Chapter 11 - ERP

What is an ERP?

 Multiple module software packages that evolved from

traditional manufacturing resource planning (MRP II)
systems.
 A single integrated system that accesses a single
database to facilitate the sharing of information and to
improve communications across the organization.
ERP SYSTEMS
 ERP Applications
 Core applications (online transaction processing applications)–
support the day-to-day activities of the business.
Sales and distribution functions- handle order entry and delivery
scheduling
Business planning – forecasting demand, planning product
production, and detailing routine information that describes the
sequence and the stages of the actual production process
Production planning – use of simulation tools to help managers
decide how to avoid shortages in materials, labor, or plant facilities.
Shop floor control – involves detailed production scheduling,
dispatching, and job costing activities associated with the actual
production process
Logistics – ensures timely delivery to the customer
 ERP Applications
Online Analytical Processing (OLAP) – decision
support tool that supplies real-time information
- includes decision support, modeling, information
retrieval, ad hoc reporting/ analysis, and what-if
analysis
Data warehouse – database constructed for quick
searching, retrieval, ad hoc queries and ease of use
ERP SYSTEM CONFIGURATIONS

 Most ERP systems are based on the client-server model.

 Two-tier model – server handles both application and
database duties. Used in local area network
applications for which the demand on the server is
restricted to a relatively small population of users.
 Three-tier model – the database and application
functions are separated. Used by large ERP systems that
use WAN.
Two-Tier Client Server
Three-Tier Client Server
 OLTP vs. OLAP Servers
 Consist of large numbers of simple  Support management-critical tasks
transactions that: through analytical investigation of
- access very large amounts of data complex data associations captured in
data warehouses.
- analyze relationships among business
 Support common analytical operations
elements
such as:
- compare data over time periods
Consolidation – aggregation or roll-up
- present data in different perspectives of data
- involve aggregated data Drill-down – disaggregates data to
- respond quickly to user requires. reveal underlying details explaining a
certain phenomena
 Support mission critical tasks through
simple queries of operational databases Slicing and dicing – enables user to
examine data from different viewpoints
 Allow users to analyze complex data
relationships.
OLTP and OLAP Client Servers
Database Configurations

 ERP systems are composed of thousands of database

tables
 Each table is associated with business processes that are
coded into the ERP
 The company usually reengineers its processes to
accommodate the ERP rather than modifying the ERP to
accommodate the company
Bolt-on Software

 ERP software alone cannot drive all the processes of the

company
 Companies use a variety of bolt-on software, provided
by third-party vendors, to perform a specialized
functionality.
 It is least risky if the software is endorsed by the ERP
vendor
Data Warehousing

 Data warehousing involves extracting, converting and

standardizing data from ERP and legacy systems and
loading it into a central archive – the data warehouse.
 When the data ware- house is organized for a single
department or function, it is often called a data mart.
 Loaded data are accessible via various query and
analysis tools used for data mining
Data Warehousing

 Essential stages of the data warehousing process:

 Modeling data for the data warehouse
 Extracting data from operational databases
 Cleansing extracted data
 Transforming data into the warehouse model
 Loading the data into the data warehouse database
Modeling Data for the Data
Warehouse
 Due to vast size, data warehouse database consists of
denormalized data.
 In the data warehouse model, the relationship among
attributes does not change.
 Because historical data are static in nature, nothing is
gained by constructing normalized tables with dynamic
links.
 Relational theory does not apply to a data warehousing
system because relations are stable.
Extracting Data from Operational
Databases
 Date extraction is the process of collecting data from
operational databases, flat files, archives, and external
data sources.
 Typically occurs to avoid data inconsistencies.
 Changed data capture reduces extraction time by only
capturing newly modified data.
Extracting Data from Operational
Databases
 Snapshots vs. stabilized data.
 Key feature of a data warehouse is that the data
contained in it are in a non-stable state.
 Potentially important relationships may be absent from
stable data.
 Extracting data in slices of time provide snapshots of
business activity which assists in depicting trends.
Cleansing Extracted Data

 Involves filtering out or repairing invalid data prior to

being stored in the warehouse.
 Operational data are considered “dirty”: clerical, data
entry, computer program errors, misspelled names and
blank fields.
 Also involves transforming data into standard business
terms with standard data values.
Cleansing Extracted Data

