- SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
- The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
- What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer
Scott Radaszkiewicz says
Question 1: SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
First, I would expect SAP to provide a set of best practices for our organization to review and use as a guide for building our internal controls. Second, I would expect a dedicated team to help us build and review our internal controls that we have created for our company. And third, I would expect ongoing review and auditing of those controls to ensure they are adequate and adjustments are made as the company grows and changes.
Scott Radaszkiewicz says
Question 2: The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
I think that security is a huge focus in technology today. ERP systems should be stressing how their product can help an organization conduct their business in a digital world more securely. Everyday you hear about a data breach happening. It’s almost become common place and we have become desensitised to it. Think back to the Target data breach and how big of a deal that was. Now, a data breach happens and you get a letter in the mail saying you’ll get 24 months of free credit monitoring service, and everyone goes on their way. It seems to have become a part of doing business that we’ve all accepted. But the cost does come on the back end. Helping an organization save dollars by preventing or limiting their exposure to an incident is key, and where ERP systems should be focusing their marketing. In my humble opinion!
Pascal Allison says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them
to provide to support your company’s internal controls?
As an SAP customer, to support my company internal controls my expectation would be to improve
the software to be more user friendly, make it simpler to understand, avail free or reasonable training
resources, leverage security as needed, avail functionalities, and create room for customer contribute
or feedback for change management.
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be
focusing on to make their systems more competitive in the future?
Competition comes with market share – customers. SAP and other ERP systems providers must
focus on customers and their needs.
Most SAP and ERP system users are conscience about:
• User friendly – how easy is it to learn, use, understand, or deal with?
• flexibility or mobility – am I confined to my office to perform my duties?
• Training – If I don’t understand or know some functionality, where can I learn them? Do I have to pay a high cost to acquire a simple knowledge?
• Security – the company is going have PII or SPII on the software. Are these data secured?
• Interface – how possible is it for SAP and other ERP system to interface with the company system?
• Cost – company should be able to save by using SAP or other ERP system. Can the company save on the cost to implement the SAP or ERP system?
With these covered, I am sure an ERP or SAP provider will have a fair share of the market.
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate?
I will look more at continuous auditing and continuous monitoring. First, the risk needs to be identified, analyzed, evaluated then set the controls. The next question is what is the cost associated with implementing the controls or what will it cost to ensure compliance? Taking into accounts the outcome of the risk analysis and the cost of implementation, management can relate to the business modus operandi and make decision. Now, let’s be aware that this is a continuous process; thus, we need to do a continuous auditing and management needs to monitor continuously. This will make decision making process easier and compliance of controls can be implemented and guaranteed.
What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer.
All businesses are guarded and regulated by the laws and governing/regulatory organizations. Thus, the organization controls and compliance must be structured based on the laws and regulations of the superior bodies of the industry and country. Decision made can affect the business; thus, decision should be of high quality to create value. That can be done considering the laws, regulations, then business policy.
Pascal Allison says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
As an SAP customer, to support my company internal controls my expectation would be to improve the software to be more user friendly, make it simpler to understand, avail free or reasonable training resources, leverage security as needed, avail functionalities, and create room for customer contribute or feedback for change management.
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
Competition comes with market share – customers. SAP and other ERP systems providers must focus on customers and their needs.
Most SAP and ERP system users are conscience about:
• User friendly – how easy is it to learn, use, understand, or deal with?
• flexibility or mobility – am I confined to my office to perform my duties?
• Training – If I don’t understand or know some functionality, where can I learn them? Do I have to pay a high cost to acquire a simple knowledge?
• Security – the company is going have PII or SPII on the software. Are these data secured?
• Interface – how possible is it for SAP and other ERP system to interface with the company system?
• Cost – company should be able to save by using SAP or other ERP system. Can the company save on the cost to implement the SAP or ERP system?
With these covered, I am sure an ERP or SAP provider will have a fair share of the market.
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate?
I will look more at continuous auditing and continuous monitoring. First, the risk needs to be identified, analyzed, evaluated then set the controls. The next question is what is the cost associated with implementing the controls or what will it cost to ensure compliance? Taking into accounts the outcome of the risk analysis and the cost of implementation, management can relate to the business modus operandi and make decision. Now, let’s be aware that this is a continuous process; thus, we need to do a continuous auditing and management needs to monitor continuously. This will make decision making process easier and compliance of controls can be implemented and guaranteed.
What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer.
All businesses are guarded and regulated by the laws and governing/regulatory organizations. Thus, the organization controls and compliance must be structured based on the laws and regulations of the superior bodies of the industry and country. Decision made can affect the business; thus, decision should be of high quality to create value. That can be done considering the laws, regulations, then business policy.
