Upload
adela-francis
View
216
Download
1
Tags:
Embed Size (px)
Citation preview
Contents
Importance of implement an ERP System
Processes of ImplementTypes of RiskControl and AuditingERP Products
2
Why implement an ERP System? To support business goals
Integrated, on-line, secure, self-service processes for business
Eliminate costly mainframe/fragmented technologies
Improved Integration of Systems and Processes
Lower Costs Empower Employees Enable Partners, Customers and
Suppliers3
How should we implement ERP Systems?People
Project Structure Should be aligned to processes
Process Implementation Process (outlined in
detail) Adapt your processes to those of the ERP.
Technology Hardware Software Integrated Systems
5
Process1. Definition and AnalysisHold discussions with various functional
personnel to establish the actual number of systems operating at client site, what they are used for, why and how often
Produce the Project Scoping Document outlining current situation, proposed solution and budgeted time
Challenge : REQUISITE EXPERTISE - No two clients are the same
6
Process2. DesignPrepare various functional reports -
specifies current scenario and wish listPrepare Design document which
specifies how the system is going to work
Prepare test scripts to be followed on system testing
Map out the interface paths to various modulesChallenge : INFORMATION SHARING - Availability of staff 7
Process3. BuildConfigure system as per set up document
specifications i.e. transfer conceptual model into reality
Test system to verify accuracy (preliminary tests)
Challenge : TECHNICAL ENVIRONMENT - System functionality
8
Process4. TransitionTrain users on their specific areasAssist in test data compilation and
system testing by usersFinalise the Live system and
captured opening balances
Challenge : USER RESISTANCE Understanding and acceptance
data preparation9
Process5. ProductionOfficial hand holdingEffectiveness assessmentBusiness and Technical Direction
recommendations
10
Technology
Technology is an enabler, not the driver (it is there to assist the organisation to achieve business goals)
It is a means to an end, not the end
11
Types of Risk
Risk occurs throughout the ERP life cycle Types of risk and extent of their impact
vary as we move through the ERP life cycleThree basic types of risk
Technical Business Organizational
12
Technical BusinessOrganizational
Deciding to go ERP
Choosing an ERP System
Designing
Implementing
After Going Live
Training
Risk Matrix
13
Risk Definitions Technical risk - risks arising due to
information processing technology, sensor technology, and telecommunication technology
Business risk - risks deriving from models, artifacts and processes adopted as part of ERPDo they match? Are they consistent? Do partners
processes match up? Organizational risk - risks deriving from the
environment in which the system is placed - including personnel and organization structure
14
What is the perceived risk of ERP projects? (%’s)
Risk Technical Business Organizational
Very Low 10.5 4.5 1.5Low 22.5 23.0 8.5Moderate 39.5 32.5 18.5High 15.0 26.0 37.5Very High 11.5 14.5 35.0
15
Summary of Survey FindingsOrganization risk is the “biggest”
risk -- the most likely to be seen as “high” or “very high”
Business risk is the next biggest riskTechnical risk is the smallest of the
bunch, with 72.5% rated very low to moderate. Technical risk is also the easiest to fix,
e.g., just choose more power.
16
Technical Risks
As the firm adopts new technologies, there are a number of risks that are common to each phase of the life cycle Operating Systems Client Server Computing Network Capabilities Database Links to other systems
17
Operating Systems
Operating systems include Unix, Linux, Windows 7, 8.
Different systems require different knowledge Need to employ people who understand
that operating systemMicrosoft’s SAP implementation was
the first to use Windows 7, 8 as an operating system
18
Client ServerDominant form of computing used in ERPHowever, firm’s expertise may be with
mainframe computing As a result, there may be a limited set of
personnel for the new computing environment
Mainframes are typically bullet-proof, whereas client servers are frequently at the opposite end of the spectrum in terms of controls.
19
Client/Server Configuration
DataManagement
ApplicationFunction
Presentation
Presentation
DataManagement
ApplicationFunction
Presentation
DataManagement
ApplicationFunction
Presentation
DataManagement
ApplicationFunction
Presentation
DataManagement
Presentation
DataManagement
ApplicationFunction
ApplicationFunction
DistributedPresentation(Thin Client)
DistributedPresentation(Fat Client)
RemotePresentation
DistributedApplication
RemoteData Mgmt
20
Network Capabilities
Issues include security and capacity of the network to facilitate use of the ERP system
21
Not Linked Linked
Highest Risk(Highest Potential Gain)
Lowest Risk(Lowest Potential Gain)
Integrated
Stand Alone
Linked to Other Applications
Com
putin
g an
d N
etw
ork
Env
iron
men
t
22
Technical Risks andERP Life Cycle
Deciding to go ERP Firms that have kept up with technology are
likely to better understand the risks associated with ERP systems.
Try to see what has worked in the past
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
23
Technical Risks andERP Life Cycle
Choosing an ERP system Virtually all software choice can be
manipulated, since it is a political process Requirements change as new technology
becomes available.
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
24
Technical Risksand ERP Life Cycle
Designing One company designed an ERP
contract based on computing capacity, so the vendor had to fix any problems with insufficient capacity
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
25
Technical Risksand ERP Life Cycle
Implementing and Going-Live Upon implementation and going-live,
capacity … six transactions a minute … 360 per hour … or 3600 for a ten hour day … was not enough
Needed more network capacity
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
26
Technical Risksand ERP Life Cycle
Training Risk that mainframe IS personnel
might have to be re-tooled to client-server technology
ERP system may require different technical people with different skills
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
27
Business Risks
Deciding whether or not to do ERP Must have the resources to do the
projectFirms get going on ERP and then find that
they don’t have the resources.This typically means that either the
organization fails or the project fails.
