Research on the Implementation of Internal Control in Enterprise Information System by Domain Analysis and Formal Methods: A Case Study of Sales Activities Internal Control Under Chinese Enterprise Environment

The standardized business processing rules and information processing flow, as well as the risk control according to the internal control norms, reflect the reliability, validity and robustness of the Enterprise Information System (EIS). The business objectives effectively met in EIS requires the integration of internal control concepts, rule & regulatory, standardized processes and measures in EIS. Furthermore, its implementation is a complex and large systematic engineering, and related to corporate governance structure, enterprise internal control environment, as well as many other factors. We introduce domain analysis and formal methods, which are a mathematic-based methodology in software engineering, to specify, model, verify the EIS if the desired internal control properties are contained in the software system during the design stage. So we can find defects and vulnerabilities quickly and effectively in the early-stage during EIS implementation, to reduce the risk of the inefficient or failure of internal control in EIS. In this paper, we first study the background of internal control in EIS, especially Chinese enterprise internal control environment, then introduce how to apply domain analysis and formal methods into EIS design to ensure internal control met business objective, at last, we take the sales activities of internal control under Chinese enterprise environment as an example to illustrate our method.