1 / 52

Implementing an ERP System: Processes, Risks, and Control

Learn the importance of implementing an ERP system, the processes involved, types of risks, and control methods. Discover how ERP systems support business goals, improve integration, and lower costs. Understand the key steps in implementing ERP systems and the challenges faced. Explore the technological aspects and the varying risks throughout the ERP life cycle. Gain insights into technical, business, and organizational risks associated with ERP projects. Get a comprehensive overview of the technical risks involved in adopting new technologies and operating systems in ERP implementations.

sallyk
Download Presentation

Implementing an ERP System: Processes, Risks, and Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implement an ERP System ERP Enterprise Resource Planning Systems MSc. Nguyen Thanh Tuan

  2. Contents • Importance of implement an ERP System • Processes of Implement • Types of Risk • Control and Auditing • ERP Products

  3. Why implement an ERP System? • To support business goals • Integrated, on-line, secure, self-service processes for business • Eliminate costly mainframe/fragmented technologies • Improved Integration of Systems and Processes • Lower Costs • Empower Employees • Enable Partners, Customers and Suppliers

  4. How should we implement ERP systems Obtain the right mix of people, processes and technology!!

  5. How should we implement ERP Systems? • People • Project Structure • Should be aligned to processes • Process • Implementation Process (outlined in detail) • Adapt your processes to those of the ERP. • Technology • Hardware • Software • Integrated Systems

  6. Process 1. Definition and Analysis • Hold discussions with various functional personnel to establish the actual number of systems operating at client site, what they are used for, why and how often • Produce the Project Scoping Document outlining current situation, proposed solution and budgeted time Challenge : REQUISITE EXPERTISE - No two clients are the same

  7. Process 2. Design • Prepare various functional reports - specifies current scenario and wish list • Prepare Design document which specifies how the system is going to work • Prepare test scripts to be followed on system testing • Map out the interface paths to various modules Challenge : INFORMATION SHARING - Availability of staff

  8. Process 3. Build • Configure system as per set up document specifications i.e. transfer conceptual model into reality • Test system to verify accuracy (preliminary tests) Challenge : TECHNICAL ENVIRONMENT - System functionality

  9. Process 4. Transition • Train users on their specific areas • Assist in test data compilation and system testing by users • Finalise the Live system and captured opening balances Challenge : USER RESISTANCE Understanding and acceptance data preparation

  10. Process 5. Production • Official hand holding • Effectiveness assessment • Business and Technical Direction recommendations

  11. Technology • Technology is an enabler, not the driver (it is there to assist the organisation to achieve business goals) • It is a means to an end, not the end

  12. Types of Risk • Risk occurs throughout the ERP life cycle • Types of risk and extent of their impact vary as we move through the ERP life cycle • Three basic types of risk • Technical • Business • Organizational

  13. Risk Matrix Technical Business Organizational Deciding to go ERP Choosing an ERP System Designing Implementing After Going Live Training

  14. Risk Definitions • Technical risk - risks arising due to information processing technology, sensor technology, and telecommunication technology • Business risk - risks deriving from models, artifacts and processes adopted as part of ERP • Do they match? Are they consistent? Do partners processes match up? • Organizational risk - risks deriving from the environment in which the system is placed - including personnel and organization structure

  15. What is the perceived risk of ERP projects?(%’s) • Risk Technical Business Organizational • Very Low 10.5 4.5 1.5 • Low 22.5 23.0 8.5 • Moderate 39.5 32.5 18.5 • High 15.0 26.0 37.5 • Very High 11.5 14.5 35.0

  16. Summary of Survey Findings • Organization risk is the “biggest” risk -- the most likely to be seen as “high” or “very high” • Business risk is the next biggest risk • Technical risk is the smallest of the bunch, with 72.5% rated very low to moderate. • Technical risk is also the easiest to fix, e.g., just choose more power.

  17. Technical Risks • As the firm adopts new technologies, there are a number of risks that are common to each phase of the life cycle • Operating Systems • Client Server Computing • Network Capabilities • Database • Links to other systems

  18. Operating Systems • Operating systems include Unix, Linux, Windows 7, 8. • Different systems require different knowledge • Need to employ people who understand that operating system • Microsoft’s SAP implementation was the first to use Windows 7, 8 as an operating system

  19. Client Server • Dominant form of computing used in ERP • However, firm’s expertise may be with mainframe computing • As a result, there may be a limited set of personnel for the new computing environment • Mainframes are typically bullet-proof, whereas client servers are frequently at the opposite end of the spectrum in terms of controls.

  20. Data Management Data Management Data Management Data Management Data Management Application Function Application Function Application Function Data Management Network Presentation Application Function Application Function Application Function Network Presentation Presentation Presentation Presentation Presentation Client/Server Configuration Distributed Presentation (Thin Client) Remote Presentation Distributed Application Remote Data Mgmt Distributed Presentation (Fat Client)

  21. Network Capabilities • Issues include security and capacity of the network to facilitate use of the ERP system

  22. Highest Risk (Highest Potential Gain) Integrated Computing and Network Environment Stand Alone Lowest Risk (Lowest Potential Gain) Not Linked Linked Linked to Other Applications

  23. Technical Risks andERP Life Cycle Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Deciding to go ERP • Firms that have kept up with technology are likely to better understand the risks associated with ERP systems. • Try to see what has worked in the past

  24. Technical Risks andERP Life Cycle Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Choosing an ERP system • Virtually all software choice can be manipulated, since it is a political process • Requirements change as new technology becomes available.

