1

Enterprise Resource Planning Systems

MSc. Nguyen Thanh Tuan

Implement an ERP System

Contents

Importance of implement an ERP System

Processes of ImplementTypes of RiskControl and AuditingERP Products

2

Why implement an ERP System? To support business goals

Integrated, on-line, secure, self-service processes for business

Eliminate costly mainframe/fragmented technologies

Improved Integration of Systems and Processes

Lower Costs Empower Employees Enable Partners, Customers and

Suppliers3

How should we implement ERP systems

Obtain the right mix of people, processes and technology!!

4

How should we implement ERP Systems?People

Project Structure Should be aligned to processes

Process Implementation Process (outlined in

detail) Adapt your processes to those of the ERP.

Technology Hardware Software Integrated Systems

5

Process1. Definition and AnalysisHold discussions with various functional

personnel to establish the actual number of systems operating at client site, what they are used for, why and how often

Produce the Project Scoping Document outlining current situation, proposed solution and budgeted time

Challenge : REQUISITE EXPERTISE - No two clients are the same

6

Process2. DesignPrepare various functional reports -

specifies current scenario and wish listPrepare Design document which

specifies how the system is going to work

Prepare test scripts to be followed on system testing

Map out the interface paths to various modulesChallenge : INFORMATION SHARING - Availability of staff 7

Process3. BuildConfigure system as per set up document

specifications i.e. transfer conceptual model into reality

Test system to verify accuracy (preliminary tests)

Challenge : TECHNICAL ENVIRONMENT - System functionality

8

Process4. TransitionTrain users on their specific areasAssist in test data compilation and

system testing by usersFinalise the Live system and

captured opening balances

Challenge : USER RESISTANCE Understanding and acceptance

data preparation9

Process5. ProductionOfficial hand holdingEffectiveness assessmentBusiness and Technical Direction

recommendations

10

Technology

Technology is an enabler, not the driver (it is there to assist the organisation to achieve business goals)

It is a means to an end, not the end

11

Types of Risk

Risk occurs throughout the ERP life cycle Types of risk and extent of their impact

vary as we move through the ERP life cycleThree basic types of risk

Technical Business Organizational

12

Technical BusinessOrganizational

Deciding to go ERP

Choosing an ERP System

Designing

Implementing

After Going Live

Training

Risk Matrix

13

Risk Definitions Technical risk - risks arising due to

information processing technology, sensor technology, and telecommunication technology

Business risk - risks deriving from models, artifacts and processes adopted as part of ERPDo they match? Are they consistent? Do partners

processes match up? Organizational risk - risks deriving from the

environment in which the system is placed - including personnel and organization structure

14

What is the perceived risk of ERP projects? (%’s)

Risk Technical Business Organizational

Very Low 10.5 4.5 1.5Low 22.5 23.0 8.5Moderate 39.5 32.5 18.5High 15.0 26.0 37.5Very High 11.5 14.5 35.0

15

Summary of Survey FindingsOrganization risk is the “biggest”

risk -- the most likely to be seen as “high” or “very high”

Business risk is the next biggest riskTechnical risk is the smallest of the

bunch, with 72.5% rated very low to moderate. Technical risk is also the easiest to fix,

e.g., just choose more power.

16

Technical Risks

As the firm adopts new technologies, there are a number of risks that are common to each phase of the life cycle Operating Systems Client Server Computing Network Capabilities Database Links to other systems

17

Operating Systems

Operating systems include Unix, Linux, Windows 7, 8.

Different systems require different knowledge Need to employ people who understand

that operating systemMicrosoft’s SAP implementation was

the first to use Windows 7, 8 as an operating system

18

Client ServerDominant form of computing used in ERPHowever, firm’s expertise may be with

mainframe computing As a result, there may be a limited set of

personnel for the new computing environment

Mainframes are typically bullet-proof, whereas client servers are frequently at the opposite end of the spectrum in terms of controls.

19

Client/Server Configuration

DataManagement

ApplicationFunction

Presentation

Presentation

DataManagement

ApplicationFunction

Presentation

DataManagement

ApplicationFunction

Presentation

DataManagement

ApplicationFunction

Presentation

DataManagement

Presentation

DataManagement

ApplicationFunction

ApplicationFunction

DistributedPresentation(Thin Client)

DistributedPresentation(Fat Client)

RemotePresentation

DistributedApplication

RemoteData Mgmt

20

Network Capabilities

Issues include security and capacity of the network to facilitate use of the ERP system

21

Not Linked Linked

Highest Risk(Highest Potential Gain)

Lowest Risk(Lowest Potential Gain)

Integrated

Stand Alone

Linked to Other Applications

Com

putin

g an

d N

etw

ork

Env

iron

men

t

22

Technical Risks andERP Life Cycle

Deciding to go ERP Firms that have kept up with technology are

likely to better understand the risks associated with ERP systems.

Try to see what has worked in the past

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

23

Technical Risks andERP Life Cycle

Choosing an ERP system Virtually all software choice can be

manipulated, since it is a political process Requirements change as new technology

becomes available.

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

24

Technical Risksand ERP Life Cycle

Designing One company designed an ERP

contract based on computing capacity, so the vendor had to fix any problems with insufficient capacity

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

25

Technical Risksand ERP Life Cycle

Implementing and Going-Live Upon implementation and going-live,

capacity … six transactions a minute … 360 per hour … or 3600 for a ten hour day … was not enough

Needed more network capacity

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

26

Technical Risksand ERP Life Cycle

Training Risk that mainframe IS personnel

might have to be re-tooled to client-server technology

ERP system may require different technical people with different skills

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

27

Business Risks

Deciding whether or not to do ERP Must have the resources to do the

projectFirms get going on ERP and then find that

they don’t have the resources.This typically means that either the

organization fails or the project fails.