Xiaozhou Yu says
Hi, Pascal
Thanks for sharing your thoughts. I agree that auditing and monitoring are important for compliance. Organization cannot just announce accept the compliance and ask departments and employees to follow without guarantee activities. The questions you mentioned are great for organization to refer. And I think the organizations have different focuses, so the compliance they applied can be various but the questions you provided look compatible, great job!
Mahugnon B. Sohou says
Hi pascal
Great points in your post. You are right about Auditing and Monitoring being both important for compliance. Because their needs to be some sort of surveillance or monitoring to make sure the activities and processes are being compliant with the laws and regulations. Great post. Thanks for sharing
Heiang Cheung says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
I would expect the SAP ERP system to provide standard controls that could be implemented in the system. For example, the basic system controls like field checks, sign check, limit check, range check, completeness check, validity check, and reasonableness test. I would also expect it to have some type of access management in place. Having goo identity and access management would help with implementing a good segregation of duties control. Also, there should be help with updating the ERP whenever it is necessary.
Heiang Cheung says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
SAP and other ERP systems providers should focus on mobility, simplicity, implementation cost, scalability, and security. Mobility because most people are moving to the cloud and information can be access from anywhere. Simplicity because the simpler the system the easier it is to use for users. Implementation cost because for most companies the cost is probably one of the top reasons, they choose a particular ERP system. Scalability because a company wants to know if the system could grow as their company grows. Last security would be is a great deal and they would need to focus on the security and controls they have in place.
Pascal Allison says
Heiang, I like the mobility side of it. It takes care of a lot that enhances the business and IT size of operations. With mobility, there could be:
1. timely data analysis;
2. adequate resource allocation;
3. stakeholders can participant effectively and efficiently;
4. improve productivity; and
5. timely collaboration
With mobility and other point listed in place, I strongly believe any SAP and ERP system provider could direct the flow of customers/clients greatly.
Scott Radaszkiewicz says
Heiang, I really like your mention of mobility. With the way the world is changing, employees need access to be able to work, anytime and anywhere. No longer are users stuck in an office or cubical working on systems. Being able to access your ERP system from any device and any location is a very attractive option!
Mahugnon B. Sohou says
Hi Heiang, I also like tht ayou mentionned mobility in your comment regarding ways for SAP and other ERP systems to be more competitive. For instane, In case of disaster where employees cannot be in the office, they will need to have access from home or remotely in order to be able to continue operations. Great point. Thanks for sharing
Akiyah Baugh says
Hi Heiang, Mobility would be a great feature for an ERP system to have. A mobility component would be great for users, like myself, who are always on the go. 🙂 I would be a very happy customer if my ERP offered this option. I am sure the company would like this option as well because it would increase productivity and prove to be a very useful employee perk (the ability to work remotely) which could improve employee morale.
Derrick A. Gyamfi says
Heiang,
Great post! I think it is also important that an ERP system maintains continuous and consistent operations. With managers in an organization directing all departments to achieve the same goals, there is a need to speed up the decision-making process. If a system can update centrally and it applies to every department in the smallest amount of time – I think this will serve as a huge competitive advantage in the ERP system market.
Heiang Cheung says
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer
I would have to say organization would need to put the most effort into ensuring their controls are adequate for regulatory compliance because if not business could be fined or even shut down if they don’t follow laws and regulations. I think it’s industry, profit/ non-profit and international that drive the answer because there are different laws for different industries like HIPAA for the healthcare industry. If your organization is international than you have to deal with domestic and international regulations.
Robert Conard says
You’re right, regulatory compliance should be a priority of organization relative to their industry. SOX, HIPPA, FIPS. International standards should also be considered as any violation of regulatory standards will result in a fine, for which companies should not be in the business of violating. After all boilerplate standards are met, there should be additional considerations for what drives its industry and where the company specifically wants to focus its security.
Robert Conard says
1. As an SAP customer, I would expect a superior tool that differentiates between departments using modules that only specific users have access to. I would expect an internal mechanism to identify malicious patterns and incorrect inputs. I would also expect the abilities of the program to be reasonably maintained without continuous SAP visits, and standard encryption capabilities for communication between modules.. Finally, an automatic updating mechanism that can be installed directly from an SAP source.
Robert Conard says
2. The complexity of these systems may be reaching a plateau and in that situation, increasing usability could be a major step above competition. Compatibility is on organization’s minds when shopping for an ERP systems and it’s likely many are optimal for their business and others aren’t the right fit. That being said, specialization of these ERP systems can be an advantage and a detriment as the product can get pigeon-holed to a particular industry, but the company would ideally make it the best available product for those consumers. Otherwise, further enhancing security and application authentication might be an attractive quality for new potential buyers.
