- SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
- The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
- What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international, …) would drive this answer?
Andres Galarza says
Q3: What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international, …) would drive this answer?
I think the best answer to this questions is that it is largely industry-specific. For example, my organization is going to be impacted by the passing of Europe’s General Data Protection Regulation (GDPR). The consequences for noncompliance are particularly severe and percentage-based fines wouldn’t be out of the question if my organization was found wanting. I say percentage-based as opposed to a set financial figure, so the cost could be hundreds of millions of dollars.
Parneet Toor says
I like to add also for noncompliance sometimes companies go out of business. specially when companies get funded by federal government..
Lezlie Jiles says
Hi Andres,
I definitely agree with your statement about this question being driven by industry-specific requirements. The consequences of not being in compliance can be very costly and as Parneet stated can drive companies out of business. It is important for an organization to ensure that their controls are adequate and meeting any applicable regulations and laws. To do so they must first know/understand their business’s operation and its regulating requirements.
Michelangelo C. Collura says
I understand the EU is trying to get some control over large tech firms, so I’m not surprised they’d do that with SAP. This compliance need is luckily something SAP already knows a lot about, since they’ve previously had to customize their products for firms to address SOX, HIPAA, and others. This should be a point of strength for the company – any failure to appropriately integrate new GDPR compliance requirements might do damage to the brand.
Parneet Toor says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
I would expect SAP understand my company business processes and related internal controls currently in place, and have recommendations on improving or shortening processes and strengthening internal controls. Example replace manual processes to automation and find solutions to complex processes. How our business can implement cost effective processes.
M. Sarush Faruqi says
Parneet,
Great points. SAP is a solution designed to increase productivity and decrease costs. As enhancements are made to the system to deliver to the client, all of these aspects are kept in mind. As a business, management may not be aware of all of the functions SAP provides because of how large and complex the system is. Professionals from SAP can be a great resource to recommend tasks which can be automated and put to use right away. I wouldn’t necessarily assume SAP to take the role of auditors and recommend internal controls but they can definitely be a great resource to provide information on the SAP itself which in turn can shape how the company structures its internal controls.
Parneet Toor says
Thanks Sarush, I agree with you that SAP wouldn’t take the role of auditors and recommend internal controls as such controls are internal to the organisation. But I think SAP can atleast guide the organisation where security is needed the most.
Michelangelo C. Collura says
You get to the matter of collaboration. SAP implementation is extensive and involves a lot of work from both SAP and the client firm. This means that the opportunity exists during implementation for such enhancements, such as boosting cost-efficacy of some processes, but it could also mean that SAP would benefit from continuous collaborative efforts throughout the contract. I am not experienced with this at a firm, so I do not know if this is already the case, or if SAP simply returns to the client for support or re-negotiation.
Parneet Toor says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
I think other ERP systems should provide the level of customization and the availability of the system. In fact, more and more companies are looking to customize ERP systems to fit their needs. It would be advantageous for an ERP systems provider to provide more customization options to its clients. Also, it would be better if ERP system like SAP developed ‘Web-deployed ERP’ systems. It resides on the vendors host computer, where clients access it through an internal connection. Web- deployed ERP centralizes the system, and allow companies to reduce their IT expenses on personnel and hardware’s.
Jing Jiang says
Good point. Customizing would be a competitive function for the system to better fit business needs. The web-deployed function will centralize the system and reduce expenses. Besides, the system can be accessible at any time, anywhere via any computer connected to the internet, and with the synchronized data inside the system. In this way, the work efficiency would be increased.
M. Sarush Faruqi says
Parneet and Jing,
Both of you make great points on customization and implementing web deployed version of ERP systems. Customization will be a major draw for clients if ERP system providers such as SAP can provide this service to clients. Not only will it be cost effective, there will not have to a change in the workflow from the client’s end and multiple processes can potentially be combined and more processes can be added. The idea of web deployed applications can give reduce costs as stated but can also give clients more options to access the system. I’ve worked with applications in my workplace which were hosted by the provider where I had an instance on my machine. There was also a web deployed version available for the end user. The web deployed version can be useful if the hosted version malfunctions or goes down for some reason.
Mengting Li says
I agree with you. Customize the system can provide more flexibility to customers because the different company needs different services to implement their business goal. Therefore, customization can attract all different kinds of customers which makes the ERP system become more competitive in the future market.
