微信客服:xiaoxionga100
微信客服:ITCS521
PostgreSQL代写-BISM7221
时间:2022-05-23
UQ Business School
6th April 2022
BISM7221 Information Systems
Control, Governance and Audit
Grocers 2 Go Assignment Specification
SEMESTER 1 2022
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 1
Purpose
This document provides the Assignment Specification for the assessment item “Business Consulting
Report (IS Recommendations)”. You should refer to the associated Assessment Guideline for the
Marking Rubric.
Note: this assignment is an individual assignment and will be electronically submitted. You may
discuss (but not collaborate on) the assignment with your peers. The work you submit should be
yours, and yours alone.
About Grocers 2 Go
Grocers 2 Go (G2G) is an online (24/7) supplier of groceries to customers throughout Brisbane,
Queensland. They take online orders for groceries and guarantee that all the grocers ordered will be
delivered the next day – or the client will receive $2 off for every item ordered not received, and $2 off
for every day G2G delivers late. G2G has its offices located in Brisbane, near the Rocklea Markets.
This guarantee is branded as “All there, on time – the G2G $2 Guarantee!” Customers can order any
time of the day or night on any day of the week, and this guarantee will be honoured.
The business has done very well over recent years, and the recent COVID pandemic has resulted in
many people using G2G for the first time as they are forced to isolate with covid. This success was
only paused a bit this year – during the devastating Brisbane floods that flooded the G2G
headquarters at the Rocklea Markets near the Oxley Flood Plain, Rocklea, Brisbane
G2G is a privately owned company, whose board of directors has retained you to provide them with
consulting advice for improvements to their IT governance and IT operations, as well as to undertake
a fraud assessment.
As part of your brief, you are therefore to consider how IT governance can be improved at G2G as
well as consider operational and fraud issues as part of your IS audit role. You are developing a
Consulting Report that will be provided to the Board ofG2G.
G2G is customer-focused in every way and aims to improve the customer experience. The G2G $2
Guarantee is a cornerstone of that relationship with clients. The $2 guarantee is calculated
automatically, and clients should not need to ask for it although there is a call centre to handle such
requests.
Despite their success, G2G knows that it needs to improve its bottom line – over the past several
years it has been difficult to contain costs. G2G's directors are concerned that despite strong demand
and activity, their profitability has not improved and, if anything, it has gotten worse.
You, as a consultant, are here to help G2G become both more effective and efficient.
You are provided with a SQL data file with system information in it for your analysis as part of your
review. You are also provided with case notes relating to discussions with key players in this scenario.
You need this information to answer the Guiding Questions in your Consulting Report, which are at
the end of this Specification.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 2
Background
Data Files
The data files for this assignment are located on Learn.UQ with this Case Description. This is an SQL
file for uploading via DBeaver.
The file is called "populate_g2g_script V2.sql", and it is provided on Blackboard with this assignment
specification.
This is a database population script. It is executed exactly as provided. You will need to ensure that
the connection is set to your server and that the database is connected to your own already-created
database ('g2g') before running this script.
When you run this script, you will be presented with the below information. Check that your database
passes all tests.
ref description current benchmark test_result
10 -----ACCOUNTS RECEIVABLE SYSTEM----- [NULL] [NULL] TEST RESULT
20 customer 1777 1777 PASS
30 -----PAYROLL SYSTEM----- [NULL] [NULL] [NULL]
40 employee 149 149 PASS
50 ft_salaries 26 26 PASS
60 payroll 52 52 PASS
70 payroll_detail 5528 5528 PASS
80 pt_hourlyrates 4 4 PASS
90 standard_hours_log 177 177 PASS
100 status_lookup 2 2 PASS
110 tax_rates 4 4 PASS
120 -----ACCOUNTS PAYABLE SYSTEM----- [NULL] [NULL] [NULL]
130 payment_made 1882 1882 PASS
140 vendor 142 142 PASS
150 vendor_invoice 1910 1910 PASS
160 -----G2G GUARANTEE SYSTEM----- [NULL] [NULL] [NULL]
170 g2g_guarantee 81432 81432 PASS
An SQL file is provided that is a companion to this Assignment Specification with data for the year
2021 on it – this data is to be analysed by you as part of your consulting report.
IT Services
G2G has several key information systems. These systems manage their accounts receivable
(customers and debtors), accounts payable (suppliers/vendors), payroll, and the G2G Guarantee.
These information systems are all legacy systems developed a long time ago for G2G, and the
owners are determined to recoup their investment by keeping with those systems.
There is an IT support department. There are 7 people currently employed in the G2G IT department.
The IT Manager is Tom Jackson, and he prides himself on running a tightly knit team. Kato Yul is the
software developer (all software is written in a combination of Visual Cobol, Python, and APLX) and 2
software maintenance staff, as well as database administrator (DBA), Sarah-Louise Wolf. There are
also two IT support maintenance personnel. The team works as one when G2G is busy with projects,
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 3
and all members of the team pitch in to complete work. Tom oversees the IT team but lets them do
their work as they see fit; he relies on Sarah-Louise as his assistant manager.
Legacy systems are written in Visual Cobol and APLX and are the back-office systems that implement
the website transactions.
The software developer, Kato Yul, is a relatively new hire, and she develops software principally in
Python, though has a working knowledge of Visual Cobol and no understanding of APLX at all (who
does?). To address the gap, Herbert Geschwitz – the recently retired software developer – is retained
on a contract of $5,000 per annum to maintain the software code for the legacy systems. This usually
takes about one day a week. Herbert helped build the original systems – the Accounts Receivable,
Payroll, Accounts Payable and the G2G Guarantee Payroll systems – back in 1983 when G2G was
first starting out. The IT team held a retirement BBQ for Herb where he received a $50 JB HiFi
voucher and a novelty ‘World’s Most Awesome Programmer’ coffee cup.
All team members are agile and flexible and ensure that the work is done as required. For example,
Helen Currie is in an IT support role, but has a software development background and regularly works
on maintaining and updating the payroll system. All software development and maintenance staff
work on the system to ensure that the important applications – like the G2G Guarantee system –
continue to provide G2G with a competitive advantage.
