A cash manager of a large medical center searches the institution's huge database for relevant data and uses her desktop computer to analyze the data with various forecasting models. She also links her computer to external databases for timely market information.

Executives of a large mining corporation are troubled by the inaccuracy of data provided by several mine offices. Management tries to correct the problem by imposing the responsibility of data validation on local managers. Under this new policy, local mine offices enter and reconcile raw pay-roll data, such as labor hours of individual workers, and shipping data, such as those contained in a shipping ticket per truck- load. Local mine offices must also be able to process data to some degree before the data are uploaded to the headquarters' computer system for final data processing.

A retail company tries to integrate its decentralized point-of-sale systems at individual stores with the headquarters' computer system. The objective is to establish a company-wide information system for timely inventory control as well as aggressive marketing and financial planning.

These three firms have one thing in common: they all want a client- server system, a design that has gained popularity in recent years. Its system architecture affects accounting operations significantly, because the accounting and computer systems are inseparable in today's corporate management information systems.

What is a client-server system? How does it function? How does it impact accounting? What opportunities and challenges are inherent? CPAs in industry and public practice need to answer these questions before they can take advantage of this new development in information technology.

What is a Client-Server System?

In the July 15, 1991 issue of Datamation, Dwight B. Davis defined a client-server system or environment as follows:

A client-server environment must contain at least one server computer, which provides standardized services such as data and file management, print services, or communication interfaces. At least one client machine--an intelligent PC or workstation--accesses the server over a network and also runs local programs.

The concept of client-server systems is an extension of distributed data processing (DDP) where computers, or computer systems, are connected to form a network. Users of DDP can control their own local applications and can communicate with other users within the same system. A client- server system can be further developed to include functional specialization so that some computers are equipped to handle designated functions, and they serve other computers with their specialties.

In the past, an individual who needed high-power data processing capability had to access a mainframe computer. However, a mainframe computer in a centralized system usually serves a large number of users, and the mainframe system does not cater its services to fit the specific needs of any individual user. The rapid expansion of the personal computer market reflects the dissatisfaction with mainframe computers and the need for systems that serve individual users well. Unfortunately, a stand-alone personal computer has limited data- processing power. The basic concept of a client-server design is to take the advantages of both user-friendly personal computers and high-power computers without their corresponding disadvantages.

An effective client-server system contains at least two common characteristics: cooperative processing and flexible end-user applications.

Cooperative Processing

If a client-server system has multiple specialized servers, each server possesses some unique functions that end users need from time to time. The system could become complex and cumbersome if end users have to remember where each specialized function is located and how to reach the specific server providing the needed functions. A system becomes ineffective when it is too complex for users to handle.

An effective client-server system, intended to be powerful and user friendly, must avoid complexity. The concept of cooperative processing does just that. When an end user needs an operation that his or her workstation cannot handle, the user has only to issue a command to the system without knowing where the needed server is or how to access it. The system software works like a broker, contacting various servers and assigning them different jobs. The system software then assembles the results obtained from different servers and forwards the integrated findings to the workstation used by the requesting user. The workstation in this example acts as a client being helped by several servers with the coordination of a broker.

From an end-user's viewpoint, a client-server system is simple and easy to operate because the user does not have to worry about the structural design of the system. He or she needs to know only the commands to get jobs done; the end user is not required to indicate where and how the specialized servers should handle the request. From a designer's viewpoint, however, a client-server system is quite complex. System designers must work out the details of relationships in the entire client-server system's software so that end users do not have to specify the complex connections to various servers.

With the resulting cooperative-processing capability, each end user feels as if his or her PC--a client workstation in the system--has the combined power of all the servers. This characteristic differentiates a client-server system from the other DDP systems.

Flexible End-User Application

One major reason PCs are popular is that individual users can select their own application software. Users are not forced to employ software they do not want. Also, they can install new application software without having to go through a time-consuming approval and development process required in a centralized system. A client-server system preserves most of these attributes.

An interesting incident that occurred in a large manufacturing company demonstrates the importance of flexibility of end-user applications. A manager was routinely issued a 300-page operating control report from the company's mainframe system. The information needed was printed in a summary buried in the report. The details of the report were necessary only when the summary was incorrect. He had to flip through the pages searching for the summary sheet every tune he received the report, so he requested a programming change. All he wanted was the one-page summary. Management rejected his request because the proposed change would cost the company $40,000.

In this elementary example, a legitimate request that could have improved employee productivity was rejected because of an inflexible system design. If the company had a client-server system, the manager could have accessed and processed the database from his desktop computer. He then could have asked for an uncomplicated summary or, if he wanted to do some personal analysis, used a familiar spreadsheet program to manipulate data for the "what-if" planning. End users should have the ability to access authorized data and perform analyses according to individual needs.