Parneet Toor says
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international,) would drive this answer?
I would relate to law and regulations in which they are operating in. They must know all laws of their country and laws that are applicable to their business. If they are not complaint with laws companies would face fines .
Jing Jiang says
I agree with you Parneet.
Different industries have different focuses on laws and regulations. The main products and services the company providing determine the main compliances. For example, the fashion industry may focus more on the intellectual property, modeling laws and etc. The financial industry will focus more on anti-financial crimes act, such as SOX, USA PATRIOT Act an etc.
M. Sarush Faruqi says
Regulatory compliance is one aspect of compliance companies should put effort into when designing and testing their controls. As stated above, different industries will need to comply with different laws and regulations. In addition to the industry, compliance also addresses fraud and the potential for committing fraud at different levels of the organization. Companies should take fraud triangle and analyze their controls based on each component of the triangle to ensure their controls mitigate this risk and they remain compliant within their industry. In addition, compliance may also involve adherence to international laws. It is important for companies to ensure their controls satisfy the requirements for importing/exporting with foreign countries.
Khawlah Abdulaziz Alswailem says
I agree, Parneet
By ensuring the regulatory compliance, it can allow organizations to become more efficient in establishing customer loyalty and trust, improving an operational process, etc. Also, In order for an organization to be profitable, they must align their business objective with regulatory compliance.
Yijiang Li says
Good answer, Parneet. No matter what types of business you are operating, the initial and important step is to understand the law and regulation and comply with it. In real business world, law and regulation compliance is always hard to achieve, even though a lot employees are familiar with the law and regulation, they colud still take the big risk to violate it because of great potential economic benefits.
Jing Jiang says
1SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
I would expect SAP to provide a compliance monitoring function to ensure all the business activities align with related regulations. For example, to identify the SOD issues across different functions. In which way, a company can improve every business process to be more efficient. I also expect SAP to provide risk analysis so that company can reduce costs and prevent huge control failures by determining business priority and providing proper controls proactively.
M. Sarush Faruqi says
Jing,
Great points. Risk analysis is an excellent form of support SAP can provide to reduce the risk of control failures. If the solution SAP provides does not line up with the internal controls the company has in place, any gaps can be exposed and could potentially cost the company in damages in many different forms (money, reputation, operations, productivity etc). A risk analysis will aid in making better decisions when improving internal controls. It can also provide a means of implementing mitigation strategies to reduce the risk/outcome of potentially damaging events from happening. As a result, business processes can be improved and operations can continue knowing strong internal controls are in place to address high risks.
Xiaomin Dong says
Nice explanation Jing. I totally agree with you about the risk analysis.
Mengting Li says
Great point, Jing. Adding the monitoring function can help people detect risks and vulnerabilities immediately. In other words, it can provide a more safe place in the ERP system. Also, it is able to increase the efficiency for the organization.
Jing Jiang says
The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
Not only SAP, every system should be improved to be easy to use. If the system is complex to use, it will take a user more time, efforts and costs to learn and master, and potentially, more operating errors would create. Work efficiency and business performance would be damaged as well.
Having more practical function would also make it more competitive in the market. If a system with a lot of functions, but none of them are practical in daily work, that would waste time and money and people would not like to use it.
Lezlie Jiles says
Jing,
I definitely agree with your point about the system being to complexed. In my opinion, it requires extensive training for new users and it should be more user-friendly. If the system was more user-friendly and possibly automated a little more it would definitely assist with reducing errors.
Michelangelo C. Collura says
The user-friendly aspect is a concern for SAP. I think the company believes it’s an acceptable risk because they provide so much functionality even without the best GUI. However, the market continues to evolve, and Adam Smith’s invisible hand continues to improve the products of other firms, so I would be a little concerned if I was working at SAP. That being said, I do believe they will adapt, as we’ve seen their upcoming GUI in class.
Jing Jiang says
1. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international, …) would drive this answer?
I think the laws and regulations compliance should an organization put the most effort into ensuring their controls are adequate. The violation of the laws and regulations will result in fines, reputation damage, even the disruption of the entire organization. Regarding different products or services the company mainly provides, there are different laws and regulations the company needs to focus on. For example, the financial industry may need to focus more on issues related to financial crimes, such as to compliance the USA PATRIOT Act (prevents money laundering), Financial Industry Regulatory Authority (includes fines for Ponzi scheme), and etc. A food and beverage company may need to focus more on the Nutrition Labeling and Education Act, Food Safety Modernization Act, and etc.
