For this part of the assignment you need to determine the level of computer authorization each one of the people that you designated in part 2 should have in order to properly complete their tasks. Hence, we want you to develop a closed security model in which you determine what computer access authorizations each one of the people in the sales-to-cash business process should be granted.

To properly organize your analysis you should place the results of this part of the assignment into an authorization matrix. Along the top of the matrix you should put each of the people involved in the sales activity (those people from step 2, above). Down the left-hand side you should put the electronic documents involved in the process. The cells of the matrix should be filled with the symbol for the type of access that person should be allowed. The possible access types and their corresponding symbols are:

C Create authorization the user can create a new document

R Read authorization the user has access to the document in order to see its contents

U Update authorization the user can change, edit, or void an existing document

D Delete authorization the user can eliminate the document from the system

A Authorize authorization the user can signify that the document is authorized and should go on to the next step of the process

The documents that are to be listed on the left-hand side of the matrix should be:

• Customer general sales master data The general customer master data such as name, address, contact information, etc.
• Customer financial master data Confidential customer data such as bank accounts, credit card information, etc.
• Customer credit master data Confidential customer data dealing with credit status
• Credit authorization The documentation stating the credit limits and credit terms for this customer
• Sales order The internal order that is used to start the process of delivering the product to the customer
• Sales order acknowledgement Copy of the sales order or similar document sent to the customer to confirm the agreed upon sales terms
• Picking ticket Internal document used in pulling the desired products off the shelf in order to deliver them to the customer
• Packing slip Listing of goods in the shipment (usually included with the respective goods)
• Shipping manifest Listing of goods, quantity, and sometimes weights and volume of the packages in the shipment, usually carried by the transporting companys employee
• Shipping report Internal report of the goods shipped out
• Invoice The billing information to be sent to the customer
• Record of payment from customer Record of the cash received
• Bank deposit slip Record of deposit of the cash into the bank
• Bank statement Document showing transactions recorded in GBIs account by the bank

For example, the employee doing the pre-sales and sales (steps 1 and 2) might have the following entries in the matrix:

Document\Person	Sales Employee	Person 2	Person 3
Customer general sales master data	C, R, U
Customer financial master data	R
Customer credit master data	R
Credit authorization	R
Sales order	C, R, U, A
Sales order acknowledgement	R
Picking ticket	R
Packing slip	R
Shipping manifest
Shipping report	R
Invoice	R
Record of payment from customer	R
Bank deposit slip
Bank statement

Based on the information in the matrix, the sales employee can create, read and update a customers general master data. The sales employee can create, read, update, and authorize a sales order but cannot delete the sales order document. The sales employee can only read the customer financial and credit master data. The sales employee can read the credit authorization, sales order acknowledgement, shipping report, invoice and the information on payment by the customer, but cant create, update, delete or authorize any of these. For all of the other documents, the employee has no authorizations.

It is your job to determine the people involved in the process, place their names along the top of the matrix and then fill in the authorizations they should be granted with respect to each of the documents.