Flexible systems must be user friendly. Graphical user interfaces (GUI) have been an important facet of user-friendly personal computers such as Apple's Macintosh and IBM-compatibles using Windows applications. Users in a GUI environment can click on an image icon on the screen to select the needed applications without having to remember a series of commands. A client-server system providing flexible end-user applications should also include a GUI. End users can then handle the additional commands needed for operations beyond their desktop computers by clicking on certain icons. GUI mitigates the operating complexity of a network for end users.

Other characteristics that make a client-server system more effective include a common database with a database management system (DBMS) and system openness.

Common Database

To make data easily accessible for authorized users, data should be stored in a common database with a standardized format. A DBMS helps system administrators, programmers, and users to create, store, modify and retrieve data. In a large organization with a huge volume of data being continuously processed, one or more separate database servers are necessary to support frequent data accesses from end-users.

In many instances, large corporations have used the mainframe computers previously used in the centralized system as database servers for their new client-server systems. System managers still think mainframe computers are best for handling a huge volume of transaction oriented data processing. According to Mary Jo Foley in the December 6, 1993, issue of PC Week, Paine Webber has maintained its original IBM 3090 to handle "a couple of terabytes of data and batch processing." Some smaller companies have used minicomputers such as IBM AS/400 to do the same job. Other companies have used specially designed PCs as data servers. The prices of these PC servers are substantially higher than those of regular PCs.

A common database supported by a DBMS means a logically integrated database. Logical data integration, however, does not require all data be stored at the same physical location. It is not unusual to have a system of physically distributed databases located in several distant data servers that are logically connected by the system software. End users do not notice any difference between the two designs.

The use of a distributed database is especially useful in the retail industry. A large retail company may have a number of stores, ranging from dozens to hundreds. Each store can have a local area network (LAN) to support local management functions, including pricing decisions and inventory control. The store LANs are connected to the headquarters' computer system and form a company-wide client-server system. Headquarters executives can access inventory data on an individual-store basis or on company-wide aggregates. For example, according to Larry Armstrong in the November 26, 1991 issue of Business Week, executives of K-Mart have reportedly used a client-server system to access inventory data at the store level and aggregate it in order to make tactical pricing decisions for the disposition of some slow-moving merchandise.

System Openness

System openness means the client-server system must be able to work well with different software and hardware designs. As most PC users know, hardware and software products for IBM computers cannot readily be installed on Apple computers. Therefore, the Apple's system is not open to the IBM system and vice versa. Assume a company has an equal number of IBM computers and Apple computers and it wants to set up a client- server system using its existing PCs as client workstations. What will happen in this situation if the designed system is not open to the different platforms? The company will have to replace haft of its existing PCs with the other type of computers--an expensive proposition. However, if the designed system can accommodate both types of computer systems, the company would be able to save money while expanding computer capabilities. More importantly, users of IBM systems would not be forced to use an unfamiliar Apple system and vice versa. User resistance to the new system design could be significantly reduced.

The incompatibility between Apple and IBM products is just an example of the problems regarding the integration of different system platforms. Another example is the problem of integrating various DBMSs existing in different subsidiaries. Some vendors design their systems so transparently that their connection to other systems is relatively easy. Therefore, this type of DBMS is open for systems connection. Other vendors design their systems with a different philosophy. They want to keep their product designs incompatible with other vendors' products so customers will be forced to buy only their products for future expansion. If a company has several incompatible systems already in existence, the task of integration into a client-server system would obviously be very difficult, perhaps impossible. Designing a new client- server system from scratch is always easier than integrating existing systems. Designers of new client-server systems should provide that any new system be open to other systems because the need for future expansion is always present, especially in this era of swift technological advancement. A closed system is more likely to be incompatible with products of new technology than an open system.

System openness is also closely related to the flexibility of end-user applications, a primary characteristic of client-server systems. Currently, many sophisticated commercial software packages are available, such as word processing, spread-sheet, graphics, and statistical analysis. A flexible system allows end-users to select their own favorite software programs for the front-end applications on their own client workstations.

After considering the many advantages of a client-server system, some potential problems need to be addressed. Management must weigh the following issues carefully before a successful client-server system can be implemented.

Data Security

Client-server systems inherit the potential problems of DDP and, as a result, face more security challenges than centralized systems. End users can access authorized data from data servers and store their extracted data files in local workstations or even on floppy disks. Risks of data security, therefore, extend beyond the scope of the data servers, resulting in more necessarily complex internal controls.