Sarah-Louise Wolf is the DBA at G2G, and she helped Herbert with building and maintaining the
original systems when G2G went online. This was back in 2002 through her consulting company, Wolf
in Sheep's Clothing. She was later hired by G2G directly and continues to help build and maintain
systems at G2G as well.
Sarah-Louise seems devoted to G2G and rarely – if ever – takes holidays.
Tom Jackson really relies on Sarah-Louise and is sorry that due to cost-cutting Sarah-Louise's salary
– which used to be relatively high, as she gave up her consulting career to work for G2G – has been
reduced. Although ostensibly Sarah-Louise's hours were reduced, Tom knows that Sarah-Louise's
hours have not really changed much at all.
IT Governance
G2G is a relatively small company with around 120-150 full time and casual employees. Jillian Castillo
is the Chief Executive Officer, and she makes all decisions. Iona Fisher is the Chief Financial Officer,
and Allison Mullen runs the sales team as Sales Manager.
G2G does not have an IT Steering Committee (Jillian says that "it's only another waste of time –
besides, it's IT. Not what we do around here – it’s about the groceries!"). Jillian believes that she
knows whether a project is worth funding 'just by looking at it' and besides, ‘business cases are all
horse-hockey – not worth the laser printer ink it is printed with’.
Instead, Tom Jackson prepares the IT Budget each year based on the age of the equipment in place,
and this budget is approved by the Executive Team of Jillian, Iona, and Allison.
Once a year, Tom attends the Strategy Day with the Executive Team; Tom really likes the muffins that
he gets through that process. Every strategy day, Tom asks for a budget to remove the creaky, old
information systems that were developed by Herbert, but Jillian is adamant that she wants to get her
money's worth out of G2G's IT.
Physical Infrastructure, Disaster Recovery and Data Storage
G2G has its Data Centre in the basement of the Oxley Little Nippers Aquatic Centre. This is a building
on the edge of the Oxley Flood Plain with a magnificent view of Oxley Creek. Particularly since the
last flood in 2011, this building has been upgraded to a magnificent standard, and with the most
recent floods it was out of action for a week.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 4
There is one UPS (Uninterruptible Power Supply) unit in the server room that is sufficient to power the
data centre for six hours in the event of unexpected power outages. There are two air conditioning
units in the data centre in the basement. It is powered down after-hours and on weekends.
Biometric controls lock the room. All members of the senior leadership team and the IT Team have
access to the data centre, as well as Alice Sloan, the G2G receptionist. Alice maintains the security
logs for the data centre.
The data centre runs the servers for the information systems used by G2G. These run a combination
of Linux (Mandrake Corporate Server 3, Linux 2.6.3) and Windows 2000. All information systems are
now built on PostgreSQL Version 7; they were originally developed using the Ingres database
management system.
With a laugh, Sarah-Louise notes that she refuses to upgrade because it would break all the
information systems developed for G2G and, if it isn't broken, there is no need to try and 'fix it'.
All corporate files, however, are hosted on Dropbox Business. G2G uses Office 365 and Dropbox to
manage its corporate files and no backups of these files are taken as Dropbox has versioning of files
for 90 days.
The custom-built accounts receivable, accounts payable, payroll and G2G Guarantee systems are
automatically zipped each day and stored as an unencrypted file on OneDrive.
The business continuity plan (BCP) is maintained by Tom Jackson. It was last updated two years ago
when the new data centre in the Aquatic Centre's basement was constructed. Tom regularly tests the
BCP by sending a multiple-choice quiz to all staff members on what to do in the case of emergency.
Accounts Receivable System
Accounts receivable is the system that records how much customers owe G2G. This is a custom-built
system. It has relationships with the Grocers 2 Go Guarantee System – which is where customers are
refunded their G2G Guarantee.
In the data files, you are only provided with the 'customer' table. This system contains information on
customers, their credit limit and the amount owed by customers. A credit limit is provided to
customers as many customers have found themselves unemployed during the pandemic.
However, Jillian tells you that absolutely no customer is allowed to exceed their credit limits. She
receives regular reports on credit limits from the custom system and maintains a close eye on this
information. To ensure separation of duties, Alice Sloan, the receptionist, prints these regular reports
and provides them to Jillian.
Accounts Payable System
Accounts payable is the system that records the money that G2G owes to its creditors. Again, this is a
custom-built system. It has relationships with the payroll system – particularly in relation to the tasks
undertaken by different employees in the Finance department. Creditors (vendors) are only paid by
finance officers.
In the data files, you are provided with several tables.
The 'vendor' table records details about vendors, including the company name, address, any notes
about the vendor, and the amount that G2G owes to the vendor. The amount owed to vendors is the
total of all amounts owed on each vendor's invoices (i.e., the ‘amount_owing’ field in vendor_invoice).
Vendor invoices are recorded in the 'vendor_invoice' table. It records any invoices received from
vendors, including the amount of the invoice, the date the invoice was issued, and how much is left
owing on the invoice. When the invoice is paid, the 'paid flag' field is set to 'Y'.
Payments are recorded in the 'payment_made' table; this table records the date the payment was
made, the amount paid on the invoice, and the related vendor and invoice. It also records the finance
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 5
officer that processed the payment in the ‘finance_officer’ field, which stores the employee’s
employee number from the employee table. Only finance officers process these payments.
The payment_made table relates to the vendor, vendor_invoice, and employee tables. When a
payment is made, the amount_owing field in the vendor_invoice table is updated so that the amount
owing in vendor_invoice matches the amount of the invoice less payments made as recorded in the
payments_made table.
Iona Fisher advises that – due to the company's worsening cash position – as Chief Financial Officer
she has been making sure that invoices are paid in full only when the terms (the number of days
allowed before the invoice becomes overdue) have been fully utilised; she admits that, occasionally,
some invoices are paid later than that as cashflow is particularly poor right now.
This means that sometimes, invoices are only half-paid after 14 days, due to the worsening cash
position but Iona is adamant that all invoices are paid within two months.
Payroll System
Payroll is the system that records money paid by G2G to its employees. Again, this is a custom-built
system, and it has relationships particularly with the Accounts Payable system (where the employee
number of the finance officers that make payments to vendors is recorded).