Heiang Cheung says
Yeah I agree usability and compatibility are really important for ERP systems for example SAP is more geared toward manufacturing businesses but the usability in my opinion kind of sucks. Peoplesoft to me is much easier to use because the I find the interface is easier to navigate and you could adjust Peoplesoft to the way you business runs, which is kind of neat.
Tamekia P. says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
SAP should provide user support. This would include password resets. This would aid in the internal controls because an outside party would configure the user accounts.
Heiang Cheung says
I might be thinking about it wrong but if you have a outside party to configure the users account would it actually take away the actual risk?
Tamekia P. says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
System providers should look to enhance the user experience. The GUI is an important part of helping the user understanding system functionality and completing basic tasks. The more intuitive the experience is the easier it is to convince a company to move from existing software as the learning curve becomes less steep.
Scott Radaszkiewicz says
Tamekia, I agree with you. I have never really used SAP, but from this class, I feel like it’s a bit user un-friendly. There is so much to the system, navigation seems daunting and difficult. I would assume after training and regular use, it becomes easier, but to sit down and intuitively understand the system, I don’t think that’s an option.
Mahugnon B. Sohou says
Hi Tamekia
Yeah you are right. This class is the first time I have had an extended experience with SAP and so far it seems a little user unfriendly. The navigation can be a bit tricky sometimes. After the first few uses it is hard for your average user to master it. Great point. Thanks for sharing your honest thought on that.
Tamekia P. says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
Another thing that these providers could focus on is providing a more cohesive customer service experience including integration of 3rd party software. The issue with ERP systems is that some of the components do not provide the features available in specialized software.
Tamekia P. says
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer
An organization should ensure that the user access and provisioning is appropriate. First it is important to vet how a user gains access to the system. Secondly, it is important to ensure that the user is authorize to perform specific tasks. The type of organization drives this answer especially as the level of security increases. For example, government clearance is only obtained after going through several processes of verification and background checks.
James T. Foggie says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
In contracting with a large company like SAP, the ERP software support should offer the following functions (among other features):
-Scalable support for multiple internal controls
-Continuous control monitoring
-Support for compliance management
The above support of controls will allow companies to increase efficiency; provide real-time insights in controls; and assist in the continuous improvement in compliance of IT and Financial controls. As a customer of a SAP instance, I would also expect support in the area a control and business objective alignment. I would look to utilize any available support solutions that will provide a single portal to monitor compliance auditing and track issues resolution.
James T. Foggie says
2.The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
Based on my very limited experience with SAP, the thing that stands out to me immediately is its antiquated user interface. SAP’s graphical user interface (GUI) reminds me of the DOS based applications of the early 1990s. In order to gain and keep a competitive advantage on competitors, SAP will need to improve its user interface while maintaining its superior advantage in tool functionality and reliability. In today’s computing environment, users expect ease of use in software design which provides intuitive functionality for tool navigation.
Scott Radaszkiewicz says
I agree James. This is my first time using SAP, and I don’t feel like the interface is very user friendly. With proper training on the system, I’m sure users are more comfortable using it, but if you have to step outside of your training and try to understand the system, I think it’s going to be tough.
James T. Foggie says
3.When is the cost of implementing a compliance control higher than the benefit obtained? What should an organization do to ensure efficiency and profitability?
Whenever the compliance control cost is higher than the benefit obtained, the company should perform a risk assessment to determine the exposure to the organization. When performing a risk analysis, the following elements should be evaluated: severity, probability and detectability. If the a risk is deemed ‘acceptable’
document the risk and implement monitoring vulnerability at a lower cost than control implementation.
James T. Foggie says
#3 — continued — Another method for improving efficiency in the area of compliance is for organizations to seek additional value through aggregation of controls. Companies should evaluate IT compliance needs at an aggregate level to make sure processes and controls can be developed at a global level within
the company. This global implementation of controls can provide economy of scales across business units. Lastly, IT cost drivers of compliance must be identified to ensure efficiencies are realized to support the overall business goals of the company.
Nathan A. Van Cleave says
James, great call out on aggregation of controls to build efficiency in the organization. I know at the pharma company I work at, this approach doesn’t always work; whether it’s because to BU’s are just so different in terms of type of operations or culturally. I can give you an example, our vaccines business unit is operated almost as completely separate company… not really sure why, but I partially believe it’s cultural. Have you seen anything similar at your company?
James T. Foggie says
4. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international, …) would drive this answer?