Must meet needs of the businessWhat is needed by the firm’s partners?
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
28
Business Risks
Choosing an ERP System Determine specific requirements,
e.g., transaction handling capabilitiesFox Meyer - system could do 10,000
invoice lines, but they needed 420,000
The business risk is that the ERP Vendor can not meet the company’s needs
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
29
Business Risks
ERP Design Design is a political process. As a result, there is
a risk that the design is sub-optimal. There is also the risk that processes designed by
one group in the organization will not interface well with processes designed by other groups.
There is the risk of project stoppingThis project would have changed how people work and
reduced staffing by half. It was the easiest thing to cut because people did not have the stomach for it
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
30
Business Risks
Implementing The project will take longer than
expected The project will cost more than
expected
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
31
Business Risks
Going Live If the ERP is not working properly, there
could be problems with customers and suppliers.
Hershey Foods Inc. lost most of their Halloween, Thanksgiving and Christmas sales due to a poorly functioning ERP system.
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
32
Business Risks
Training Training should provide users with
process and system information The main business risk is that timing
is too short and too late.
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
33
Organizational Risks
Deciding whether or not to do ERP Reportedly, one of the biggest risks is
that top management is not involved. Another risk is that the domain areas
are not involved and committed (Microsoft)
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
34
Organizational Risks
Choosing an ERP System Choosing the right consultant is the
biggest challenge (Risk)
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
35
Organizational Risks
ERP Design and Implementation Models of organizations are built into
the software, as a result, there are risks that the models do not match (e.g., Microsoft)
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
36
Organizational Risks
Going Live Cultural issues that relate to “big R”
reengineering create organizational risk.One firm went from compensation based
on number of units sold to salary to accommodate the ERP system
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
37
Organizational Risks
Training Employees not accustomed to data
input will take on the task. If users don’t know how to use the
system, it will fail. There may be inadequately trained
personnel after implementation due to poor training or attrition.
Technical Business Organizational
Deciding
Choosing
Designing
Implementing
Going Live
Training
38
39
Risks Associated with ERP Implementation
Pace of Implementation Big Bang--switch operations from legacy
systems to ERP in a single event Phased-In--independent ERP units installed
over time, assimilated and integratedOpposition to Changes to the
Businesses Culture User reluctance and inertia Need of (upper) management support
40
Risks Associated with ERP Implementation
Choosing the Wrong ERP Goodness of Fit: no ERP system is best for all
industries Scalability: system’s ability to grow
Choosing the Wrong Consultant Common to use a third-party (the Big Five) Be thorough in interviewing potential
consultants Establish explicit expectations
41
Risks Associated with ERP Implementation
High Cost and Cost Overruns Common areas with high costs:
TrainingTesting and IntegrationDatabase Conversion
Disruptions to Operations ERP is reengineering--expect major
changes in how business is done
42
Implications for Internal Control and Auditing
Transaction Authorization Controls are needed to validate transactions
before they are accepted by other modules. ERPs are more dependent on programmed
controls than on human intervention.Segregation of Duties
Manual processes that normally require segregation of duties are often eliminated.
User role: predefined user roles limit a user’s access to certain functions and data.
43
Implications for Internal Control and Auditing
Supervision Supervisors need to acquire a technical and
operational understanding of the new system.
Employee-empowered philosophy should not eliminate supervision.
Accounting Records Corrupted data may be passed from
external sources and from legacy systems. Loss of paper audit trail
44
Implications for Internal Control and Auditing
Access Controls Critical concern with confidentiality of
information Who should have access to what?
Access to Data Warehouse Data warehouses often involve sharing
information with suppliers and customers.
45
Implications for Internal Control and Auditing
Contingency Planning How to keep business going in case of
disaster Key role of servers requires backup plans:
redundant servers or shared servers Independent Verification
Traditional verifications are meaningless Need to shift from transaction level to
overall performance level
46
Implications for Internal Control and Auditing
ERP projects may be concurrent with BPR, CRM, Data Warehousing, SCM
All of these increase risk of successful implementation
ERP systems impact organizational structure and internal controls
New control policies must precede migration to an ERP system
47
Implications for Internal Control and Auditing
Gartner Group noted following concerns regarding implementing ERP:
48
Audits of ERPs
Audit could provide assurance covering the areas of …
process integrityapplication securityinfrastructure integrityimplementation integrity
SAP is the dominant player, with 35% - 40% of the market
Big five (BOPSE) … Baan, Oracle (Applications) PeopleSoft, SAP and, J.D. Edwards
Additionally, other firms have generated interest, e.g., QAD and Lawson, Great Plains
ERP Products
49
50
ERP Products
SAP: largest ERP vendor modules can be integrated or used alone new features include SCM, B2B, e-
commerce, XMLJ.D. Edwards
flexibility: users can change features; less of a pre-set structure than SAP’s
modularity: accept modules (bolt-ons) from other vendors
51
ERP Products
Oracle tailored to e-business focus Internet based vs. client-server based
applicationsPeopleSoft
open, modular architecture allows rapid integration with existing systems