Glossary

Terms used in this audit, with the meaning that applies in this document. Where a term has wider industry usage, that is noted but the audit’s usage takes precedence within these pages.

Business and operational terms

Audit (in this document) — a thorough examination of an existing system, conducted by an outside party, producing a written description of what is. See §2.6. Not compliance audit, security audit, or financial audit.

Backstop sheet — a paper form used in place of system entry when the system is unavailable. The customer maintains backstop sheets for the operator-completion journey only; other journeys have no paper fallback.

Batch window — the 22:30–02:00 period when the system runs nightly automated work and interactive use is paused. See §3.6 and §7.3.

BI export — the nightly CSV-to-S3 export feeding the customer’s separate Power BI data warehouse. See §8.1 entry 15.

BOM (Bill of Material) — the list of materials and sub-components required to make a manufactured item, including quantities. The system maintains BOMs at the item level.

Cash apply — the act of matching a received bank-statement line to an open AR invoice. See §7.1.

Close cycle — the multi-day sequence ending in a period transitioning from open to closed in the GL. See §5.6 and §7.4.

Demand origination — the event that creates a need for a purchase or production. Either MRP (system-generated) or manual (operator entered). See §7.2.

EDIFACT — a UN-standard electronic data interchange message format. Used in this customer by three EDI partners for orders, acknowledgements, and invoices. See §8.

Goods issue (GI) — removal of stock from inventory against a customer order. The system writes an inventory transaction.

Goods receipt (GR) — addition of stock to inventory against a purchase order or production order. The system writes an inventory transaction.

MRP (Material Requirements Planning) — the nightly batch process that converts current customer-order and forecast demand into recommended production and purchase orders. See §7.3.

MES (Manufacturing Execution System) — the layer of software that runs operations on the shop floor. MES-Plus includes MES functionality (production execution, scrap reporting, quality holds) integrated with the ERP layer.

OEE (Overall Equipment Effectiveness) — a composite shop-floor metric combining availability, performance, and quality. Industry-standard. The customer does not currently calculate OEE; one of the cached reporting tables is named rpt_oee_cache but is populated with a partial proxy (availability and quality only). See §9.4.

Patch / Mend / Retrofit / Restructure — the four tiers of modernisation intervention used by this audit. See §12.

Period close — see close cycle.

Period-close lead — the named individual responsible for executing and approving the period close. In this customer, the head of accounting. See §4.1.

RACI matrix — an org/process model where every action has a Responsible, Accountable, Consulted, Informed party. §4.2 presents permission matrices in RACI-adjacent form (R = read, W = write, A = approve).

RTO (Recovery Time Objective) — the documented or aspired duration within which the system must be restored after an outage. The customer’s documented RTO is 4 hours; observed 2024 RTO was 7 hours. See §10.7.

Three-way match — the verification that a supplier invoice matches the corresponding purchase order and goods receipt within tolerance, before approving for payment. See §5.5 and §7.2.

WIP (Work in Progress) — partly completed production. Visible in the system as production orders in status released or in_progress. See §1.2.

Technical terms

Application server — APP01, the host running the integration broker and SSIS runtime. See §3.4.

Broker / integration broker — the custom .NET service handling bank, customs, and miscellaneous integrations. See §3.3 and §8.2.

Crystal Reports — the reporting engine bundled with MES-Plus, runtime version 2013-SP-something. See §9.1.

db_owner — a SQL Server fixed database role granting full control over a database, including DDL.

DR (Disaster Recovery) — the planned activity of restoring the system after a major incident. See §10.7.

Log shipping — a SQL Server feature continuously copying transaction-log backups from primary to a secondary database. Used in this customer for DR (DB02). See §3.4.

MT940 / ABO / MultiCash / ISO 20022 pain.001 — bank file formats. MT940 is the SWIFT statement format; ABO is a Czech-Slovak banking format; MultiCash is a long-standing European cash-management format; pain.001 is the modern XML payment-initiation message. The customer uses different formats per bank for historical reasons.

Optimistic locking — a concurrency strategy where row versions are checked on update; conflicts raise an error rather than blocking. See §10.4.

Pessimistic locking — a concurrency strategy where rows are exclusively held for the duration of an operation. Used in this system by MRP, period close, and inventory revaluation. See §10.4.

Regenerative MRP — an MRP design that discards prior unreleased planned orders and recomputes from scratch each run. See §7.3.

SFTP — secure file transfer protocol over SSH. Used by every automated banking and EDI integration in this customer.

SSIS — SQL Server Integration Services, Microsoft’s ETL platform. Used by this customer for EDI and BI export. See §8.3.

Stored procedure (SP) — server-side database code. The vendor’s binary calls many stored procedures; the customer’s IT has authored ~120 additional ones. Several are load-bearing for nightly batches.

TDS — Tabular Data Stream, SQL Server’s wire protocol. By default it is not TLS-encrypted; see §10.9.

Thick client — a desktop application that connects directly to a database, as opposed to a thin/web client. MES-Plus is a thick client. See §3.1.

Evidence-tag symbols

These appear inline through the audit; see §2.4 for definitions.

• [OBS] — observed directly during walkthroughs
• [DOC] — found in customer’s documentation
• [DB] — verified by querying the production database
• [CFG] — verified by inspecting configuration
• [INT] — stated by a named user during interview
• [INF] — inferred from other evidence