- SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
- The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
- What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer
Penghui Ai says
1. Since this application maintains the whole business in a coordinated way, controls in a single capacity correspondingly affect others, I expect the application can give help to the organization’s internal controls. This application ought to have the ability to enable the organization to set any number of controls in the procedure’s dependent on a certain business rationale. Since these controls are incorporated with the framework, they ought to be extremely compelling. Additionally, since this application maintains the whole business in an incorporated way, controls in a single capacity ought to correspondingly affect others. For instance, if a control is set so that merchant’s receipt booking must be fundamentally finished with reference to the products receipt archive, it not just anticipates disparities between merchandise really got versus charged amount, yet it likewise guarantees that the records individual can’t book the receipt, even coincidentally, without a supporting merchandise receipt exchange in the framework.
2. Man-made intelligence (Artificial Intelligence)– Enabled ERP Solution: The world has turned out to be computerized and rapidly as well. Organizations are searching for approaches to limit cost and diminish human mistakes, along these lines ERP arrangements which are AI empowered will come in extremely helpful in such cases. As AI can figure out how to peruse, learn, and even process a ton of information and anticipating future results effectively, it will likewise have the capacity to perform essential regular undertakings, subsequently leaving space for individuals to perform more vital assignments.
ERP Solutions Tailored for particular Industries: With the utilization of rising innovations like VR, AI, and others, custom ERP arrangements will be worked to suit certain ventures, from assembling to wellbeing and tech, ERP arrangements that suit correct requirements will be planned.
The Incorporation of Emerging Tech into One: In this way, it’s normal that AI, Machine learning and other developing advancements will have a point of the crossing point. The points of interest that these advancements offer will be connected to ERP arrangements.
Normal and Voice Language Interface will Become Popular: Much the same as the manner in which Siri and Alexa are making our everyday lives simpler, soon these highlights will be incorporated into the work put as a major aspect of ERP arrangements. Essential parts of an organization’s ERP arrangements will be voice controlled.
3. Organizations are entrusted with giving appropriate safeguard and criminologist internal controls and control strategies for authoritative activities to guarantee all corporate consistence commitments are met and to keep up the respectability of monetary data. Administrators and consistency groups must organization and keep up compelling corporate consistency programs, including advancing an uplifted consciousness of consistency issues including information security, financial regulations (internal and external), accounting practices, HR, and legal requirements.
Written policies are fundamental as far as making satisfactory controls. Written policies and techniques that create: Corporate Compliance Program; Code of Conduct or Ethics; Training, Acknowledgment and Corrective Action Plans; Disaster Recovery Plan. These arrangements and methodology should apply to all workers, volunteers, staff individuals, healing center administration and divisions. While making them, remember your association’s central goal or esteem explanation and center qualities, and in addition pertinent laws and controls. Approaches and methodology ought not simply to be composed when responding to an episode, however, they ought to be made proactively and in a ground-breaking way.
Imran Jordan Kharabsheh says
Hello,
As I was reading through your responses to the questions regarding the study material for this week, I began to admire the intricacies of your responses and how you attempt to present each of your points with vivid detail. In particular, I was quite intrigued by the expectations you had for implementing the SAP service in your organization, such as how you discussed better synergy with internal controls. Another part of your responses that I found interesting was your opinion on how enterprise resource planning providers will be competing for competitive advantage in the future, where you looked towards artificial intelligence as a front. The artificial intelligence stood out to me as quite unique because of the diversity in utility it can provide to streamline business activities.
Rouying Tang says
Hi Penhui, Thank you for your sharing. I agree with you that Artificial intelligence enable ERP solution. It does be an more efficient and flexible process for release human powers and can be applied on many circumstance.
Imran Jordan Kharabsheh says
1. Putting myself in the shoes of an organization looking to deploy an enterprise resource planning solution, a few thoughts immediately come to mind in terms of the expectations I would have regarding the service that SAP provides. One of these expectations is secured and well-maintained log of all transactions that are occurring across the SAP server, which contains information including the persons involved in all parts of the transactions, the IP of the users executing transactions, and an accurate time and date. This is needed in order for auditors and system administrators to follow the paper trail and help them better detect unusual activity. This, in turn, ties in with my next expectation, which is a regularly moderated access management system meant to function as a control against users having free reign to access or edit parts of the SAP database unrelated to their work. And last but not least, I would also expect for a secure two or three step identity management system, which is meant to defend the database from outside threats trying to access the database or internal threats from spoofing their identity.