 Data are often combined from multiple systems that use

slightly different spellings to represent common terms.
 During the cleansing process, the attributes taken from
multiple systems need to be transformed into uniform,
standard business terms.
 (expensive and labor-intensive activity, but is critical in
establishing data integrity in the warehouse.)
Data Warehouse System
Transforming and Loading Data
into the Warehouse Model
 A data warehouse is composed of both detail and
summary data.
 The illustration shows the creation of summary views over
time. These are typically created around business entities
such as customers, products, and suppliers.
 To improve efficiency, data can be transformed into
summary views before being loaded.
 Unlike operational views, which are virtual in nature with
underlying tables, data warehouse views are physical
tables. OLAP permits users to construct virtual views from
detail data when one does not exist.
Transforming and Loading Data
into the Warehouse Model
 A data warehouse will often provide multiple summary
views based on the same detailed data such as
customers or products.
 Data warehouses must be created & maintained
separately from the operational databases.
Application of Data Mining
Supporting Supply Chain Decisions
from the Data Warehouse
 The primary reason for data warehousing is to optimize
business performance.
 By providing customers and suppliers with the
information they need when they need it, the company
can improve its relationships and provide better service.
 Using Internet technologies and OLAP applications, an
organization can share its data warehouse with its
trading partners and, in effect, treat them like divisions of
the firm.
RISKS ASSOCIATED WITH ERP IMPLEMENTATION
 An ERP system is not a silver bullet that will, by its mere existence,
solve an organization’s problems. The following are the risk issues
that need to be considered
 Big Bang versus Phased-In implementation
 Change in Business Culture
 Wrong ERP
 Wrong consultant
 High cost and cost overruns
 Disruption to operations
 BIG BANG VERSUS PHASED-IN IMPLEMENTATION
BIG BANG PHASED IN
- More ambitious and risky - Emerged as a popular alternative to big
- Switch operations from their old legacy bang
systems to the new system in a single event - Suited to diversified organizations who do
that implements the ERP across the entire not share common process and data
company - Independent ERP systems can be installed

