNIT_PRICE FROM PAINT_T WHERE UNIT_PRICE >300.00;

Paint_Type Unit_Price
Text Coat 500.00
Flex Coat 550.00

12
Select example Boolean operation

SELECT PAINT_TYPE, PAINT_COLOUR, UNIT_PRICE FROM PAINT_T

WHERE (PAINT_TYPE LIKE ‘%Coat’ OR PAINT_TYPE LIKE ‘%EMULSION’) AND
STANDARD_PRICE > 300.00;
Paint_Type Paint_Colour Unit_Price
Text Coat Red 500.00
Flex Coat Yellow 550.00

4.0 IT AUDIT REPORT

There are some treat of online business. Online customer must have credit card or debit

card, in order to make a purchase. Most customers make their purchase using cash for the

afraid of being a victim of credit card fraud.

This IT fraud can either be internal or external and this could be reduced by proper IT

Auditing.

Some of the benefits of using internal Auditors are to enhanced presence of strong control

system, prevention of internal fraud, have more knowledge about the company being a

member of staff. And some of the threats are, over reliance which may promote internal

fraud, collude with order staff to cause misappropriation of company resources. Etc.

Benefits of external Auditing are high degree of professionalism because they are trained

in many areas promoting the quality of service to the management on best practices but

for this online small business External audit is not ideal for cost control because the

transaction are few.

Ideally, the same individual(s) who design the system should not perform the IT audit. A

neutral third party should be engaged who can audit the system and project objectively.

The following benefit could be derived from IT Audit

• Analysis of the present IT infrastructure.

13
 • Quality assurance.

• Reduce threats, both from within and outside.

• Discover areas where upgrading of IT system is required.

• Reduced internet fraud.

The standard protocols to be used are to make use of Audit software’s, for this business

the software to be used are

AIDA32 - Enterprise System Information 3.61 which is professional system

information, diagnostics and benchmarking program for Windows platforms and

IntelyAudit 1.0 Audit Software is corporate audit management tool that helps corporate

staff and auditors to conduct auditing operations efficiently and effectively.

The audit process will be benchmarked with COBIT and ISO 9001 series.

5.0 RECOMMENDATION

It is recommended that Cosy Paint should develop and implement standard systems with the

configuration based on ‘best practices’ to significantly reduce the risk of unauthorized access.

And payment verification should always be carried out with the issuer of credit/debit card

before dispatching customers order.

The company may also use more other Audit software for best performances.

6.0 CONCLUSION

The world is going global and we no longer have market places but market spaces. Cosy

paint will benefits from the proposed online business with perfect and best Audit practices in

place.

14
LIST REFERENCES
1. Audit software Available at: http://www.freedownloadscenter.com/Best/freeware-
audit.html [Accessed on 17/11/2010]
2. Chamberlin, Donald D.; Boyce, Raymond F. (1974). "SEQUEL: A Structured English

Query Language" (PDF). Proceedings of the 1974 ACM SIGFIDET Workshop on Data

Description, Access and Control (Association for Computing Machinery): 249–264.

3. Codd, E.F. (1970). "A Relational Model of Data for Large Shared Data Banks".

Communications of the ACM 13 (6): 377–387.

4. Connolly, T. C. Begg (2005) Database Systems (2nd Ed.). Peasoned, Edinburgh.

5. Gallegos Frederick, Daniel P. Manson, and Sandra Allen Senft, Information

Technology Control and Audit, CRC Press, LLC.

6. Jeffrey A. Hoffer, Mary Prescott, Heikki Topi, Modern Database Management, 9th

edition, Prentice Hall.

15