2. After reviewing the vast array of enterprise resource planning solutions on the market currently and the directions they’ve been going in terms of innovation, I believe that the future target for competitive advantage in the ERP systems market is going to be convenience and security. The reason I would argue that convenience is going to be a targeted area for competitive advantage is because of the trend in updates being made to current ERP systems, which have been implementing new means of automating and streamlining certain processes in order to improve productivity. I would also argue that security is a front for ERP system providers to fight over competitive advantage primarily because of the growing concerns of businesses in the digital age who feel more vulnerable than ever to cyber attacks on their databases.
3. Having once worked alongside people of the Sharia Law Compliance department in my time as an internal auditor for an investment bank, I have been told that regulatory compliance is among the more crucial aspects of compliance that investment banks must adhere to. This is because regulatory compliance revolves around the regulations and laws put in place by government bodies in order to protect both the banks and the general populace, and are often strictly enforced and have harsh consequences. Often regulatory compliance becomes businesses top priority, as not being compliant paints them as liable for any fraudulent activities that may occur and some businesses would even prefer to be inoperative than face the charges of being non-compliant. There is a correlation, however, between the industry a business is in and the effort a company puts in to maintaining regulatory compliance, with newer and less regulated industries having businesses that aren’t as concerned with compliance as those in more regulated and dated industries.
Rouying Tang says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
I would expect the ERP system have a unified repository for process control information under a single platform for all regulatory policy procedures and for all control assessment and testing activities. I would expect the internal control and policies can be properly aligned with business objectives and risks and gotten monitored in real time. I also expect the compliance and control processes can be improved through the proper evaluations.
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
First, for all ERP systems the efficiency should be focusing on via better identifying, prioritizing and focusing resources on key business processes and risks. Second, a real-time visibility should be guaranteed accessing to all compliance and internal control process with continuous control monitoring functionality. Finally, a improved compliance acts as core including anti-bribery and corruption, financial, IT controls, and industry-specific requirements.
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer
The personal identifiable information need more attention than any other perspectives for all organization. For the international organization, the distinguishes between corresponding jurisdiction should be considered. Sometimes, the jurisdiction can include not just the residence of the company but the location of the target markets and costumers, for example no matter where the company is located, the GDPR required the personal information must be storage within the EU as long as Europeans are involved. For specific industry, there might be stricter or unique requirements, which needs more attentions, for example the medical information get special protection by HIPAA in US.
Penghui Ai says
Hi Rouying, I like your comments on each question. For question #2, you have 3 suggestions to make SAP more competitive in the future. To begin with, for all ERP frameworks the effectiveness ought to concentrate on by means of better recognizing, organizing and concentrating assets on key business procedures and dangers. Second, a constant permeability ought to be ensured getting to all consistency and inside control process with nonstop control checking usefulness. At long last, an enhanced consistency goes about as center including against pay off and debasement, monetary, IT controls, and industry-explicit necessities.
Haitao Huang says
Hi Rouying
Some aspects of governance are imposed on organizations due to legislative and regulatory compliance needs, whereas others are imposed by industry guidelines or license requirements. All forms of governance, including security governance, must be assessed and verified from time to time. Various requirements for auditing and validation may be present due to government regulations or industry best practices. Governance compliance issues often vary from industry to industry and from country to country. As many organizations expand and adapt to deal with a global market, governance issues become more complex. This is especially problematic when laws in different countries differ or in fact conflict. The organization as a whole should be given the direction, guidance, and tools to provide sufficient oversight and management to address threats and risks with a focus on eliminating downtime and keeping potential loss or damage to a minimum.
Haitao Huang says
Question 1
I would expect the ERP system to provide support in the following control functions:
1. User Authentication
The realization of the identity principle in user administration is the prerequisite
for fulfilling the requirements for traceability and accountability in an ICS. Therefore,
you should use, for example, interviews, walkthroughs, and, where applicable, system
evaluations to clarify whether and how it is assured that across all systems and networks, one person has the same technical user identification number or the same username.
2. Password Protection
Security guidelines should document requirements for password protection. In general,
the requirements issued by the Big Four as part of IT audits correlate to the recommendations communicated by the Federal Office for Information Security
including with regard to the password length of eight characters. These recommendations are not legal specifications; in case of doubt, the recommendation of an independent IT auditor would be decisive.
Question 2
Big data, data visualization, and artificial intelligence (AI) top the list of new technologies that threaten to fundamentally alter the way ERP systems are built and used. Vendors looking to upgrade or migrate their ERP systems in 2019 will need to pay attention to how their new prospects handle these trends. Database performance will be a key performance indicator (KPI) for ERP in 2019, even more than it is today. Meanwhile, how the database handles big data warehousing and querying will also be important.
Question 3
In general terms, from a compliance perspective, the situation regarding control mechanisms in service organizations can be summarized as follows: the operational side of the processing of operative processes can be delegated to service organizations; however, the compliance-relevant questions with regard to control mechanisms in these processes remain the responsibility of the client.