chapter 11 enterprise resource planning system
TRANSCRIPT
Chapter 11:Enterprise Resource
Planning SystemIT Auditing, Hall, 4e
© 2016 Cengage Learning®. May not be scanned, copied or duplicated or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license
distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
Learning Objectives
• Understand the general functionality and key elements of enterprise resource planning (ERP) systems.
• Understand the various aspect of ERP configuration including servers, databases, and the use of bolt-on software.
• Understand the purpose of data warehousing as a strategic tool and recognize the issue related to the design, maintenance, and operations of a data warehouse.
• Recognize the risk associated with ERP implementation.
• Be aware of key considerations related to ERP implementation.
• Understand the internal control and auditing implications associated with ERPs.
07/01/2017 1
Traditional Information System
• Closed database architecture, similar in concept to basic flat-file model.• Data remains the property of the application.
• Distinct, separate, independent databases result in high degree of data redundancy.
• Paper-based orders result in rekeying information multiple times.• Delays, lost orders and data errors can result.
• Status of order may be unknown.
2
Traditional Information System
3
What is an ERP?
• Provides a smooth and seamless flow of information across organization:• Standardized environment with shared database and
integrated applications that support communication.
• Data remain independent of any specific application.• Extensive data sharing occurs through application-
sensitive views that present data to meet user needs.
4
ERP Systems
5
ERP Applications
07/01/2017 6
o Core applications operationally support day-to-day business
activities.
o Sales and distribution, business and production planning, shop
floor control and logistics.
o Also called online transaction processing (OLTP).
o On-line Analytical Processing (OLAP) is a decision support
tool that supplies real-time information.
o Decision support, modeling, information retrieval, ad-hoc
reporting/analysis, and what-if analysis.
o Data warehouse is a database constructed for quick searching,
retrieval, ad hoc queries and ease of use.
ERP System Configurations
• Most based on the client-server model.
• Typical two-tier model:• Server handles application and database duties.• Used in LAN applications where server demand is
limited to a small population of users.
• Three-tier model:• Database and application functions separated.• Typical of large systems that use WANs.• Client initially establishes communication with the
application server which initiates a second connection to the database server.
7
Two-Tier Client Server
8
Three-Tier Client Server
9
OLTP vs. OLAP Servers
• OLTP events consist of large numbers of simple online transactions that:• Access large amounts of aggregated data.
• Analyze relationships among business elements and compare data over time periods.
• Present data in different perspectives.
• Involve complex calculations.
• Respond quickly to user requires.
• Support mission critical tasks through simple queries of operational databases.
10
OLTP vs. OLAP Servers
• OLAP supports management-critical tasks through analytical investigation of complex data associations captured in data warehouses:• Consolidation is the aggregation or roll-up of data.
• Drill-down allows the user to see data in selectively increasing levels of detail.
• Slicing and dicing enables the user to examine data from different viewpoints to uncover trends and patterns.
• Allow users to analyze complex data relationships.
11
OLTP and OLAP Client Servers
12
ERP System Configurations:Databases and Bolt-On Software• Thousands of database tables.
• Each associated with business processes.
• Company typically changes processes to accommodate the ERP.
• Bolt-on software provided by third-party vendors to provide specialized functionality.• Least risky is software endorsed by ERP vendor.
• Rapid convergence between ERP and bolt-on software functionality.
• Supply chain management (SCM) software links vendors, carriers, logistics companies, and IS providers.
13
Data Warehousing
• Data warehousing involves extracting, converting and standardizing data from ERP and legacy systems and loading it into a central archive – the data warehouse.• Loaded data are accessible via various query and analysis
tools used for data mining (selecting, exploring and modeling large amounts of data to uncover relationships).
• Involves sophisticated techniques that use database queries and artificial intelligence to model real-world phenomena.
• Most large ERP implementations include separate operational and data warehouse databases.
14
Modeling Data for the Data Warehouse• Due to vast size, data warehouse database consists
of denormalized data. • Inefficiency can be devastating.