Matthew J. Dampf says
“I think the laws and regulations compliance should an organization put the most effort into ensuring their controls are adequate.”
Agreed, Jing. The laws in the country that you’re operating in are the most important. Breaking these laws can lead to fines, bad publicity, and possibly escalated fines for future instances. These laws are in place for a reason as well and following them can be for your own good, whether it’s financial, data privacy of your users or something else.
M. Sarush Faruqi says
SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
I would expect SAP to adequately train employees in using the application based on the internal controls in the company. Because of the complexity of the system as a whole, it takes a quite a long time for professionals to understand how SAP works and gain the benefits of using the system. By SAP pro’s training employees, they will be able to get hands on experience while asking questions specific to the business processes used within the company. I would also expect SAP to educate management of the regulations being covered within the application since the company will assume SAP is providing a solution that is compliant with applicable laws and industry specific regulations. In this way, additional controls can be adopted by the company if SAP does not cover in their provided solution.
Matthew J. Dampf says
“I would expect SAP to adequately train employees in using the application based on the internal controls in the company. ”
I’m going back and forth on my expectations of training. Training employees is definitely a necessary control, but I don’t think I expect SAP to provide that. I think I’d expect SAP to train a few people on the internal implementation team, then that internal team would be responsible for training end users.
Khawlah Abdulaziz Alswailem says
I agree with you, M. Sarush
For an effective implementation of SAP system, employees in an organization must be well knowledgeable in all the SAP functions and processes. Employees with inadequate SAP training may not do well in the business processes after SAP implementation, leading to operational inefficiency. This is why training is as important as SAP installation and implementation. Without the sound knowledge of the SAP process, implementation will be greatly affected.
Yijiang Li says
I agree with you, Sarush. SAP and other ERP system software are quite compliated, so the training process is always important for their clients. Maybe only SAP and other ERP providers’ training are not enough, within the client’s company, building a professional team to provide those training shoud be more essential.
Matthew J. Dampf says
“If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?”
I expect SAP to understand my existing business processes and risks, as well as the ability to potentially refine my processes and identify new risks based on their expertise within my industry. There is a tendency for the business to modify their processes to fit the ERP rather than customize the ERP to fit the existing processes due to the expense of modifying and maintaining ERP customizations. For this reason, I expect SAP to provide me with best practice, well controlled processes as the baseline.
Yijiang Li says
I agreew with you, Matthew. Understanding the existing business process is always important before providing them a software of ERP systems, during this process, they can try to define some existing risks and avoid them in SAP software. Also, I consider a costomized version of SAP is expensive definitely, but some clients have enough budget on software of ERP systems and internal control, in this way, they can enjoy a SAP software with higher quality and better services.
Matthew J. Dampf says
“The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?”
Risk identification and controls to manage those risks are tangible expenses that companies need to account for, so I would think that the ERP that does this the best should be more widely used and be able to charge customers a higher price.
I also have to imagine that a more end user friendly interface has to be in the cards for SAP at some point, as I’ve found the version we’re using to be very complicated.
Looking more to the future, I would think fast integration with new technologies as they develop should be a focus – particularly in areas like supply chain that are being disrupted by new technologies like drone delivery and driverless vehicles.
Binju Gaire says
I agree wth you, Matt! SAP and other ERP systems should be user friendly so people can navigate the system and take advantage of it without any special assistance. Also, looking into the future SAP and other ERP systems should adopt robotic automation process to increase the efficiency and reduce human errors.
Binju Gaire says
I believe the organization should put the most effort into identification aspect of compliance to ensure their controls are adequate. Identification is the first step in determining the appropriate rules and regulations to implement. If the appropriate regulations are not implemented, then an organizations may face with charges and penalties. For instance, a finance company should carefully revise the policies related to finance such as Financial Industry Regulatory Authority (FINRA), Dodd–Frank and so on in order to be in fully compliant with the state and regulations. The compliance policies differ according to industries, hence, it is very important that organization should identify the right policies to implement to ensure the controls are in place and adequate.
