ERP QUIZ MONDAY

avatar
Created by
hannie

Cards (43)

  • Access Management
    • It refers to all the tools, policies, and procedures used to control and manage user access within an enterprise IT ecosystem.
    • It enables organizations to track, manage, and control the permissions of users to access different kinds of enterprise IT assets such as devices, files, services, and data.
    • It allows companies to authorize legitimate users and prevents unauthorized users from accessing business-critical resources or sensitive data.
  • ERP access should be distributed according to some combination of the following:
    • User role
    • Permission level
    • Document type
  • User role
    • Different roles come with different responsibilities. Designate the necessary ERP access for every role within your organization, down to the individual component, then assign those roles to each user in the system.
  • Permission level
    • Senior- and management level employees typically have more experience—in both the company and the system—and their permissions should reflect that. Assign a permission level to each role, usually in the form of a number (0, 1, 2, 3)—the higher the number, the more access is granted.
  • Document type
    • Not all documents are created equal. For instance, an entry-level sales representative might need access to a sales invoice, but not the underlying contract. Protect your high-level documents by assigning them a higher privilege or permission level.
  • Improper Role Design or Provisioning
    • Roles should be aligned with business processes rather than specific users or jobs, as this will make it easier to ensure that appropriate access is granted to all users.
    • Poorly designed roles may lead to access issues such as too much or too little access being granted. It will also make it more difficult to manage and report on Segregation of Duties (SoD).
    • Auditors may randomly test the access granted to users.
  • Access Management Risks and Controls
    • users may be granted inappropriate access, which can lead to unauthorized activities
    • disrupt the operations and incur financial loss.
    • affect the accuracy of your financial statements, so auditors will certainly test your access controls.
    • only grant users access to the applications that they need to carry out their jobs (often referred to as ‘least privilege’ or ‘need to know’).
    • implement and enforce Role-Based Access Control
  • Generic User IDs
    • For full accountability during your ERP audit, discourage the use of shared accounts or generic user IDs, as you won’t be able to prove exactly who did what.
  • Verify that user administration is continuous and immediate
    • Adding new users
    • Modifying existing users
    • Disabling inactive users
  • Adding new users
    • Before adding new users or hires to the system, request that their manager provide a detailed list of modules required to perform their duties.
  • Modifying existing users
    • If the responsibilities of an existing user change, or if the user requests access to a previously gated module, consult their manager to determine which permissions should be granted.
  • Disabling inactive users
    • This is one of the most important safeguards against unauthorized access. Regardless of how trustworthy an ex-employee was, if their account remains active in the system, your ERP data is subject to security breaches.
  • Require strong passwords and update logins regularly
    • Use a combination of letters (capitalized and lowercase), numbers, and symbols.
    • Update passwords at least once every six months
    • Create a unique password for every application.
  • Identify vulnerabilities through periodic access control reviews
    • IMPROPER ACCESS
    • ERRONEOUS ROLES
    • EXPIRED USERS
  • IMPROPER ACCESS
    • Review role responsibilities to assess whether privilege levels are accurate and current
  • ERRONEOUS ROLES
    • Verify that individual users are assigned roles that align with their job and responsibilities
  • EXPIRED USERS
    • Remove users who are no longer with the company or no longer require access to the ERP System
  • What is ERP implementation?
    • It encompasses all the steps required for an ERP system to be used in an organization.
    • It includes planning, configuring, training, and pre- and post-go-live actions.
    • determine how well the ERP system will be able to meet the organization's business requirements
    • implementation is keeping key stakeholders updated.
    • This includes employees who will be directly impacted by the new system, executives who approve budgets and can help remove roadblocks, third parties who may also need to use the new ERP, and the ERP vendor and implementation partner.
  • Steps for a successful ERP implementation
    • Budgeting
    • Assessing current processes
    • Project planning and goal setting
    • Selecting an ERP system
    • Configuring the system
    • Migrating the data
    • Testing the ERP system
    • Deployment and training
    • Support and maintenance
    • Evaluation
  • Budgeting
    • Before progressing too far on a project, the project manager will want to make sure that the project has been assigned a budget, and there is approval to initiate the project. The budget might not be final, but there's general acceptance that the project is allowed to proceed.
  • Assessing current processes
    • It's important for the organization to review its current processes. This step will help identify processes that are outdated and need updating, and ones that are missing. Based on the assessment, the project team can begin building a requirements document that outlines what the ERP system is expected to do.
  • Project planning and goal setting
    • The ERP project manager will collaborate with the organization's leaders to build a project team to work on the project. This team, often made up of subject matter experts, might be a subset of all the people required to complete the implementation. Team members will document the requirements and goals of the project and develop a schedule.
  • Selecting an ERP system