In the data files, you are provided with several tables.
The 'employee' table is the centre of the system. This records all employees, their home address, the
type of job they hold and whether they are full time or part time. The employee's next of kin is also
identified. The employee table is related to the 'job' table, the 'status_lookup' table, the 'ft_salaries'
table, the 'payroll' table, the 'standard_hours_log' table, and the ‘payments_made’ table.
The 'job' table provides a unique identifier for each job held at G2G. There are fourteen different types
of job, including part-time and casual jobs. This table simply provides a description for each job. The
job table relates to the employee table, the ft_salaries table, and the pt_hourlyrates table.
The 'status_lookup' table simply describes the status code set out in the employee table, to which it
relates. Employees are either full time (and do not require standard hours to be recorded) or part time
(and so standard hours are recorded).
The 'ft_salaries' table provides an historical listing of the salaries paid to full-time positions. When the
salary changes for specific jobs, an extra row is added to the ft_salaries table together with the start
date. For example, job 11 – 'Database Administrator', the position held by Sarah-Louise Wolf –
started the year on $90,000 annual salary, and this was reduced to $80,000 on 1st July. This
information is used to determine the total amount paid to individuals in the payroll detail table by
dividing the annual salary by 52.18 (this calculation turns salary figures into equivalent weekly
payments – after allowing for leap years).
Similarly, the 'pt_hourly' rates table records changes to the hourly payments made to part-time
employees. Again, this table records the date of a rate change for each role. These roles only receive
pay rises twice a year – once in January, and once in July.
As with the 'ft_salaries' and 'pt_hourly' tables, the 'standard_hours_log' table records changes to
standard hours for each employee. The most recent value in the standard_hours_log table matches to
the current_standard_hours field in the employee table.
The payroll table summarises the details of all pay runs. Note that the ft_salaries, pt_hourly, and the
standard_hours_log tables are applied as at the date of each payroll – so for example, if a salary is
changed on or before the date of the payroll, then that salary applies according to the rules in the
ft_salaries table. The payroll table records the payroll number, the date of the payment, the amount
paid to all employees after tax, the tax paid, and the total salaries in that pay run. These amounts
summate their respective fields in the 'payroll_details' table. The payroll table relates only to the
payroll_detail table.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 6
The 'payroll_detail' table records the net payment, taxation withheld, and the total payment made to
each individual employee. The sum of the three figures recorded (net payment, taxation, and total
payment) equate to the respective value in the payroll table for each pay run (i.e., total_net, total_tax,
and total_salaries in the payroll table respectively). Note that net payment is the total payment less
the taxation amount.
This table relates to the employee table, the status_lookup table, and the payroll table.
The taxation amount is determined by reference to the tax_rates table. This is a progressive tax
system. For example, a person earning $1,000 in a week will pay 0% tax on earnings up to $348.79,
then 19% tax on earnings between $348.79 to $862.42, and 33% tax on earnings exceeding $862.42
(all the way up to the next threshold). For a $1,000 payment, therefore, an employee would pay 0% of
$348.79, 19% of ($862.42 - $348.79), and 33% of ($1,000 - $862.42) = 0 + $97.59 + $45.40 =
$142.99 in taxation.
Each week Iona Fisher asks Alice Sloan, the receptionist, to prepare the electronic report for the
payroll and then Iona signs off on the payment made. Alice is asked to prepare this to ensure that
reporting duties are kept separate from the transaction recording duties of the finance officers working
with Iona.
Grocers 2 Go Guarantee System
The G2G system is another bespoke (custom) system at G2G. This system tracks all guarantees paid
out to customers, underpins G2G’s slogan of “All there, on time – the G2G $2 Guarantee!” G2G is
rightly proud of its customer relationships and uses the G2G Guarantee to cement that relationship
through good, valuable service.
In the data files, you are provided with a single table, ‘g2g_guarantee’.
This table identifies the order date and value of each delivery, how many items are not delivered even
when ordered, and the number of days the delivery is late. The guarantee is recorded based on the
number of items not delivered and the number of days that the delivery is late.
Note that drivers pick items from the shelves in the warehouse and organise their own deliveries each
day. Each week, the driver that delivers the greatest number of deliveries is given a $50 voucher to
spend on groceries as a performance incentive.
The guarantee is payable if items are not delivered, or the delivery is late. The guarantee refund is $2
per item not delivered and $2 per day late. It is calculated and stored in the guarantee field of the
g2g_guarantee table.
Allison Mullen, G2G's Sales Manager, tells you that – obviously – this guarantee has the potential to
be expensive, which is why G2G focusses on delivering on its core promise to its customers.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 7
Consulting with Clients over Coffee
You seek an informal discussion with Jillian Castillo, the CEO.
Jillian Castillo
You arrive early for the first day of this engagement at G2G’s offices at Rocklea. You wait for Alice
Sloan, the receptionist, to finish her phone call. You overhear part of her conversation: “OK Herb, love
you, I’ll get that milk on the way home.”
Alice turns to you with a large smile, and says “Honestly, you’d think that since he’s retired Herb could
sort out his own dairy products! What can I do for you?” You explain that you are here to meet with
Jillian for a cup of coffee.
Alice places a quick call to Jillian to let her know you are here and directs you through the reception
doors to the kitchenette.
The kitchenette is at the back of the G2G office building and shortly Jillian joins you. Jillian is a person
without too many airs and graces. She offers you a cup of coffee, and you accept your cup of
International Roast coffee meekly.
Jillian pulls up a chair to the table, invites you to sit, and starts to talk to you.
"I don't get it," she says. "We are at our most competitive ever, in the strongest market ever, and I am
having difficulty finding the cash to pay our vendors – it just doesn't add up. Confidentially – I'd like
you to do some sniffing around. This fraud review – I'll be surprised if there's nothing wrong here, but I
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 8
can't for the life of me think what is going on. I trust all these people with everything – well, perhaps
except for the casual staff, I don't know too many of those."
She sips her coffee; you can see where a little glob of undissolved International Roast slides down the
side of her cup.