Must meet needs of the businessWhat is needed by the firm’s partners?

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

28

Business Risks

Choosing an ERP System Determine specific requirements,

e.g., transaction handling capabilitiesFox Meyer - system could do 10,000

invoice lines, but they needed 420,000

The business risk is that the ERP Vendor can not meet the company’s needs

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

29

Business Risks

ERP Design Design is a political process. As a result, there is

a risk that the design is sub-optimal. There is also the risk that processes designed by

one group in the organization will not interface well with processes designed by other groups.

There is the risk of project stoppingThis project would have changed how people work and

reduced staffing by half. It was the easiest thing to cut because people did not have the stomach for it

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

30

Business Risks

Implementing The project will take longer than

expected The project will cost more than

expected

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

31

Business Risks

Going Live If the ERP is not working properly, there

could be problems with customers and suppliers.

Hershey Foods Inc. lost most of their Halloween, Thanksgiving and Christmas sales due to a poorly functioning ERP system.

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

32

Business Risks

Training Training should provide users with

process and system information The main business risk is that timing

is too short and too late.

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

33

Organizational Risks

Deciding whether or not to do ERP Reportedly, one of the biggest risks is

that top management is not involved. Another risk is that the domain areas

are not involved and committed (Microsoft)

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

34

Organizational Risks

Choosing an ERP System Choosing the right consultant is the

biggest challenge (Risk)

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

35

Organizational Risks

ERP Design and Implementation Models of organizations are built into

the software, as a result, there are risks that the models do not match (e.g., Microsoft)

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

36

Organizational Risks

Going Live Cultural issues that relate to “big R”

reengineering create organizational risk.One firm went from compensation based

on number of units sold to salary to accommodate the ERP system

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

37

Organizational Risks

Training Employees not accustomed to data

input will take on the task. If users don’t know how to use the

system, it will fail. There may be inadequately trained

personnel after implementation due to poor training or attrition.

Technical Business Organizational

Deciding

Choosing

Designing

Implementing

Going Live

Training

38

39

Risks Associated with ERP Implementation

Pace of Implementation Big Bang--switch operations from legacy

systems to ERP in a single event Phased-In--independent ERP units installed

over time, assimilated and integratedOpposition to Changes to the

Businesses Culture User reluctance and inertia Need of (upper) management support

40

Risks Associated with ERP Implementation

Choosing the Wrong ERP Goodness of Fit: no ERP system is best for all

industries Scalability: system’s ability to grow

Choosing the Wrong Consultant Common to use a third-party (the Big Five) Be thorough in interviewing potential

consultants Establish explicit expectations

41

Risks Associated with ERP Implementation

High Cost and Cost Overruns Common areas with high costs:

TrainingTesting and IntegrationDatabase Conversion

Disruptions to Operations ERP is reengineering--expect major

changes in how business is done

42

Implications for Internal Control and Auditing

Transaction Authorization Controls are needed to validate transactions

before they are accepted by other modules. ERPs are more dependent on programmed

controls than on human intervention.Segregation of Duties

Manual processes that normally require segregation of duties are often eliminated.

User role: predefined user roles limit a user’s access to certain functions and data.

43

Implications for Internal Control and Auditing

Supervision Supervisors need to acquire a technical and

operational understanding of the new system.

Employee-empowered philosophy should not eliminate supervision.

Accounting Records Corrupted data may be passed from

external sources and from legacy systems. Loss of paper audit trail

44

Implications for Internal Control and Auditing

Access Controls Critical concern with confidentiality of

information Who should have access to what?

Access to Data Warehouse Data warehouses often involve sharing

information with suppliers and customers.

45

Implications for Internal Control and Auditing

Contingency Planning How to keep business going in case of

disaster Key role of servers requires backup plans:

redundant servers or shared servers Independent Verification

Traditional verifications are meaningless Need to shift from transaction level to

overall performance level

46

Implications for Internal Control and Auditing

ERP projects may be concurrent with BPR, CRM, Data Warehousing, SCM

All of these increase risk of successful implementation

ERP systems impact organizational structure and internal controls

New control policies must precede migration to an ERP system

47

Implications for Internal Control and Auditing

Gartner Group noted following concerns regarding implementing ERP:

48

Audits of ERPs

Audit could provide assurance covering the areas of …

process integrityapplication securityinfrastructure integrityimplementation integrity

SAP is the dominant player, with 35% - 40% of the market

Big five (BOPSE) … Baan, Oracle (Applications) PeopleSoft, SAP and, J.D. Edwards

Additionally, other firms have generated interest, e.g., QAD and Lawson, Great Plains

ERP Products

49

50

ERP Products

SAP: largest ERP vendor modules can be integrated or used alone new features include SCM, B2B, e-

commerce, XMLJ.D. Edwards

flexibility: users can change features; less of a pre-set structure than SAP’s

modularity: accept modules (bolt-ons) from other vendors

51

ERP Products

Oracle tailored to e-business focus Internet based vs. client-server based

applicationsPeopleSoft

open, modular architecture allows rapid integration with existing systems

Thank for your listening