  25. Technical Risksand ERP Life Cycle Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Designing • One company designed an ERP contract based on computing capacity, so the vendor had to fix any problems with insufficient capacity

  26. Technical Risksand ERP Life Cycle Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Implementing and Going-Live • Upon implementation and going-live, capacity … six transactions a minute … 360 per hour … or 3600 for a ten hour day … was not enough • Needed more network capacity

  27. Technical Risksand ERP Life Cycle Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Training • Risk that mainframe IS personnel might have to be re-tooled to client-server technology • ERP system may require different technical people with different skills

  28. Business Risks Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Deciding whether or not to do ERP • Must have the resources to do the project • Firms get going on ERP and then find that they don’t have the resources. • This typically means that either the organization fails or the project fails. • Must meet needs of the business • What is needed by the firm’s partners?

  29. Business Risks Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Choosing an ERP System • Determine specific requirements, e.g., transaction handling capabilities • Fox Meyer - system could do 10,000 invoice lines, but they needed 420,000 • The business risk is that the ERP Vendor can not meet the company’s needs

  30. Business Risks Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • ERP Design • Design is a political process. As a result, there is a risk that the design is sub-optimal. • There is also the risk that processes designed by one group in the organization will not interface well with processes designed by other groups. • There is the risk of project stopping • This project would have changed how people work and reduced staffing by half. It was the easiest thing to cut because people did not have the stomach for it

  31. Business Risks Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Implementing • The project will take longer than expected • The project will cost more than expected

  32. Business Risks Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Going Live • If the ERP is not working properly, there could be problems with customers and suppliers. • Hershey Foods Inc. lost most of their Halloween, Thanksgiving and Christmas sales due to a poorly functioning ERP system.

  33. Business Risks Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Training • Training should provide users with process and system information • The main business risk is that timing is too short and too late.

  34. Organizational Risks Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Deciding whether or not to do ERP • Reportedly, one of the biggest risks is that top management is not involved. • Another risk is that the domain areas are not involved and committed (Microsoft)

  35. Organizational Risks Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Choosing an ERP System • Choosing the right consultant is the biggest challenge (Risk)

  36. Organizational Risks Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • ERP Design and Implementation • Models of organizations are built into the software, as a result, there are risks that the models do not match (e.g., Microsoft)

  37. Organizational Risks Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Going Live • Cultural issues that relate to “big R” reengineering create organizational risk. • One firm went from compensation based on number of units sold to salary to accommodate the ERP system

  38. Organizational Risks Technical Business Organizational Deciding Choosing Designing Implementing Going Live Training • Training • Employees not accustomed to data input will take on the task. • If users don’t know how to use the system, it will fail. • There may be inadequately trained personnel after implementation due to poor training or attrition.

  39. Risks Associated with ERP Implementation • Pace of Implementation • Big Bang--switch operations from legacy systems to ERP in a single event • Phased-In--independent ERP units installed over time, assimilated and integrated • Opposition to Changes to the Businesses Culture • User reluctance and inertia • Need of (upper) management support

  40. Risks Associated with ERP Implementation • Choosing the Wrong ERP • Goodness of Fit: no ERP system is best for all industries • Scalability: system’s ability to grow • Choosing the Wrong Consultant • Common to use a third-party (the Big Five) • Be thorough in interviewing potential consultants • Establish explicit expectations

  41. Risks Associated with ERP Implementation • High Cost and Cost Overruns • Common areas with high costs: • Training • Testing and Integration • Database Conversion • Disruptions to Operations • ERP is reengineering--expect major changes in how business is done

  42. Implications for Internal Control and Auditing • Transaction Authorization • Controls are needed to validate transactions before they are accepted by other modules. • ERPs are more dependent on programmed controls than on human intervention. • Segregation of Duties • Manual processes that normally require segregation of duties are often eliminated. • User role: predefined user roles limit a user’s access to certain functions and data.

  43. Implications for Internal Control and Auditing • Supervision • Supervisors need to acquire a technical and operational understanding of the new system. • Employee-empowered philosophy should not eliminate supervision. • Accounting Records • Corrupted data may be passed from external sources and from legacy systems. • Loss of paper audit trail

  44. Implications for Internal Control and Auditing • Access Controls • Critical concern with confidentiality of information • Who should have access to what? • Access to Data Warehouse • Data warehouses often involve sharing information with suppliers and customers.

  45. Implications for Internal Control and Auditing • Contingency Planning • How to keep business going in case of disaster • Key role of servers requires backup plans: redundant servers or shared servers • Independent Verification • Traditional verifications are meaningless • Need to shift from transaction level to overall performance level

  46. Implications for Internal Control and Auditing • ERP projects may be concurrent with BPR, CRM, Data Warehousing, SCM • All of these increase risk of successful implementation • ERP systems impact organizational structure and internal controls • New control policies must precede migration to an ERP system

  47. Implications for Internal Control and Auditing Gartner Group noted following concerns regarding implementing ERP:

  48. Audits of ERPs Audit could provide assurance covering the areas of … • process integrity • application security • infrastructure integrity • implementation integrity

  49. ERP Products • SAP is the dominant player, with 35% - 40% of the market • Big five (BOPSE) … Baan, Oracle (Applications) PeopleSoft, SAP and, J.D. Edwards • Additionally, other firms have generated interest, e.g., QAD and Lawson, Great Plains

  50. ERP Products • SAP: largest ERP vendor • modules can be integrated or used alone • new features include SCM, B2B, e-commerce, XML • J.D. Edwards • flexibility: users can change features; less of a pre-set structure than SAP’s • modularity: accept modules (bolt-ons) from other vendors

More Related