“I’m also concerned about the performance of those casual employees – we have a lot of them on the
books, we have a great performance incentive in place, but honestly it feels like we’re just being too
darn sloppy with the orders these days. Too many items missing, too many days late! And I just
dread Tuesdays – that’s when I get the most complaints about late deliveries. It’s frustrating!”
"If you could go through the data looking for evidence of bad stuff happening – that'd be great. I'm a
big believer that we can over-complicate things – I don't need a 10-page business case telling me
whether something's a good investment. I have a nose for business, I know what's going to work. I
don't need committees and things."
"Well. At least, I don't think I do – perhaps you'll have some way to convince me. But if we are going
to go formal around here, it's going to be a real strain on our big happy family. I'd like some
recommendations that tighten things up without making our lives impossible."
Jillian takes another sip of her coffee and outlines the questions she wants you to answer.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 9
Guiding Questions
The ‘Guiding Questions’ that follow are to be addressed in your Business Consulting Report. This is to
be formatted professionally and appropriately, as discussed in the Assessment Guideline
document.
Your report is to have an introduction.
In the introduction, discuss the scope of the engagement, outline your approach to this
engagement, and provide an approach diagram that identifies project outputs and outcomes (use
the seminar 'IT Advisory Services' as a guide).
At all times, write your business consulting report with reference to the Marking Rubric
provided in the Assessment Guideline.
Question 1: IT Governance Assessment and Recommendations
Requirements:
You are to review the IT governance controls in place at G2G. You are to:
1. Identify the current IT governance mechanisms in place using the 'Engagement Model' from
the 'Foundation for Execution' as a guide. It is likely that the 'Minimum IT Governance
Practices' discussed in the seminar 'IT Governance' will inform you in this task.
2. Evaluate the current IT governance mechanisms (structures, processes, and relational
mechanisms) as to whether they are effective or ineffective.
3. Recommend improvements to G2G's approach to IT Governance
From the case description, identify, evaluate, and recommend improvements to G2G's approach to IT
governance. This should be a section within your Business Consulting Report. These
recommendations do not need to address all IT governance issues, but certainly should address the
most pressing, prominent, concerns around IT Governance.
Your assessment and recommendations should consider the context for G2G, and the information
provided in this specification, as well as any further information you obtain during the engagement.
Question 2: Assessment of General Controls
Requirements:
You are to review the General Controls at G2G and identify and evaluate IT physical and
General Controls. You are to:
1. Identify and evaluate the current physical General controls in place. It is likely that the
seminars 'General IT Environment' and 'General Controls' will inform you in this task.
2. Identify and evaluate the current IT General controls in place. It is likely that the seminars
'General IT Environment' and 'General Controls' will inform you in this task.
3. Recommend improvements to G2G's IT General Controls, having regard to their current
context and addressing weakness you identified in your evaluation.
From the case description, identify, evaluate, and recommend improvements to G2G's approach to IT
governance. This should be a section within your Business Consulting Report. Again, these
recommendations do not need to address all general control issues, but certainly should address the
most pressing, prominent, concerns around the general controls.
Your assessment and recommendations should consider the context for G2G, and the information
provided in this specification, as well as any further information you obtain during the engagement.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 10
Question 3: Identify Operational Concerns with the G2G Guarantee
Requirements:
You are to review the G2G Guarantee and assess whether there are any operational concerns
here. You are to:
1. Identify at least two operational concerns at G2G in relation to the G2G Guarantee,
including a description of these operational concerns.
2. Make a recommendation that addresses each operational concern (and so at least two
recommendations are required overall) to G2G management. It is likely that you will wish to
make multiple recommendations.
This should be a section within your Business Consulting Report.
You are to examine the data records provided in relation to the G2G Guarantee in the G2G database.
You should also consider your understanding of the G2G delivery process. The goal of an operational
review is to improve its effectiveness (i.e., that the process is more effective at delivering the right
items, on time) and its efficiency (i.e., opportunities to improve item delivery and reduce the G2G
guarantee payments made at low costs).
For example, you may wish to examine questions such as:
• Is the G2G appropriately controlled?
• Does the guarantee depending on the date of the order or the employee addressing the
order?
• Is the approach to the organising of the G2G appropriate?
You will need to explore the database using SQL, and you should support your identification of
operational concerns with SQL scripts in the appendices that support the rationale for the operational
concern or support the recommendation made.
Use appendices appropriately.
Your assessment and recommendations should consider the context for G2G, and the information
provided in this specification, as well as any further information you obtain during the engagement.
Question 4: Undertake a Fraud Review
Requirements:
You are to undertake a Fraud Review and document your activities and your findings in the
Report. Your report should identify:
1. The schedule of fraud detection techniques undertaken (see the seminar 'Business Ethics
and Fraud').
2. Any missing techniques and why they cannot be performed.
3. Other ad hoc indicators of fraud that you identify through exploring the data.
4. The results of the tests (include detailed samples of results and SQL commands used in the
appendices).
5. A professional visualized representation of the results of at least one SQL test procedure
used as a histogram, column chart, line chart, or other data visualization (using Excel).
6. A broader consideration of fraud in the context of G2G (e.g., the Fraud Triangle).
7. Your conclusions as to whether fraud is occurring and recommendations to address these
fraud issues.
You are to perform tests that could reveal the existence of fraud in the company based on the data
that you have. You should design your tests around the Fraud Detection Techniques discussed in
seminars. This should be a section within your Business Consulting Report.
These tests performed are to be documented as a schedule in the report. Some techniques may not
be available due to limitations in the data provided, and these missing techniques should be identified
together a rationale as to why the technique cannot be used.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 11
However, these techniques are the minimum to be undertaken – you should explore the data
generally as well as the discussion within this specification document to see if there are other
indicators of potential fraud.
There may be other clues hidden within the data that you need to investigate. Perhaps - a
puzzle worthy of a Roman Emperor?
As part of the professional presentation of this report, you are also to develop a visualized
representation of the findings for at least one SQL Test Procedure used to review fraud. This
visualized representation must be created using Excel and be to a professional standard.
You should provide at least two recommendations on how to address these fraud issues.
Use appendices appropriately.
Prepared by: Micheal Axelsen
Senior Lecturer (Business Information Systems)
Date: 6th April 2022.