In a centralized system, end users have only dumb terminals that cannot handle local data storage, and data are saved in the central computer-- either a mainframe or a minicomputer. Traditional control for data security is to set up passwords for different levels of data authorization. The focus of data control is on the central computer and access to the computer. With the development of DDP, including the client-server system, multiple control points and multiple control layers are necessary.

Tight controls for data security are often incompatible with user friendliness. A user of a traditional computer network has to enter a new password every time he or she crosses a communicating bridge to reach another system in the network. Likewise, end users of a client- server system consisting of many different servers would also have to remember many different passwords, and the speed of data access and processing would slow to an unbearable level. The potential user friendliness of the client-server system would be eliminated.

Fortunately, designers of a private network system, including the client-server system, can work out a comprehensive password system so that users issue just one set of authorization codes to access their authorized data. In addition to that, encryption of sensitive data can complement the comprehensive password system to increase the level of data security. From the end users' view, the comprehensive password system is user friendly. From the designers' view, the comprehensive system is complex and less secured. A would-be perpetrator has to break, or steal, just one set of security codes to get into various levels of data.

A trade-off exists between user friendliness and data security. Management has to find a good balance between them. The issue of data security does not end here. As end users of the client-server systems can hold data locally, they have the responsibility to safeguard their data. In addition to setting up rules and procedures for local data control and responsibility, management should arrange the means for enforcement.

Security awareness by the end user can't be over emphasized. If an employee decides to take a short coffee break while accessing data from data servers, the individual should log off the system instead of leaving the workstation on. Workstations and floppy disks should be locked up when the employee is ready to end the day's work. No individual should reveal his or her password to others. These are just some common sense examples of controls users can execute easily but often fail to practice consistently.

Training and Technical Support

In addition to being an important factorin the successful implementation of a client-server system, training makes employees aware of security concerns. It also educates employees for needed behavioral changes to comply with internal controls. Additionally, it provides employees with the basic knowledge to operate well in a new system environment.

User training for a client-server system is complicated by the interface of multiple front-end systems with servers. The user-friendly design provides users with a variety of options for their applications. As front-end applications vary, so do the training and technical support needs. Training of programming and support personnel is also complicated because the underlying system is more complex than traditional systems.

Cost

Some reports indicate that the cost of a PC-based client-server system is significantly lower than that of a mainframe-based computer system. However, the cost comparisons are often biased and incomplete. If one examines only the hardware cost of a PC-based client-server system, it is certainly lower than that of a mainframe computer system. However, if one includes all other necessary, costs, such as software development, security and control, training, and technical support, the total cost of a PC-based client-server system is probably not cheaper. Management should be aware of those other costs, which are often labeled "hidden" costs.

Some Implications For Corporate Accountants

Data Processing. A large corporation may have several subsidiary companies operating in different product lines or different industries. Consolidation of accounting reports at the headquarters is often a difficult task.

Instead of reconciling financial statements submitted by subsidiary accounting offices, headquarters' accountants may wish to integrate the decentralized databases into distributed databases under a client-server system. Much of the consolidation process can be automated in this process. Moreover, headquarters accountants have direct access to subsidiary databases when they have questions about some components of subsidiary reports.

Distribution of Accounting Information. Not only can regular accounting reports be distributed quickly and effectively through the system, but authorized data are easily accessible to users. This is the most significant contribution of the client-server system to accounting.

In the past, limited resources meant accountants could not customize their reports to help individual users. Most users, except members of top management, often received standardized reports. If users needed more information, they relied on good personal relationships with accountants to obtain additional information. The accounting function was not user friendly because of the cost/benefit constraint.

In a client-server system, authorized employees can access accounting data stored in data servers from their workstations. With user-friendly application software installed on workstations, users can analyze the needed data and customize their own output for decision making.

Internal Control. As discussed earlier, accountants must review their organizations' internal control systems carefully. New rules and procedures controlling the front-end data that users hold must be established. However, rules and procedures will not be effective unless employees are properly trained and rules enforced. Close supervision and internal audit on end users are effective means of enforcement.

Accountants' Involvement in Systems Development. Accountants are the major providers of management information in an organization. Accountants must make sure the integrity of accounting data and systems is not compromised. When an organization needs to develop a client- server system, accountants must actively participate in the development process.

Accountants are especially valuable in the process of systems analysis when system requirements and user needs are scrutinized. Accountants should contribute their knowledge of the organization's data collection and processing requirements. Additionally, accountants are the natural communicators between users of management information and operating personnel who produce the source data of management information. This role provides accountants with the opportunity to become user representatives on systems development teams.

Bor-Yi Tsay, PhD, CPA, is an Associate Professor at the University of Alabama at Birmingham.