• Relationship among attributes does not change.• Data is static so nothing gained by constructing
normalized tables with dynamic links.
• Relational theory does not apply to a data warehousing system.• Normalized tables pertaining to selected events may be
consolidated into denormalized tables.
15
Extracting Data from Operational Databases• Typically occurs when databases out of service to
avoid data inconsistencies.• Changed data capture reduces extraction time by only
capturing newly modified data.
• Snapshots vs. stabilized data.• Key feature of a data warehouse is that the data
contained in it are in a non-volatile (stable) state.
• Potentially important relationships may be absent from stable data.
• Extracting data in slices of time provide snapshots of business activity which assists in depicting trends.
07/01/2017 16
Cleansing Extracted Data
• Involves filtering out or repairing invalid data prior to being stored in the warehouse. • Operational data are “dirty” for many reasons: clerical,
data entry, computer program errors, misspelled names and blank fields.
• Also involves transforming data into standard business terms with standard data values. • Expensive and labor intensive but critical in establishing
data integrity.
07/01/2017 17
Transforming and Loading Datainto the Warehouse Model• To improve efficiency, data can be transformed into
summary views before being loaded.• Unlike operational views, which are virtual in nature
with underlying tables, data warehouse views are physical tables. OLAP permits users to construct virtual views from detail data when one does not exist.
• Data warehouses must be created & maintained separately from the operational databases.• Needed for internal efficiency, integration of legacy
systems and consolidation of global data.
18
Data Warehouse System
19
Application of Data Mining
20
Risks Associated with ERP Implementation• Big bang implementation occurs when organizations
switch operations from legacy systems to ERP in a single event. • Some advantages, but numerous failures.• Initial opposition and changes cause disruption.
• Phased-in implementation approach as emerged as a popular alternative. • Independent ERP units installed over time, assimilated, and
integrated without disrupting operations.• Can be used by organizations that are not diversified, with
legacy system retired over time. Process reengineering will still need to occur.
21
Risks Associated with ERP Implementation• Opposition to changes in the business’s culture.
• Choosing the wrong ERP:• Goodness of fit: No one ERP product is best for all
industries.
• Scalability: System’s ability to grow in terms of size, speed, workload and transaction cost.
• Choosing the wrong consultant:• Thoroughly interview potential consultants and establish
explicit expectations.
22
Risks Associated with ERP Implementation• High cost and cost overruns:
• Training costs usually higher than estimated due to need for employees to learn new procedures.
• Testing and integration costs are difficult to estimate.
• Database conversion requires testing, manual reconciliation and sometimes manual input.
• Management should establish key performance measures to help determine ERP success.
• Disruptions to operations:• ERP implementations usually involve business process
reengineering (BPR).
23
Implications for Internal Control and Auditing • Transaction authorization:
• Controls needed to validate transactions before they are accepted by other modules.
• ERPs are more dependent on programmed controls than on human intervention.
• Segregation of duties:• Manual processes that normally require segregation of duties
are often eliminated. Important access is the assignment of roles.
• Supervision:• Employee-empowered philosophy should enhance, not
eliminate supervision.
24
Implications for Internal Control and Auditing • Accounting records:
• Corrupted data may be passed from external sources and from legacy systems making strict data cleaning an important control.
• Access controls• Key is to maintain data confidentiality, integrity and
availability.
• Access control lists specify permissions for individual users but must keep up with changes.
• Role-based access control (RBAC) assigns permissions based on system resources needed for specific tasks.
25
Access Control List vs. RBAC
26
Implications for Internal Control and Auditing: Issues Related to ERP Roles
• Creation of unnecessary roles.• Policies needed to prevent creation of unnecessary new
roles and ensure temporary role assignments are deleted when the reason for them terminate.
• Rule of least access:• Access privileges should be granted on a need-to-know
basis only but users tend to accumulate unneeded permissions over time.
• Monitor role creation and permission-granting.• Role-based governance allow managers to view and
verify current and historical rules.
27