Khawlah Abdulaziz Alswailem says
Binju,
I totally agree that regulatory compliance should be the aspect that organization put the most effort into. In fact, an organization must meet local, national and international laws and regulations. As you mentioned failing to do so can lead to financials lost due to lawsuits, customers boycott or fines. Also, the organization will face more damage as a result; not only, monetary loss but reputational loss as well.
Michelangelo C. Collura says
Well said. Identification is always important. In this case, SAP would be facilitating the company after the company identifies the relevant compliance needs. Perhaps SAP can attract customers by adopting a streamlined approach, whereby they themselves identify the major compliance needs for a firm based on location, industry, etc. They could then offer some tested controls to the firm, therefore saving everyone some time and money and building some strength into the contractual relationship.
Lezlie Jiles says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
During the implementation portion of our process, I would expect that our process and functions are fully reviewed to identify possible automation and to ensure that the proper controls are in place to meet regulations and standards. Also, because there are so many intricate parts of this system I would expect that we would be assigned a relationships manager to assist with any troubleshooting issues we may encounter once the system has gone live.
Binju Gaire says
Great points, Lezlie. I agree with assigning a relationship manager to assist with the troubleshooting issues. I believe this will be very efficient. Also, I agree that automation process will put controls in place as it avoids human errors in the system.
Xiaomin Dong says
Well said Lezlie. A relationship manager is really essential to the customers.
Lezlie Jiles says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
The current processes are very complex and require extensive training for new users, therefore I believe that and ERP systems provider should make the system more user-friendly. I also think that the ERP provider should have an easy integration process, along with the ability to customize according to the client’s needs. They should also focus on creating more automatic functions which will monitor/detect vulnerabilities. Lastly, to remain competitive they should also have an ability to remain innovative to meet the daily growth of computing.
Khawlah Abdulaziz Alswailem says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
As a customer, I would expect SAP to work with my organization to understand our businesses processes and the internal controls currently in place and provide recommendations on improving processes and strengthening controls. I would also like them to train my employees for the internal control perspectives which will significantly help my organization in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations, and policies.
Lezlie Jiles says
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (its industry, profit / non-profit, international…) would drive this answer?
An organization should put the most of their efforts into ensuring their controls are adequate and meeting any applicable regulations and laws. It is also important to know and understand your business’s operation and its regulating requirements. Meaning if the business was an international financial company. They would be required to adhere to all regulations or laws applicable to the countries they are operating in. An example of this would be financial reporting, banking confidentiality, and disclosure requirements are not the same between countries. Therefore, an organization should pay close attention and put a great deal of effort into ensuring that all regulations are followed.
Candace Nelson says
Very good point Lezlie – and a good reminder. I failed to highlight the differences between domestic and international businesses and the impact of dual regulations on companies that operate in both markets. It has become increasingly complex for global organizations to compete and fully comply with regulations imposed by all authorities, not to mention the costs associated with doing so and the resources required to maintain compliance.
Khawlah Abdulaziz Alswailem says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
I think what can differentiate one ERP system to another is the level of flexibility, customization and the availability of the system. Actually, many companies are looking to customize ERP systems to fit their needs. It would be advantageous for an ERP systems provider to provide more customization options to its clients. Also, it would be better if ERP system has more features related to the system like the following:
• Ease of customization – SAP offers excellent customization options within individual ERP systems despite having standardized configuration packages. However not all ERP systems offer this customization options which gives SAP an edge over the others to an extent.
• Scalability – A good ERP system should offer ease of scalability as the business and business landscape changes with the dynamics of current trends
• Training – If the ERP vendor can provide training for staff, that would be an added benefit that the customer can consider which would help in narrowing down options.
• More functionalities in areas of analytics and reporting and availability of information in real-time
• Better cost-to-value ratio – For any organization, cost-to-value is always going to be important criteria while selecting from the range of systems available.
https://www.umsl.edu/~sauterv/analysis/erp_paper.html
Yijiang Li says
Good point, Khawlah. I consider both costomization and training are important to its clients. Customization service can satisfy the different demand of the different clients, so they would pay more money for a costomized version software of ERP systems. Also, if SAP and other ERP systems could provide training to their cilents, it will be good. However, I consider they can just improve the ease of use of their software, in this way, their clients could save money and time on training process within their companies.
