Riordan Manufacturing Service Request SR-rm-013
Michael Elion, Bill Dillavou, Heather Baldwin, Mike Grasvik
University of Phoenix
August 8, 2011
Learning Team B Riordan Manufacturing Service Request SR-rm-013 An important consideration of an information or operating system of a business or organization is to have a security system that protects information, data, and integrity of the company’s sensitive information and records. If a business or company does not have adequate security, financial, sensitive, and classified information may be compromised and prone to possible viruses and malware, hacking, or at risk of a cyber-attack to the company’s data resulting in possible financial loss. If this scenario is the case, extensive resources most likely will be required to repair or undo the damage caused by the breach of security or virus. This essay will discuss the Service Request SR-rm-013 for Riordan Manufacturing and address security issues and concerns. In addition, this document proposes solutions, methods, and options, and provide information that would best suit the company’s needs and requirements for the security and integrity of sensitive data, based on Riordan’s current security, operating system, and database. Sarbanes-Oxley Compliance
The Sarbanes-Oxley Act of 2002 (SOX) was enacted because of the actions of corporations during the 1990s (e.g. – WorldCom & Enron), and commands a higher level of accountability. This law changes the way companies manage financial reporting, auditors, internal controls, and executive responsibility. Without a comprehensive and integrated finance and accounting (F&A) system, the effective management and decision-making of the organization is at risk. The data from each location requires manual consolidation every month that can result in lost or compromised data, typographical errors, and missed deadlines. Also the required external monthly financial audits require a significant amount of labor, further driving up costs, and fulfilling the reporting requirement to remain in compliance with new government regulations becomes difficult at best. The human resources (HR) department is using an information system acquired in 1992. Employee records are kept and filed with his or her department managers. This includes performance reviews, promotion memorandums, and information regarding terms of employment. Department managers are also responsible for employee information pertaining to the Americans with Disabilities Act or The Family and Medical Leave Act. It has been documented that none of this information is in a centralized location, and each department is responsible for this documentation. The sales and marketing (S&M) department does not have a customer relationship management program in place to manage Riordan’s interactions with customers, clients, and sales prospects. This shortsightedness results in inaccurate financial reports that will also affect the organizations compliance with the SOX. In addition, there is a genuine risk that competitive intelligence and trade secrets may be lost because of the risky behavior and lack of security processes and procedures inherent in the current workflow. Riordan’s ability to handle different formats of data seamlessly within the organization is substandard. To achieve a seamless integration of systems, an enterprise resource planning (ERP) software must be used company-wide; Riordan’s headquarters in San Jose, California already has an ERP in place. The ERP will help manage the organization’s data that has been in complete disarray for several years. Web security is critical because financial data will be accessed, maintained, and stored in an electronic format using applications that have Internet capability. However, specific internal controls need to be in place to achieve compliance with SOX. Internal controls such as an ERP, upgraded firewalls,...