DISADVANTAGES - Begins with one or more key process such as

- On the first day of implementation, order entry
everyone in the company is a trainee - GOAL: get ERP up and running concurrently
learning a new job with legacy systems
- Using it involves compromise
- At data input points, more data are DISADVANTAGE
entered, thus, the speed of the new system - System integration and Process reengineering
suffers and causes disruptions in daily which are fundamental are not achievable
operations
 CHANGES IN BUSINESS’ CULTURE
 All functional areas of the organization need to be involved in determining the
culture of the firm and defining the new system’s requirements
 If change is not tolerated in the culture, then ERP implementation will not be
successful
 Organizations that lack technical support staff or have a user base that is
unfamiliar with computer technology face a steeper learning curve and a
potentially greater barrier to acceptance of the system by its employees.
 CHOOSING THE WRONG ERP
 GOODNESS TO FIT
management needs to make sure that chosen ERP is right for the company
This requires a software selection process which starts broad and
systematically becomes more focused
ERP system must be modified to accommodate industry-specific software or
work with custom-built legacy system
 SYTEM SCALABILITY ISSUES
SCALABILITY - System’s ability to grow smoothly and economically ass user
requirements increase
SMOOTH AND ECONOMICAL – ability to increase system capacity at an
acceptable incremental cost per unit of capacity without encountering limit
that would demand a system upgrade or replacement
USER REQUIREMENTS – pertain to volume-related activities
 CHOOSING THE WRONG CONSULTANT
 Success of the projects rests on skills and experience that typically do not exist in-
house. Because of this, virtually all ERP implementations involve an outside
consulting firm, which
 coordinates the project
 helps the organization to identify its needs,
 develops a requirements specification for the ERP
 selects the ERP package, and
 manages the cutover
 A frequent complaint is that consulting firms promise experienced professionals,
but deliver incompetent trainees.
 BAIT-AND-SWITCH MANEUVER – the consulting firm introduces their top consultants
who are sophisticated, talented and persuasive The client agrees to the deal with
the firm, but incorrectly assumes that these individuals, or others with similar
qualifications, will actually implement the system.
 HIGH COST AND COST OVERRUNS
 Total cost of ownership (TCO) for ERP systems varies greatly from company to company.
 TCO includes hardware, software, consulting services, internal personnel costs, installation, and
upgrades and maintenance to the system for the first 2 years after implementation.
 The risk comes in the form of underestimated and unanticipated costs.
 Some of the more commonly experienced problems occur in the following areas.
 TRAINING. Training costs are invariably higher than estimated because management focuses
primarily on the cost of teaching employees the new software.
 SYSTEM TESTING AND INTEGRATION. In theory, ERP is a holistic model in which one system drives
the entire organization. The reality, however, is that many organizations use their ERP as a
backbone system that is attached to legacy systems and other bolt-on systems, which support
the unique needs of the firm. Integration and testing are done on a case-by-case basis; thus, the
cost is extremely difficult to estimate in advance
 DATABASE CONVERSION. A new ERP system usually means a new database. Data conversion is
the process of transferring data from the legacy system’s flat files to the ERP’s relational
database.
DISRUPTION TO OPERATIONS
 ERP systems can wreak havoc in the companies that install them.
 The reengineering of business processes that often accompanies
ERP implementation is the most commonly attributed cause of
performance problems.
 Operationally speaking, when business begins under the ERP system,
everything looks and works differently from the way it did with the
legacy system. An adjustment period is needed for everyone to
reach a comfortable point on the learning curve.
IMPLICATIONS FOR INTERNAL CONTROL
AND AUDITING
(1) TRANSACTION AUTHORIZATION
- RISK: snowball effect of errors if a system component is not configured
correctly (e.g. bill of materials error)
- Controls must be built into the system to validate transaction
authorization.
- For auditors to verify transaction authorization, they must have a
detailed knowledge of:
 The ERP system configuration
 The Business process
 The flow of information between system components
IMPLICATIONS FOR INTERNAL CONTROL
AND AUDITING
(2) SEGREGATION OF DUTIES (3) SUPERVISION
- RISK: manual processes that - RISK: management does not fully
normally require segregation of understand impact of ERP
duties are eliminated implementation on business
- THEREFORE, new security, audit, - Supervisors should have more
and control tools must be time to manage the shop floor,
established to ensure proper and increase their span of
segregation of duties control
- Roles must be properly assigned
IMPLICATIONS FOR INTERNAL CONTROL
AND AUDITING
(4) ACCOUNTING RECORDS (5) INDEPENDENT VERIFICATION
- RISK: traditional batch controls - RISK : because ERP employs
and audit trails are no longer OLTP, the traditional
needed; corrupted data; independent verification
becomes unnecessary
- Strict data cleansing is an
important control - THEREFORE, the focus should be
- Use of default values, cross- redirected from the individual
checking, and specified user transaction level of verification to
views of data enhance data one that views overall
entry accuracy performance
- E.g. performance reports to be
used as assessment tools
IMPLICATIONS FOR INTERNAL CONTROL
AND AUDITING
(6) ACCESS CONTROLS
- RISK: exposure to cybercriminals
- Goal of ERP access control is to maintain data confidentiality,
integrity, and availability
- Security administrators shall control access to tasks and
operations that process or otherwise manipulate sensitive
corporate data
TRADITIONAL ACCESS CONTROLS
METHODS
 ACCESS CONTROL LIST / ACCESS TOKEN
- Specifies user ID, resources available to such user, and level of permission
granted
- Inflexible and burdensome
- Keeping up with new hires, changes to privileges brought about by
promotions, department transfers, etc.
- Resulted to employment of role-based access control (RBAC)
ACCESS CONTROL LIST VS. RBAC
RBAC

“ROLE” – a formal technique for grouping together users according to

the system resources they need to perform their assigned tasks
e.g. sales role – a sales department personnel with access to the sales
module

RBAC assigns access permissions to the role an individual plays in the

organization rather than directly to the individual.
THEREFORE, more than one individual can be assigned to a role and a
predefined set of access permissions.
Internal Control Issues related to ERP
Roles
 The process of creating, modifying, and deleting roles is an internal
control issue

1. The creation of unnecessary roles

2. The rule of least access should apply to permission assignments
Access privileges should be granted on a need-to-know basis only

3. Monitor role creation and permission-granting activities

IMPLICATIONS FOR INTERNAL CONTROL
AND AUDITING
(7) CONTINGENCY PLANNING
- RISK: ERP creates a single point of failure, increasing risk from
equipment failure, sabotage, natural disaster, etc.
- Effective Contingency Plan
 Single Global ERP System
- For centralized organizations with highly integrated business units
- Accessed via the Internet to consolidate subsidiary data
 Regional Servers
- Companies whose organizational units are autonomous
- Permits independent processing