6th April 2022
BISM7221 Information Systems
Control, Governance and Audit
Grocers 2 Go Assignment Specification
SEMESTER 1 2022
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 1
Purpose
This document provides the Assignment Specification for the assessment item “Business Consulting
Report (IS Recommendations)”. You should refer to the associated Assessment Guideline for the
Marking Rubric.
Note: this assignment is an individual assignment and will be electronically submitted. You may
discuss (but not collaborate on) the assignment with your peers. The work you submit should be
yours, and yours alone.
About Grocers 2 Go
Grocers 2 Go (G2G) is an online (24/7) supplier of groceries to customers throughout Brisbane,
Queensland. They take online orders for groceries and guarantee that all the grocers ordered will be
delivered the next day – or the client will receive $2 off for every item ordered not received, and $2 off
for every day G2G delivers late. G2G has its offices located in Brisbane, near the Rocklea Markets.
This guarantee is branded as “All there, on time – the G2G $2 Guarantee!” Customers can order any
time of the day or night on any day of the week, and this guarantee will be honoured.
The business has done very well over recent years, and the recent COVID pandemic has resulted in
many people using G2G for the first time as they are forced to isolate with covid. This success was
only paused a bit this year – during the devastating Brisbane floods that flooded the G2G
headquarters at the Rocklea Markets near the Oxley Flood Plain, Rocklea, Brisbane
G2G is a privately owned company, whose board of directors has retained you to provide them with
consulting advice for improvements to their IT governance and IT operations, as well as to undertake
a fraud assessment.
As part of your brief, you are therefore to consider how IT governance can be improved at G2G as
well as consider operational and fraud issues as part of your IS audit role. You are developing a
Consulting Report that will be provided to the Board ofG2G.
G2G is customer-focused in every way and aims to improve the customer experience. The G2G $2
Guarantee is a cornerstone of that relationship with clients. The $2 guarantee is calculated
automatically, and clients should not need to ask for it although there is a call centre to handle such
requests.
Despite their success, G2G knows that it needs to improve its bottom line – over the past several
years it has been difficult to contain costs. G2G's directors are concerned that despite strong demand
and activity, their profitability has not improved and, if anything, it has gotten worse.
You, as a consultant, are here to help G2G become both more effective and efficient.
You are provided with a SQL data file with system information in it for your analysis as part of your
review. You are also provided with case notes relating to discussions with key players in this scenario.
You need this information to answer the Guiding Questions in your Consulting Report, which are at
the end of this Specification.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 2
Background
Data Files
The data files for this assignment are located on Learn.UQ with this Case Description. This is an SQL
file for uploading via DBeaver.
The file is called "populate_g2g_script V2.sql", and it is provided on Blackboard with this assignment
specification.
This is a database population script. It is executed exactly as provided. You will need to ensure that
the connection is set to your server and that the database is connected to your own already-created
database ('g2g') before running this script.
When you run this script, you will be presented with the below information. Check that your database
passes all tests.
ref description current benchmark test_result
10 -----ACCOUNTS RECEIVABLE SYSTEM----- [NULL] [NULL] TEST RESULT
20 customer 1777 1777 PASS
30 -----PAYROLL SYSTEM----- [NULL] [NULL] [NULL]
40 employee 149 149 PASS
50 ft_salaries 26 26 PASS
60 payroll 52 52 PASS
70 payroll_detail 5528 5528 PASS
80 pt_hourlyrates 4 4 PASS
90 standard_hours_log 177 177 PASS
100 status_lookup 2 2 PASS
110 tax_rates 4 4 PASS
120 -----ACCOUNTS PAYABLE SYSTEM----- [NULL] [NULL] [NULL]
130 payment_made 1882 1882 PASS
140 vendor 142 142 PASS
150 vendor_invoice 1910 1910 PASS
160 -----G2G GUARANTEE SYSTEM----- [NULL] [NULL] [NULL]
170 g2g_guarantee 81432 81432 PASS
An SQL file is provided that is a companion to this Assignment Specification with data for the year
2021 on it – this data is to be analysed by you as part of your consulting report.
IT Services
G2G has several key information systems. These systems manage their accounts receivable
(customers and debtors), accounts payable (suppliers/vendors), payroll, and the G2G Guarantee.
These information systems are all legacy systems developed a long time ago for G2G, and the
owners are determined to recoup their investment by keeping with those systems.
There is an IT support department. There are 7 people currently employed in the G2G IT department.
The IT Manager is Tom Jackson, and he prides himself on running a tightly knit team. Kato Yul is the
software developer (all software is written in a combination of Visual Cobol, Python, and APLX) and 2
software maintenance staff, as well as database administrator (DBA), Sarah-Louise Wolf. There are
also two IT support maintenance personnel. The team works as one when G2G is busy with projects,
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 3
and all members of the team pitch in to complete work. Tom oversees the IT team but lets them do
their work as they see fit; he relies on Sarah-Louise as his assistant manager.
Legacy systems are written in Visual Cobol and APLX and are the back-office systems that implement
the website transactions.
The software developer, Kato Yul, is a relatively new hire, and she develops software principally in
Python, though has a working knowledge of Visual Cobol and no understanding of APLX at all (who
does?). To address the gap, Herbert Geschwitz – the recently retired software developer – is retained
on a contract of $5,000 per annum to maintain the software code for the legacy systems. This usually
takes about one day a week. Herbert helped build the original systems – the Accounts Receivable,
Payroll, Accounts Payable and the G2G Guarantee Payroll systems – back in 1983 when G2G was
first starting out. The IT team held a retirement BBQ for Herb where he received a $50 JB HiFi
voucher and a novelty ‘World’s Most Awesome Programmer’ coffee cup.
All team members are agile and flexible and ensure that the work is done as required. For example,
Helen Currie is in an IT support role, but has a software development background and regularly works
on maintaining and updating the payroll system. All software development and maintenance staff
work on the system to ensure that the important applications – like the G2G Guarantee system –
continue to provide G2G with a competitive advantage.