Yijiang Li says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
For SAP and other ERP system providers, there are a lot of work they can do to improve their competitiveness. However, since the resources are limited, they have to concentrate on the following sections. Initially, providing customization service to its clients is a effective method to create more revenue, becuase every company has different business process and prodecures to focus on. A customized version of ERP software would let its clients run the business smoothly. Second, ease of use should be an important target for SAP and other ERP systems providers to pursue, because it could decrease the time and cost for its client in training process. Third, security is always important for them.
Binju Gaire says
Great answer, Yijiang! Customization would be very effective tool in the SAP and other ERP systems. Looking into the future, I believe this tool will be prove to be extremely useful, because many organizations look to customize their system to make it work per their need. Further, these systems should certainly be user friendly in order to attract many customers in the future.
Michelangelo C. Collura says
Security is an excellent point that I forgot to mention in my post. SAP and other such systems contain almost the entirety of some businesses – particularly in manufacturing – so security is not just about protecting a particular database, but rather the entire business model. This means that SAP can’t get lazy with patches and updates, lest they are seen as a dangerous risk to firms.
Xiaomin Dong says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
As an SAP customer, I would like to ask SAP company to provide the training course which could help my employees know more about the process of the system. In addition, I also expect them to provide the access control feature of the ERP system. Depending on data classification that I want to gradually give access privilege to each employee. Access Management should be supported by the SAP ERP system.
Binju Gaire says
Nice answer, Xiaomin! Providing a training course will be very helpful for all the employees to fully master the system. Also, I believe if separate course are made available for SAP, other users can also take advantage of it to learn about SAP.
Qiyu Chen says
Yes, I agree with you. what you said can make SAP system easier to use. The participation of users is very important for successful implementation of ERP projects – hence, exhaustive user training and simple user interface might be critical.
Xiaomin Dong says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
As far as I am concerned, the Internet of Things (IoT) is a concept that provides objects, such as cars and electrical appliances, with the capacity to transfer data over a network without requiring human interaction. In the case of ERP, devices are available that can be attached to tools and even vehicles, feeding data back to applications hosted in the cloud. Information such as location, usage and performance can then be easily accessed, allowing organizations to identify issues like where unused assets are, or if maintenance is required.
Qiyu Chen says
1..SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
Firstly, I hope SAP system would be easier to use, The participation of users is very important for successful implementation of ERP projects – hence, exhaustive user training and simple user interface might be critical. but ERP systems are generally difficult to learn. Many new employees will join to the company, and most of them could have no experience with the SAP systems. The easier version of the system ERP system can reduce the training cost of the organization.
Secondly, I would expect shorter deployment period. As we know, ERP deployments are highly time-consuming – projects may take 1-3 years (or more) to get completed and fully functional, which means in the first 1-3 years, the system would not work effectively.
Xiaomin Dong says
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international, …) would drive this answer?
In my opinion, an organization should put the most effort into the compliance of government regulation, and it should be mandatory and priority. For example. like what I did in the “real world control failure” project, the SEC and DOJ’s claims that PTC and PTC China violated the FCPA’s anti-bribery, internal controls, and books and records provisions, PTC China agreed to pay a criminal penalty of $14.54 million to the DOJ, and PTC reached a $13.62 million civil settlement with SEC ($11.86 million in disgorgement and $1.76 million in prejudgment interest). The company not only lost the money but also draw the attention from the government. Therefore, compliance to industry standards is essential.
Qiyu Chen says
I agree with you. Government regulation is very important. In addition, the law is important as well. An organization know all the laws of their county and make sure that they are in compliance of them no matter its industry, profit/non-profit or international in order to avoid penalty.
Qiyu Chen says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
I think the most attractive factor for the ERP users is whether it is friendly used, which means both entry level users and trained users can easily understand how to use the SAP ERP system. Indeed, the system includes tons of important business data from daily operation, and it’s not that easy to simplify it, however, it doesn’t mean it’s impossible. The factor is, the ERP system is more easy to use, higher efficiency the employees can work. Without some unnecessary steps or confuse settings, the users may save time to do other works. Furthermore, the company could also save more investment in the training. However, it doesn’t mean that the SAP ERP system should be designed as easy to use as it could. The accuracy and other core functions still matter.
Qiyu Chen says
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international, …) would drive this answer?