    • ERP Production selection is one of the most important steps in the process. Implementing a new ERP system is a huge undertaking that can take many years to complete, depending on the scope. It's critical to speak to several vendors, request demos and get a clear understanding of the software solution being proposed by each vendor. They should demonstrate how they are able to meet the organization's business requirements, say whether they will work with third party vendors to help complete the ERP system and provide details about their post go-live support and services.
  • Configuring the system
    • The configuration step is when the team implementing the ERP modifies system settings to make the system meet technical and business requirements. This step will likely involve the assistance of an ERP implementation partner or vendor because they will have more experience with the system. For this step to be successful and efficient, it's important to have clearly documented requirements. ERP systems have many configuration settings and there's no one-size-fits-all.
  • Migrating the data
    • Data migration is one step that should be carried out with special care. Converting old data to match the requirements of the new system can be complex. When it is done incorrectly, users of the ERP system will have to work with incomplete or inaccurate data. The data migration process needs to be specific about what data to migrate. Doing so might require keeping the old system licensed so the old data can be accessed. Alternatively, the data might be migrated to a database but have limited functionality.
  • Testing the ERP system
    • Testing will likely take place as features are implemented so issues can be resolved quickly and not wait until the end. You can also schedule testing to take place before major milestones as an interim measure. User acceptance testing happens closer to go-live.
  • Deployment and training
    • Once testing is complete and any defects are corrected, it is time to deploy the ERP system so people can start using it. Prior to go-live, the project team will need to train all system users, including employees and, potentially, third parties who will interact with the ERP. The training team typically starts developing training materials long before the system is ready. The goal is to make the transition to the new system as seamless as possible.
  • Support and maintenance
    • This team will continue to train employees, answer questions and make configuration changes as needed. Typically, it won't implement new features or make major changes unless they are absolutely necessary.
    • This step might also include setting the foundation for the next phase of the ERP project, such as identifying needed enhancements, implementing fixes that are too big or risky to do quickly, or adding new modules or software.
  • Evaluation
    • Once the system is deployed and in use, the project manager should evaluate the implementation project to make sure it met the business requirements. The evaluation will probably include getting feedback from the project team, key stakeholders and system users. The goal is to identify areas that were successful and areas that did not go as planned so they can be further analyzed ahead of the next planning cycle
  • Measuring the success of ERP implementation
    • Budget
    • Implementation timeline
    • Return on investment (ROI)
    • Skills acquired
    • Feedback
    • Deferred issues
  • Budget
    • Organizations will typically want to understand how closely the project stayed on budget. When there are significant deviations from the budget, the project manager will need to show that changes were approved, and why they were required.
  • Implementation timeline
    • This measure compares the original implementation timeline to the actual timeline. It includes evaluating each major milestone of the project. The evaluation not only helps judge the success of the current project but will also provide insight when planning the next phase or project.
  • Return on investment
    • It might not be easy to measure ROI in the short term, but the organization will want to determine if the new ERP system is providing the efficiencies and cost savings planned at the outset. Shortly after go-live, productivity may be slower than when using the legacy system, but as users get familiar with the new ERP, a positive ROI should start to be visible if everything went according to plan.
  • Skills acquired
    • When an implementation partner helps with the implementation, one of the project's goals might be to train employees to support the ERP going forward, including making configuration changes
  • Feedback
    • The project manager might want to gather structured feedback to evaluate the success of the ERP implementation project and the resulting ERP system. The feedback might include a survey or in-person meetings to measure things like system usability and data accuracy and identify issues.
  • Deferred issues
    • Many projects will defer issues found near the end of the implementation if they aren't critical. Doing so allows the ERP to go live on the preferred date while also making sure key functions are working. Knowing how many issues were deferred, their severity and the plan to resolve them is important in measuring a project's success.
  • Common ERP implementation mistakes
    • Poor communication
    • Unrealistic implementation timeline
    • Underfunded project
    • Inadequate resources assigned to the project
    • Not planning for post go-live support
    • Implementing substandard features
  • Poor communication
    • The project team must make sure it is communicating with all the key stakeholders. That includes employees, executives, third parties, the ERP vendor and the implementation partner if one is being used.
  • Unrealistic implementation timeline
    • There may be pressure to build a schedule that is preferred by some members of the organization without considering the scope of the project. You should allocate enough time for each step in the implementation based on estimates, with some contingency added into the schedule to account for unforeseen issues.
  • Underfunded project
    • Sometimes project leaders will cut the budget to help get approval for the project, or the project is only approved for a given budget. This can lead to dropping key requirements or taking shortcuts that have long-term implications for users.