× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. BPCS-L
  3. December 2004

RE: Cost Change Investigation

One of the major weaknesses of BPCS, compared to other ERP, is a general lack of audit trails on who changed critical stuff when, like prices, costs, internal "rules", engineering and accounting data, ... It is much easier to do embezzlement with BPCS than with most other ERP, that I have been exposed to.. I first pointed this out to my management about 15 years ago, as a secondary issue to Y2K.

However, in my experience, most stuff that goes wrong is due to human error, such as a keying error or a person having inadequate education about the software, or a software bug, or some mishap with connected equipment, rather than dark deeds.

If the change did not occur recently, you are probably out of luck in figuring out who did it, depending on how long you store old spool files and system logs.

There are add-on packages available, in which you can designate key stuff to track, which will then tell you who changed whatever it is that interests you, providing you are tracking that.

For example: http://www.unbeatenpathintl.com/award/source/1.html
It is my understanding that this utility does not care if the changes were made by BPCS programs, DFU, command line OS/400 tools, a hacker ... just who did what when, and tracks it in such a way that you are not drowning in information when you inquire into the nature of some change.

So for example, person "A" changes some program, to do some hanky panky.
Then person "B" uses the program in all innocence, not knowing about the bad stuff.
Then person "A" changes the program back again.
The utility should identify what both "A" and "B" did.

If your company is subject to Sarbanes-Oxley or other alphabet soup of Gov Compliance regulations, you have to be sensitive to security against embezzlement, and lesser evils.

Costs can be changed by CST100 which creates the "#" audit trail, by various kinds of roll-ups which leave no audit trail, by cost transfers which also leave no audit trail. Actual costs get updated by shop order purge, 3-way match might have a "C" transaction in ITH.

Take a look at the CST menu to see what cost transfers exist,
Look at the ITE "rules" to see which transactions change costs.

There are some standard ITH transactions that show the cost of the item at the time of the transaction ... you could query over that to see dates of transactions at different costs to get an idea of when a cost got changed.

If this is an end item, then the invoice history file may also have what the cost was as of the time of shipping.

Another approach is to look at your security arrangements.
Which sign ons are capable of changing the cost?

and who knows the passwords to use those sign ons?
and how often do passwords get changes?
and do people remember how to change their passwords?

A similar issue came up for us a few weeks ago, and I pointed out that we had staffers who insisted on using the sign ons of people no longer with the company ... here is this sign on for a person who has not been with us for 3 months, but as you can see from this OS/400 securityreport, the sign on was last used yesterday. That led to some management policy changes with respect to people using sign ons of other than themselves.

-
Al Macintyre http://www.ryze.com/go/Al9Mac
Find BPCS Documentation Suppliers http://radio.weblogs.com/0107846/stories/2002/11/08/bpcsDocSources.html


Hi Eduardo,

If a user rolls cost via CST500 or CST600 then costs will change without # transactions... You may want to do WRKJOB CST500C or WRKJOB CST600C to see if any spooled files are left out there indicating what costs have changed and who rolled them. You could also check the history log to see at minimal which users are rolling cost, i.e., DSPLOG PERIOD((*AVAIL *BEGIN)) JOB(CST600C)... Hope this helps.

DeeDee Virgei
Project Leader

Nelson Stud Welding, Inc.

-----Original Message-----
From: bpcs-l-bounces+deedee.virgei=nelsonstud.com@xxxxxxxxxxxx [mailto:bpcs-l-bounces+deedee.virgei=nelsonstud.com@xxxxxxxxxxxx] On Behalf Of Lopez, Eduardo (Tijuana)
Sent: Tuesday, December 07, 2004 1:15 PM
To: SSA's BPCS ERP System
Subject: [BPCS-L] Cost Change Investigation


Hi,



A manager came to me and asked me if there's a way to know who made a change
to the costs and I told him let me see... so, the first thing I thought was,
if I go to the CMF table I might know that but for my surprise that table
doesn't have the last change user, then I went to the ITH and made a SQL
query to get all records within the last two months with transaction type
"#" and it did return some records which is ok... however I was expecting
more records so I removed the transaction date filter and again it didn't
return me the expected records... so I'm wondering if there's a table where
I can get that information... any help will be very appreciated



Thank you,

Eduardo Lopez
Windows/Web Developer
Tyco Plastics & Adhesives

+1 (619) 424-4244 (US)
+52 (664) 647-4359 (Mexico)
lopeze@xxxxxxxxxxxxxxxxx <mailto:lopeze@xxxxxxxxxxxxxxxxx>



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.