In my opinion, the compliance that an organization should put the most effort into ensuring that their controls are adequate relates to law and regulations in which they are operating in. They must know all the laws of their county and make sure that they are in compliance of them, if not they could face severe penalty. Depending on what type of organization it is, they must know the law and regulations no matter if its industry, profit/non-profit or international. For an international company, they must know the law and regulations of the foreign land to make sure they are in compliance with it or else they may have to close down operation and face fines and penalty for non-compliance. So no matter what type of organization the company is, they must learn about the laws and regulations before they begin operations.
Candace Nelson says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
This question is as broad as are the many facets of internal controls. Hence, I am going to focus on two topics that fall within the scope of internal controls over the accuracy and completeness financial reporting (Sarbanes Oxley):
Segregation of Duties (SOD): I think it would be helpful if SAP were to prompt IT when incompatible duties were assigned to the same employee and/or position.
Report Accuracy and Completeness: As the PCAOB has increased their scrutiny of the public audit profession, pressure has been placed on their publicly traded clients to demonstrate that system reports relied upon for financial reporting purposes are accurate and complete. I think it would be helpful if the type of information the external auditors seek could be built into reports to reduce additional work, e.g. if parameters were included in report headers.
Candace Nelson says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
In the advent of Artificial Intelligence, I think it would benefit software developers to incorporate additional automated features into their products in the future to remain competitive from both a resource and a cost perspective.
Candace Nelson says
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international, …) would drive this answer?
I think the answer to this question is entirely dependent on the industry. Healthcare industries should focus on compliance as it relates to patient safety. Banks and financial institutions should place focus on compliance aimed at protecting customers. Other publicly traded for profit businesses should seek to protect the investments of their stakeholders.
Mengting Li says
SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
first of all, I would say if the system is able to monitor the system in time. So people can realize there is risks or vulnerabilities in the system immediately. Secondly, customization of the ERP system can provide more flexible because different companies need different services. Also, ERP system can be more competitive if they could provide customize the system to different customers.
Mengting Li says
What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international, …) would drive this answer?
The organization should make sure controls are compliance with the organization’s regulations.Regulatory compliance is an organization’s adherence to laws, regulations, guidelines, and specifications relevant to its business. Violations of regulatory compliance regulations often result in legal punishment, including federal fines.
Examples of regulatory compliance laws and regulations include the Dodd-Frank Act, Payment Card Industry Data Security Standard (PCI DSS) , Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA) and the Sarbanes-Oxley Act (SOX).
Michelangelo C. Collura says
SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
I would expect something like the SAP GRC, or SAP GRC (Governance, Risk, Compliance) Access Control system. This acts to govern those roles within SAP for users in its many processes. Access is controlled for both routine use and emergency exceptions. The system offers a control panel for end users that can utilize SoD rules in a simple way – by using a what-if analysis to determine if a SoD failure can lead to compliance issues. As the software identifies these issues, it notifies the admins who can then modify access accordingly. In a similar use, the software allows management to identify SoD risks if a user changes departments, is fired, hired, etc. It therefore has value for change management as well as compliance, and this would apply to legal concerns as well as internal policy concerns.
Michelangelo C. Collura says
The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
Based on the Gartner analysis, SAP isn’t even at the highest rating of major ERP systems, with that assignation going to Priority Software. Based on reviews, it seems that firms prefer it for two major reasons: ease of use, and cost. Priority has a robust and innovative GUI that is apparently more user-friendly than the SAP system, yet it offers the same level of customization and scalability. This would be my recommendation to SAP for future iterations of their products, and indeed, they are moving to a more user-friendly GUI, as we’ve discussed in this class. That, combined with more affordable pricing options, might allow them to maintain market dominance as the playing field gets more and more crowded.
Michelangelo C. Collura says
What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international, …) would drive this answer?
I would probably focus on ethics compliance, based on internal ethical policies as well as industry standards. As we’ve seen over the past few years, financial firms are increasingly targeted by hacker groups, and any incriminating data is going to likely end up in the public sphere. This is also true for retail and even government. This means that any industry is threatened, but the majority will likely continue to be for-profit, since there is financial incentive for hackers to attack them. SoD controls as well as other types of administrative policies focused on fraud prevention would be important for firms to maintain and expand in the coming years, as this allows them to avoid ethical breakdowns that will quickly become public. At the end of any such crisis, the damage to the brand or its stock value, in the case of for-profits, would be far worse than the cost of simply adhering to standards they themselves set.