Sarah-Louise Wolf is the DBA at G2G, and she helped Herbert with building and maintaining the
original systems when G2G went online. This was back in 2002 through her consulting company, Wolf
in Sheep's Clothing. She was later hired by G2G directly and continues to help build and maintain
systems at G2G as well.
Sarah-Louise seems devoted to G2G and rarely – if ever – takes holidays.
Tom Jackson really relies on Sarah-Louise and is sorry that due to cost-cutting Sarah-Louise's salary
– which used to be relatively high, as she gave up her consulting career to work for G2G – has been
reduced. Although ostensibly Sarah-Louise's hours were reduced, Tom knows that Sarah-Louise's
hours have not really changed much at all.
IT Governance
G2G is a relatively small company with around 120-150 full time and casual employees. Jillian Castillo
is the Chief Executive Officer, and she makes all decisions. Iona Fisher is the Chief Financial Officer,
and Allison Mullen runs the sales team as Sales Manager.
G2G does not have an IT Steering Committee (Jillian says that "it's only another waste of time –
besides, it's IT. Not what we do around here – it’s about the groceries!"). Jillian believes that she
knows whether a project is worth funding 'just by looking at it' and besides, ‘business cases are all
horse-hockey – not worth the laser printer ink it is printed with’.
Instead, Tom Jackson prepares the IT Budget each year based on the age of the equipment in place,
and this budget is approved by the Executive Team of Jillian, Iona, and Allison.
Once a year, Tom attends the Strategy Day with the Executive Team; Tom really likes the muffins that
he gets through that process. Every strategy day, Tom asks for a budget to remove the creaky, old
information systems that were developed by Herbert, but Jillian is adamant that she wants to get her
money's worth out of G2G's IT.
Physical Infrastructure, Disaster Recovery and Data Storage
G2G has its Data Centre in the basement of the Oxley Little Nippers Aquatic Centre. This is a building
on the edge of the Oxley Flood Plain with a magnificent view of Oxley Creek. Particularly since the
last flood in 2011, this building has been upgraded to a magnificent standard, and with the most
recent floods it was out of action for a week.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 4
There is one UPS (Uninterruptible Power Supply) unit in the server room that is sufficient to power the
data centre for six hours in the event of unexpected power outages. There are two air conditioning
units in the data centre in the basement. It is powered down after-hours and on weekends.
Biometric controls lock the room. All members of the senior leadership team and the IT Team have
access to the data centre, as well as Alice Sloan, the G2G receptionist. Alice maintains the security
logs for the data centre.
The data centre runs the servers for the information systems used by G2G. These run a combination
of Linux (Mandrake Corporate Server 3, Linux 2.6.3) and Windows 2000. All information systems are
now built on PostgreSQL Version 7; they were originally developed using the Ingres database
management system.
With a laugh, Sarah-Louise notes that she refuses to upgrade because it would break all the
information systems developed for G2G and, if it isn't broken, there is no need to try and 'fix it'.
All corporate files, however, are hosted on Dropbox Business. G2G uses Office 365 and Dropbox to
manage its corporate files and no backups of these files are taken as Dropbox has versioning of files
for 90 days.
The custom-built accounts receivable, accounts payable, payroll and G2G Guarantee systems are
automatically zipped each day and stored as an unencrypted file on OneDrive.
The business continuity plan (BCP) is maintained by Tom Jackson. It was last updated two years ago
when the new data centre in the Aquatic Centre's basement was constructed. Tom regularly tests the
BCP by sending a multiple-choice quiz to all staff members on what to do in the case of emergency.
Accounts Receivable System
Accounts receivable is the system that records how much customers owe G2G. This is a custom-built
system. It has relationships with the Grocers 2 Go Guarantee System – which is where customers are
refunded their G2G Guarantee.
In the data files, you are only provided with the 'customer' table. This system contains information on
customers, their credit limit and the amount owed by customers. A credit limit is provided to
customers as many customers have found themselves unemployed during the pandemic.
However, Jillian tells you that absolutely no customer is allowed to exceed their credit limits. She
receives regular reports on credit limits from the custom system and maintains a close eye on this
information. To ensure separation of duties, Alice Sloan, the receptionist, prints these regular reports
and provides them to Jillian.
Accounts Payable System
Accounts payable is the system that records the money that G2G owes to its creditors. Again, this is a
custom-built system. It has relationships with the payroll system – particularly in relation to the tasks
undertaken by different employees in the Finance department. Creditors (vendors) are only paid by
finance officers.
In the data files, you are provided with several tables.
The 'vendor' table records details about vendors, including the company name, address, any notes
about the vendor, and the amount that G2G owes to the vendor. The amount owed to vendors is the
total of all amounts owed on each vendor's invoices (i.e., the ‘amount_owing’ field in vendor_invoice).
Vendor invoices are recorded in the 'vendor_invoice' table. It records any invoices received from
vendors, including the amount of the invoice, the date the invoice was issued, and how much is left
owing on the invoice. When the invoice is paid, the 'paid flag' field is set to 'Y'.
Payments are recorded in the 'payment_made' table; this table records the date the payment was
made, the amount paid on the invoice, and the related vendor and invoice. It also records the finance
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 5
officer that processed the payment in the ‘finance_officer’ field, which stores the employee’s
employee number from the employee table. Only finance officers process these payments.
The payment_made table relates to the vendor, vendor_invoice, and employee tables. When a
payment is made, the amount_owing field in the vendor_invoice table is updated so that the amount
owing in vendor_invoice matches the amount of the invoice less payments made as recorded in the
payments_made table.
Iona Fisher advises that – due to the company's worsening cash position – as Chief Financial Officer
she has been making sure that invoices are paid in full only when the terms (the number of days
allowed before the invoice becomes overdue) have been fully utilised; she admits that, occasionally,
some invoices are paid later than that as cashflow is particularly poor right now.
This means that sometimes, invoices are only half-paid after 14 days, due to the worsening cash
position but Iona is adamant that all invoices are paid within two months.
Payroll System
Payroll is the system that records money paid by G2G to its employees. Again, this is a custom-built
system, and it has relationships particularly with the Accounts Payable system (where the employee
number of the finance officers that make payments to vendors is recorded).
In the data files, you are provided with several tables.
