10/02/2009, stockholm yao-hua tan & jianwei liu jianwei liu rethinking eu trade procedures --...
Post on 15-Jan-2016
217 Views
Preview:
TRANSCRIPT
10/02/2009, Stockholm
Yao-Hua Tan & Jianwei Liu
Jianwei Liu
Rethinking EU Trade Procedures -- The Beer Living Lab
International Journal of E-market
Ziv Baida, Boriana Rukanova, Jianwei Liu and Yao-Hua TanVrije University Amsterdam
10/02/2009, Stockholm Jianwei Liu
Introduction
Dilemma of European governments to increase security and control; to reduce the administrative burden for businesses
Difficulties Most government procedures are paper based and not
harmonized; Safety & security vs. economic benefit
Trade procedures redesign requirements Solutions for the dilemma Everything is till in control ( government & business perspective) Need for Customs procedure redesign approach
10/02/2009, Stockholm
Project Overview
ITAIDE: IT adoption and intelligent design for e-government
• Develop innovative solutions that support the EU's secure and competitive cross-border trade
• Create a new governance model for G2B collaboration
10/02/2009, Stockholm Jianwei Liu
Objectives of our research
• Methodology for control procedures (re)design
– Library of Control Templates (control ontology)– Supporting tool for control procedure design (e3-control)– Framework for secure supply chain governance
• What are the major concerns for securing supply chains?
• How to audit IS for security purpose?• Study of the AEO concept, the auditing approach and
tool support
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
Theoretical Framework: e3-control
Methodology for control procedures (re-)design Conceptual modelling approach Theoretical basis:
Auditing & accounting literatureBusiness modelling
Two abstraction levelsExchange of values among actors
Purpose of control: safeguard valueLimit scope of analysisProfitability
Processes that realize the aboveControl mechanisms
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
e3-control development
2005 Value perspective on control:e3-value Learn where value can be lost No operational solution
2006 Control is a process-level issue; extend e3-control into
process perspective Mid 2006
Patterns of operational control problems and solutions Late 2006
AAD approach (process perspective based on accounting and auditing literature)
2007- Further develop AAD and validate it via LL case studies Introduce the idea of information asymmetry for sloving
control problems from higher level of partner selection and screening.
10/02/2009, Stockholm Jianwei Liu
e3-control: in a nutshell
•
Design initial business model in an ideal situation. To find out critical value transfers and involved actors
How current controls are applied to safeguard these values transfers, and identify flaws in the current situation
Add/change control mechanisms according to auditing and accounting control principles
Evaluate the new business model from a value perspective, to investigate financial feasibility.
10/02/2009, Stockholm Jianwei Liu
Value perspective Vs. process perspective
E3 control
Value perspective Process perspectiveOpen issue
Why Value?1.Value as abstract specification of control2.Value perspective is natural concept from TCE. Value facilitates a cost-benefit analysis of control mechanism.3.Value objects as instruments of control procedure ( e.g., Bill of lading)4.Control mech. as a value service (e.g., Letter of credit)
Why Process?1. Control is clearly defined as a process issue (COSO 1992).2. The existing knowledge base of control assumes a process perspective.3. The process perspective is more natural for domain experts than the value perspective.4. The two perspectives address different issues, both of which are required.
Parallel development of e3 control combining both perspectives is needed!
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
AAD: an introduction (1)AAD is a process based approach to apply control
principles with respect to actors, activities and documents.
• Actor: (Who are the interested and responsible parties)– Responsible actor– Evidencing actor– Control actor
• Activity: (What are they doing? are there separation of duties) – Operational activity– Evidencing activity– Control activity
• Document: (What they issue to serve as sufficient audit trial?)– To-be verified document– Supporting document– Verified document
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
AAD control principles
1) If an Operational activity exists, its corresponding Control activity must exist as well and should always follow the Operational activity.
2) If a Control actor cannot directly witness the execution of the Operational activity, the Evidencing (witnessing) activity should be delegated to an Evidencing actor (trusted third party)
3) If an Evidencing (witnessing) activity exists, it must be furnished by Supporting documents.
4) These Supporting documents should be the results of an Evidencing (witnessing) activity that directly witnesses the Operational activity.
5) Supporting documents used by the Control activity should be transferred directly from the Evidencing actor to the Control actor.
6) The Evidencing actor who generates Supporting documents should be independent of the responsible actor who generates the To-be-verified document.
7) An Operational activity and its corresponding Control activity should be segregated into two different positions and done by two different actors.
8) The actors responsible for the Operational activity and its corresponding Control activity (respectively, Responsible actor and Control actor) should be socially detached.
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
AAD: an introduction (2)
Control Principles Specification Check (Yes/No)
P1 Does the control activity exist and follow the corresponding operational activity?
Operational activity: Declare export without excise payment
Yes
Control activity: Verify excise free declaration
P2 Can the Control actor directly witness the execution of the operational activity?If no, is the evidencing (witnessing) activity delegated to an evidencing actor (trusted third party)?
No direct witness No direct witness.Yes, the evidencing activity is delegated.Control actor:
BeerCo
Evidencing actor: EW/ Customs UK (Trustworthy)
P3 Is there a supporting document furnishing the evidencing activity?
Supporting doc. : AADEvidencing activity: acceptance of beer shipment by EW and Customs UK
Yes, but it is only checked upon request.
