Riesgos en la implementacion del erp
Páginas: 5 (1034 palabras)
Publicado: 8 de mayo de 2010
Risks in ERP implementation
ERP
A high-end solution featuring integration of information technology and business application. Seeks to streamline and integrate operational processes and information flows in the organization to integrate the resources. The whole is greater than the sum of its parts. Each implementation is unique and is designed to correspond to the implementer's variousbusiness processes.
Major functionalities of ERP
Bridges the information gap across the organisation. Facilitates enterprise-wide Integrated Information System covering all functional areas like Manufacturing, Sales and distribution, Payables, Receivables, Inventory, Accounts, Human resources, Purchases etc. Helps in eliminating most of the business problems like Material shortages, Productivityenhancements, Customer service, Cash Management, Inventory problems, Quality problems, Prompt delivery etc. Provides avenues of continuous improvement and refinement of business processes. Helps in laying down Decision Support Systems (DSS), Management Information System (MIS), Reporting, Data Mining and Early Warning Systems to the organization.
ERP and BPR
Implementation goes closely withbusiness process reengineering and organizational remodelling Understanding the full import of going for ERP; whether enough organizational resilience and flexibility to undertake the project. Mismatch between the management aspirations and organizational compliance.
Characteristics
The database is usually centralized and as the applications reside on multiple users the system allowsflexibility in customization and configuration. The processing is real time online whereby the databases are updated simultaneously by minimal data entry operations. The input controls are dependent on pre data acceptance validation and rely on transaction balancing; time tested controls such are batch totals etc are often no longer relevant. Since the transactions are stored in a common database thedifferent modules update entries into the database. Thus database is accessible from different modules.
Characteristics
The authorization controls ere enforced at the level of application and not the database; the security control evaluation is of paramount importance. Auditors have to spend considerable time understanding the data flow and transaction processing. System heavily dependent onnetworking on a large scale. Vulnerability by increased access is a price that is paid for higher integration and faster processing of data in an integrated manner. The risk of single point failures is higher in ERP solutions; Business Continuity and Disaster Recovery should be examined closely.
Broad areas to look
Process integrity, Application security, Infrastructure integrity and Implementationintegrity.
Implementation Integrity
Project Planning, Business & Operational analysis including Gap analysis, Business Process Reengineering, Installation and configuration, Project team training, Business Requirement mapping, Module configuration, System interfaces, Data conversion, Custom Documentation, End-user training, Acceptance testing and Post implementation/Audit support.
CaseStudy – GSM in WHO
To improve operational efficiency, streamline processes and effectively decentralize authority and responsibility replace the fragmented computerized information systems with an integrated system for global management and administration GSM- both a major business change and a major technological change for WHO.
Reference Frame
Oracle E-BIZSuite Use of PRINCE2, Oracle AIM,PJM and ITIL by Management Audit : CoBIT/SDLC
COBIT Framework
M1 M2 M3 M4 Monitor the process Assess internal control adequacy Obtain independent assurance Provide for independent audit
Business Objectives
Criteria
• • • • • • • • • • • • • • Effectiveness Effectiveness Efficiency Efficiency Confidenciality Confidenciality Integrity Integrity Availability Availability Compliance...
ERP
A high-end solution featuring integration of information technology and business application. Seeks to streamline and integrate operational processes and information flows in the organization to integrate the resources. The whole is greater than the sum of its parts. Each implementation is unique and is designed to correspond to the implementer's variousbusiness processes.
Major functionalities of ERP
Bridges the information gap across the organisation. Facilitates enterprise-wide Integrated Information System covering all functional areas like Manufacturing, Sales and distribution, Payables, Receivables, Inventory, Accounts, Human resources, Purchases etc. Helps in eliminating most of the business problems like Material shortages, Productivityenhancements, Customer service, Cash Management, Inventory problems, Quality problems, Prompt delivery etc. Provides avenues of continuous improvement and refinement of business processes. Helps in laying down Decision Support Systems (DSS), Management Information System (MIS), Reporting, Data Mining and Early Warning Systems to the organization.
ERP and BPR
Implementation goes closely withbusiness process reengineering and organizational remodelling Understanding the full import of going for ERP; whether enough organizational resilience and flexibility to undertake the project. Mismatch between the management aspirations and organizational compliance.
Characteristics
The database is usually centralized and as the applications reside on multiple users the system allowsflexibility in customization and configuration. The processing is real time online whereby the databases are updated simultaneously by minimal data entry operations. The input controls are dependent on pre data acceptance validation and rely on transaction balancing; time tested controls such are batch totals etc are often no longer relevant. Since the transactions are stored in a common database thedifferent modules update entries into the database. Thus database is accessible from different modules.
Characteristics
The authorization controls ere enforced at the level of application and not the database; the security control evaluation is of paramount importance. Auditors have to spend considerable time understanding the data flow and transaction processing. System heavily dependent onnetworking on a large scale. Vulnerability by increased access is a price that is paid for higher integration and faster processing of data in an integrated manner. The risk of single point failures is higher in ERP solutions; Business Continuity and Disaster Recovery should be examined closely.
Broad areas to look
Process integrity, Application security, Infrastructure integrity and Implementationintegrity.
Implementation Integrity
Project Planning, Business & Operational analysis including Gap analysis, Business Process Reengineering, Installation and configuration, Project team training, Business Requirement mapping, Module configuration, System interfaces, Data conversion, Custom Documentation, End-user training, Acceptance testing and Post implementation/Audit support.
CaseStudy – GSM in WHO
To improve operational efficiency, streamline processes and effectively decentralize authority and responsibility replace the fragmented computerized information systems with an integrated system for global management and administration GSM- both a major business change and a major technological change for WHO.
Reference Frame
Oracle E-BIZSuite Use of PRINCE2, Oracle AIM,PJM and ITIL by Management Audit : CoBIT/SDLC
COBIT Framework
M1 M2 M3 M4 Monitor the process Assess internal control adequacy Obtain independent assurance Provide for independent audit
Business Objectives
Criteria
• • • • • • • • • • • • • • Effectiveness Effectiveness Efficiency Efficiency Confidenciality Confidenciality Integrity Integrity Availability Availability Compliance...
Leer documento completo
Regístrate para leer el documento completo.