The 'employee' table is the centre of the system. This records all employees, their home address, the
type of job they hold and whether they are full time or part time. The employee's next of kin is also
identified. The employee table is related to the 'job' table, the 'status_lookup' table, the 'ft_salaries'
table, the 'payroll' table, the 'standard_hours_log' table, and the ‘payments_made’ table.
The 'job' table provides a unique identifier for each job held at G2G. There are fourteen different types
of job, including part-time and casual jobs. This table simply provides a description for each job. The
job table relates to the employee table, the ft_salaries table, and the pt_hourlyrates table.
The 'status_lookup' table simply describes the status code set out in the employee table, to which it
relates. Employees are either full time (and do not require standard hours to be recorded) or part time
(and so standard hours are recorded).
The 'ft_salaries' table provides an historical listing of the salaries paid to full-time positions. When the
salary changes for specific jobs, an extra row is added to the ft_salaries table together with the start
date. For example, job 11 – 'Database Administrator', the position held by Sarah-Louise Wolf –
started the year on $90,000 annual salary, and this was reduced to $80,000 on 1st July. This
information is used to determine the total amount paid to individuals in the payroll detail table by
dividing the annual salary by 52.18 (this calculation turns salary figures into equivalent weekly
payments – after allowing for leap years).
Similarly, the 'pt_hourly' rates table records changes to the hourly payments made to part-time
employees. Again, this table records the date of a rate change for each role. These roles only receive
pay rises twice a year – once in January, and once in July.
As with the 'ft_salaries' and 'pt_hourly' tables, the 'standard_hours_log' table records changes to
standard hours for each employee. The most recent value in the standard_hours_log table matches to
the current_standard_hours field in the employee table.
The payroll table summarises the details of all pay runs. Note that the ft_salaries, pt_hourly, and the
standard_hours_log tables are applied as at the date of each payroll – so for example, if a salary is
changed on or before the date of the payroll, then that salary applies according to the rules in the
ft_salaries table. The payroll table records the payroll number, the date of the payment, the amount
paid to all employees after tax, the tax paid, and the total salaries in that pay run. These amounts
summate their respective fields in the 'payroll_details' table. The payroll table relates only to the
payroll_detail table.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 6
The 'payroll_detail' table records the net payment, taxation withheld, and the total payment made to
each individual employee. The sum of the three figures recorded (net payment, taxation, and total
payment) equate to the respective value in the payroll table for each pay run (i.e., total_net, total_tax,
and total_salaries in the payroll table respectively). Note that net payment is the total payment less
the taxation amount.
This table relates to the employee table, the status_lookup table, and the payroll table.
The taxation amount is determined by reference to the tax_rates table. This is a progressive tax
system. For example, a person earning $1,000 in a week will pay 0% tax on earnings up to $348.79,
then 19% tax on earnings between $348.79 to $862.42, and 33% tax on earnings exceeding $862.42
(all the way up to the next threshold). For a $1,000 payment, therefore, an employee would pay 0% of
$348.79, 19% of ($862.42 - $348.79), and 33% of ($1,000 - $862.42) = 0 + $97.59 + $45.40 =
$142.99 in taxation.
Each week Iona Fisher asks Alice Sloan, the receptionist, to prepare the electronic report for the
payroll and then Iona signs off on the payment made. Alice is asked to prepare this to ensure that
reporting duties are kept separate from the transaction recording duties of the finance officers working
with Iona.
Grocers 2 Go Guarantee System
The G2G system is another bespoke (custom) system at G2G. This system tracks all guarantees paid
out to customers, underpins G2G’s slogan of “All there, on time – the G2G $2 Guarantee!” G2G is
rightly proud of its customer relationships and uses the G2G Guarantee to cement that relationship
through good, valuable service.
In the data files, you are provided with a single table, ‘g2g_guarantee’.
This table identifies the order date and value of each delivery, how many items are not delivered even
when ordered, and the number of days the delivery is late. The guarantee is recorded based on the
number of items not delivered and the number of days that the delivery is late.
Note that drivers pick items from the shelves in the warehouse and organise their own deliveries each
day. Each week, the driver that delivers the greatest number of deliveries is given a $50 voucher to
spend on groceries as a performance incentive.
The guarantee is payable if items are not delivered, or the delivery is late. The guarantee refund is $2
per item not delivered and $2 per day late. It is calculated and stored in the guarantee field of the
g2g_guarantee table.
Allison Mullen, G2G's Sales Manager, tells you that – obviously – this guarantee has the potential to
be expensive, which is why G2G focusses on delivering on its core promise to its customers.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 7
Consulting with Clients over Coffee
You seek an informal discussion with Jillian Castillo, the CEO.
Jillian Castillo
You arrive early for the first day of this engagement at G2G’s offices at Rocklea. You wait for Alice
Sloan, the receptionist, to finish her phone call. You overhear part of her conversation: “OK Herb, love
you, I’ll get that milk on the way home.”
Alice turns to you with a large smile, and says “Honestly, you’d think that since he’s retired Herb could
sort out his own dairy products! What can I do for you?” You explain that you are here to meet with
Jillian for a cup of coffee.
Alice places a quick call to Jillian to let her know you are here and directs you through the reception
doors to the kitchenette.
The kitchenette is at the back of the G2G office building and shortly Jillian joins you. Jillian is a person
without too many airs and graces. She offers you a cup of coffee, and you accept your cup of
International Roast coffee meekly.
Jillian pulls up a chair to the table, invites you to sit, and starts to talk to you.
"I don't get it," she says. "We are at our most competitive ever, in the strongest market ever, and I am
having difficulty finding the cash to pay our vendors – it just doesn't add up. Confidentially – I'd like
you to do some sniffing around. This fraud review – I'll be surprised if there's nothing wrong here, but I
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 8
can't for the life of me think what is going on. I trust all these people with everything – well, perhaps
except for the casual staff, I don't know too many of those."
She sips her coffee; you can see where a little glob of undissolved International Roast slides down the
side of her cup.
“I’m also concerned about the performance of those casual employees – we have a lot of them on the
books, we have a great performance incentive in place, but honestly it feels like we’re just being too
darn sloppy with the orders these days. Too many items missing, too many days late! And I just
dread Tuesdays – that’s when I get the most complaints about late deliveries. It’s frustrating!”