P4…P8
… … …
AAD control model AAD control principles with checking list
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
The case: Customs procedure redesign in the beer industry
• Case description: Export of beer from the Netherlands to the UK A Dutch beer producer can export beer to the UK
without paying excise in the Netherlands. To obtain such exemption, the Dutch beer producer needs to prove that it has indeed exported the beer outside the country.
The current solution - paper based Administrative Accompanying Document (AAD)
Two roles of the AAD-doc --- Signed by EW and UK Customs as a proof of
exporting for excise exemption --- “Stop” function when cargos are stopped and
checked en route.
The traditional procedure needs to be redesigned Too much time/energy consuming No real time & effective control AAD - doc is easy to be falsified
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
Case study with e3- control: BLL
Sub-ideal situation (fraud)
Problematic process
Supporting Doc.
Evidencing Doc.
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
Step 1: Preliminary Analysis (value perspective)
“Black market”:BeerCo NL ships excisable beer to UK accompanied with an AAD-doc, but BeerCo NL colludes with a local retailer. The goods disappear in the black market without excise payment. Customs will not receive AAD-doc for the goods. If lucky (5%) this fraud will be discovered by Dutch Customs but too late (after 3 months).
1.5 Bil./y
10/02/2009, Stockholm
Step 1: Preliminary Analysis (cont.)
• Inputs: interviews and workshop with domain experts; documentation on the relevant actors, their goals and their activities
• Outputs: understanding of the logic behind the business network; value model(s); understanding of possible violations of value model(s); prioritization of violations, being control problems (including a decision to focus on specific control problems)
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
Step 2: Identify Control Problems (Process)
Control problems: Violates control principles 3 and 5. • The supporting document (AAD-doc) is not transferred
directly from the evidencing actor (EW/Customs UK) to the control actor (Customs NL)
• Checking AAD-docs is often not done. Efficiency flaw: Redundant information create high
operational costs for businesses and governments.
Problematic process
10/02/2009, Stockholm
Step 2: Identify Control Problems (cont.)
• Inputs: a set of violations of value models to focus on; interviews and workshop with domain experts; documentation on the business processes;
• Outputs: process models of the processes that realize the earlier defined focal value-level control problems; set of process-level control problems; abstract suggestions for control solutions
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
Step 3: Redesign --- Innovative IT
• TREC: Tamper-Resistant Embedded Controller (IBM)1. Sends container status information in real time (location, temperature, opening attempts etc.)2. Secured access to a container (Public Key Cryptography)3. Enables link to the data base of a company (shipper, carrier)
EPCIS
ERP
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
BLL SOA based information sharing schema
Government
Supply Chain partners
Information sharing intermediate
Beer Co.Tax and excise declaration
DTCAEnjoy real-time information from various partners and TREC
Real-time sending
CarrierTransportation & Shipping information
Other supply chain partners
Raw matterial & transaction infor.
Central EPCISCollecting, matching and provisioning infor.
TRECAlert and TREC infor.
Se
nd
Infor. sharing
ERP-EPCIS
ERP-EPCIS
ERP-EPCIS
ERP-EPCIS
Infor. sharing
Step 3. Redesign--- Innovative procedures
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
Step 3 Cont.: Customs control process with TREC
AEO (Authorized economic operater)
Supporting Doc.
10/02/2009, Stockholm
Step 3. Redesign (cont.)
• Inputs: process models for the focal value-level control problems; set of process-level control problems; abstract suggestions for control solutions; interviews and workshops with domain experts; documentation on business processes.
• Outputs: concrete solutions for earlier-defined control problems; process models that realize these solutions.
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
Step 4: Evaluation (value perspective)
BeerCo: better supply chain management; lower administrative burden; decrease loss from theft and smuggling or lost containerCustoms NL: better excise payment control; increase tax revenue Customs UK: better excise payment control; increase tax revenue; enhance security The new actor – TREC provider: increase profit through charging from the services.
10/02/2009, Stockholm
Step 4. Evaluation (cont.)
• Inputs: value models of the initial situation (output of step 1); concrete solutions for earlier-defined control problems (output of step 3); interviews and workshops with domain experts.
• Outputs: understanding of the logic behind the new business network and of how the network changed due to the introduction of new procedures; value model(s) of the new business network (or networks, in case of multiple scenarios analysis); e3-value profitability sheets being a financial business model evaluation (this is still an ongoing task in the BeerLL).
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
Case study with e3- control: PLL (Green corridor)
Reversing order
GC partner certification
G2B partnership
G2G collaboration
10/02/2009, Stockholm Jianwei Liu
Future research development
Develop secure supply chain governance model– Find out major concerns for secure supply chain
governance– Role of IT– extract auditors’ decision model in their auditing
procedures• E.g. Risk Assessment• Knowledge elicitation research
– Integrate governance model in e3-control
Investigate software tool support for AEO assessment– Tool supports companies to do AEO self-assessment – Examples:– Deloitte AEO Digiscan tool
FoodLL and DrugLL customs procedure redesign – Apply e3-control in redesigning the FoodLL and DrugLL
Customs procedures
10/02/2009, Stockholm25/05/2008 Jianwei Liu (VU), jliu@feweb.vu.nl
Further Info.
Jianwei Liujliu@feweb.vu.nl
Vrije University Amsterdam
top related