"If you could go through the data looking for evidence of bad stuff happening – that'd be great. I'm a
big believer that we can over-complicate things – I don't need a 10-page business case telling me
whether something's a good investment. I have a nose for business, I know what's going to work. I
don't need committees and things."
"Well. At least, I don't think I do – perhaps you'll have some way to convince me. But if we are going
to go formal around here, it's going to be a real strain on our big happy family. I'd like some
recommendations that tighten things up without making our lives impossible."
Jillian takes another sip of her coffee and outlines the questions she wants you to answer.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 9
Guiding Questions
The ‘Guiding Questions’ that follow are to be addressed in your Business Consulting Report. This is to
be formatted professionally and appropriately, as discussed in the Assessment Guideline
document.
Your report is to have an introduction.
In the introduction, discuss the scope of the engagement, outline your approach to this
engagement, and provide an approach diagram that identifies project outputs and outcomes (use
the seminar 'IT Advisory Services' as a guide).
At all times, write your business consulting report with reference to the Marking Rubric
provided in the Assessment Guideline.
Question 1: IT Governance Assessment and Recommendations
Requirements:
You are to review the IT governance controls in place at G2G. You are to:
1. Identify the current IT governance mechanisms in place using the 'Engagement Model' from
the 'Foundation for Execution' as a guide. It is likely that the 'Minimum IT Governance
Practices' discussed in the seminar 'IT Governance' will inform you in this task.
2. Evaluate the current IT governance mechanisms (structures, processes, and relational
mechanisms) as to whether they are effective or ineffective.
3. Recommend improvements to G2G's approach to IT Governance
From the case description, identify, evaluate, and recommend improvements to G2G's approach to IT
governance. This should be a section within your Business Consulting Report. These
recommendations do not need to address all IT governance issues, but certainly should address the
most pressing, prominent, concerns around IT Governance.
Your assessment and recommendations should consider the context for G2G, and the information
provided in this specification, as well as any further information you obtain during the engagement.
Question 2: Assessment of General Controls
Requirements:
You are to review the General Controls at G2G and identify and evaluate IT physical and
General Controls. You are to:
1. Identify and evaluate the current physical General controls in place. It is likely that the
seminars 'General IT Environment' and 'General Controls' will inform you in this task.
2. Identify and evaluate the current IT General controls in place. It is likely that the seminars
'General IT Environment' and 'General Controls' will inform you in this task.
3. Recommend improvements to G2G's IT General Controls, having regard to their current
context and addressing weakness you identified in your evaluation.
From the case description, identify, evaluate, and recommend improvements to G2G's approach to IT
governance. This should be a section within your Business Consulting Report. Again, these
recommendations do not need to address all general control issues, but certainly should address the
most pressing, prominent, concerns around the general controls.
Your assessment and recommendations should consider the context for G2G, and the information
provided in this specification, as well as any further information you obtain during the engagement.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 10
Question 3: Identify Operational Concerns with the G2G Guarantee
Requirements:
You are to review the G2G Guarantee and assess whether there are any operational concerns
here. You are to:
1. Identify at least two operational concerns at G2G in relation to the G2G Guarantee,
including a description of these operational concerns.
2. Make a recommendation that addresses each operational concern (and so at least two
recommendations are required overall) to G2G management. It is likely that you will wish to
make multiple recommendations.
This should be a section within your Business Consulting Report.
You are to examine the data records provided in relation to the G2G Guarantee in the G2G database.
You should also consider your understanding of the G2G delivery process. The goal of an operational
review is to improve its effectiveness (i.e., that the process is more effective at delivering the right
items, on time) and its efficiency (i.e., opportunities to improve item delivery and reduce the G2G
guarantee payments made at low costs).
For example, you may wish to examine questions such as:
• Is the G2G appropriately controlled?
• Does the guarantee depending on the date of the order or the employee addressing the
order?
• Is the approach to the organising of the G2G appropriate?
You will need to explore the database using SQL, and you should support your identification of
operational concerns with SQL scripts in the appendices that support the rationale for the operational
concern or support the recommendation made.
Use appendices appropriately.
Your assessment and recommendations should consider the context for G2G, and the information
provided in this specification, as well as any further information you obtain during the engagement.
Question 4: Undertake a Fraud Review
Requirements:
You are to undertake a Fraud Review and document your activities and your findings in the
Report. Your report should identify:
1. The schedule of fraud detection techniques undertaken (see the seminar 'Business Ethics
and Fraud').
2. Any missing techniques and why they cannot be performed.
3. Other ad hoc indicators of fraud that you identify through exploring the data.
4. The results of the tests (include detailed samples of results and SQL commands used in the
appendices).
5. A professional visualized representation of the results of at least one SQL test procedure
used as a histogram, column chart, line chart, or other data visualization (using Excel).
6. A broader consideration of fraud in the context of G2G (e.g., the Fraud Triangle).
7. Your conclusions as to whether fraud is occurring and recommendations to address these
fraud issues.
You are to perform tests that could reveal the existence of fraud in the company based on the data
that you have. You should design your tests around the Fraud Detection Techniques discussed in
seminars. This should be a section within your Business Consulting Report.
These tests performed are to be documented as a schedule in the report. Some techniques may not
be available due to limitations in the data provided, and these missing techniques should be identified
together a rationale as to why the technique cannot be used.
UQ Business School
6th April 2022
Grocers 2 Go Assignment Specification 11
However, these techniques are the minimum to be undertaken – you should explore the data
generally as well as the discussion within this specification document to see if there are other
indicators of potential fraud.
There may be other clues hidden within the data that you need to investigate. Perhaps - a
puzzle worthy of a Roman Emperor?
As part of the professional presentation of this report, you are also to develop a visualized
representation of the findings for at least one SQL Test Procedure used to review fraud. This
visualized representation must be created using Excel and be to a professional standard.
You should provide at least two recommendations on how to address these fraud issues.
Use appendices appropriately.
Prepared by: Micheal Axelsen
Senior Lecturer (Business Information Systems)
Date: 6th April 2022.