Companies should place consideration effort in ensuring their Sarbanes-Oxley (SOX) controls are adequate. First and foremost, non-compliance to SOX control regulations can yield penalties ranging up to $5 million in fines and 20 years in prison. Also, non-compliance to SOX could be an indicator of underlying financial fraud. So, corporate executives have compliance and business incentives for ensuring proper SOX controls are in place and evaluated on a continuous basis.
In some cases, a determining factor for SOX adherence would be whether or not your company is public or private. Although the Sarbanes-Oxley Act of 2002 applies to all publicly traded companies, there are
scenarios when private companies also must ensure SOX controls are in place. Executives of companies (both public and private) should become well versed in the SOX regulations to determine what compliance rules apply to their company’s classification and industry.
Folake Stella Alabede says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
An ERP functions to provide and maintain security by offering different services as related to an organizations business process, to enhance efficiency and mitigate risks.
As an SAP customer, I would expect SAP to provide enough “reasonable” assurance that it has been designed to support my company’s internal controls that affects financial reports by detecting and preventing threats and vulnerabilities, be it human or automated.
Scott Radaszkiewicz says
Folake, I like using reasonable assurances as an expectation. I guess that an organization would have to spell out exactly what those assurances would be they would expect from SAP. SAP is such a huge implementation that there and there are so many facets of your business that the system interacts with, assurances and expectations are key to making sure everyone is satisfied and comfortable with the system.
Folake Stella Alabede says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
I think ERP system providers should focus on simplicity and ease of use (user friendly system) while still providing adequate security/service as needed. They also need to focus on systems that provide the most assurance at protecting an organizations control. And they also need to ensure that other equipment’s/accessories that are compatible with the ERP system are easily within reach/available for purchase and not overly costly.
Folake Stella Alabede says
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer
All aspects that are governed by a regulatory body would be my first answer. (regulatory bodies like SOX, HIPAA, PCI/DSS etc depending on the nature of the business).
This is because these regulations have streamlined and tailored these controls according to the relevance of the business, e.g HIPAA for the healthcare business, PCIDSS for the banking/relevant business, etc) So while company A might need to ensure compliance with some specific set of controls, company B might not need to.
Mahugnon B. Sohou says
As a SAP customer, I would first expect SAP to provide a set of best practices or standard controls for our organization to implement. I would also expect it to have some type of access management tool in place which would automatically assure a good segregation of duty for certain processes. They should also provide a update system whenever it is needed. Finally there should be ongoing review and auditing of those controls to ensure they are adequate and working the way they have been designed.
Mahugnon B. Sohou says
SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
As a SAP customer, I would first expect SAP to provide a set of best practices or standard controls for our organization to implement. I would also expect it to have some type of access management tool in place which would automatically assure a good segregation of duty for certain processes. They should also provide a update system whenever it is needed. Finally there should be ongoing review and auditing of those controls to ensure they are adequate and working the way they have been designed.
Mahugnon B. Sohou says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
I think SAP and other ERP systems providers should be focusing on ways to make their systems more secure as security is a huge focus in technology nowadays. They should put an emphasis on how their products can help a business in improving security in its various processes. With all the identify theft and data breach happening nowadays, we must make sure there are stronger and stronger security measures in place to deal with those threats.
Mahugnon B. Sohou says
What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer
I think that organizations would need to put the most effort into ensuring their controls are adequate for regulatory compliance because of the industry. Generally there are compliance standards that the entire industry has to follow, otherwise they could be fined or shut down. It is important for them to follow these laws and regulations to avoid falling on the wrong side of the law. The biggest factor that drives this answer to me is the industry, because as I said earlier there are laws that all businesses in the industry have to follow.
Mahugnon B. Sohou says
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer
I think that organizations would need to put the most effort into ensuring their controls are adequate for regulatory compliance because of the industry. Generally there are compliance standards that the entire industry has to follow, otherwise they could be fined or shut down. It is important for them to follow these laws and regulations to avoid falling on the wrong side of the law. The biggest factor that drives this answer to me is the industry, because as I said earlier there are laws that all businesses in the industry have to follow.
Nathan A. Van Cleave says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
As a customer of a very expensive enterprise solution, I would expect that there would be a number of support aspects that SAP should provide. The technical expertise to help design, test, implement, and maintain the system would be required. Additionally, special attention should be paid during the design and build stage as requirements for each organization could vary drastically.
With those requirements in mind, specific internal controls should be implemented to meet business process needs.
Nathan A. Van Cleave says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
Ultimately where I think SAP lags and quite frankly, fails at, is user interface. While I haven’t experienced other ERP systems, in my limited engagement with SAP, it lacks true UI/UX design. As the pace that organizations and technology has advanced in the last 20 years, SAP has been slow to advance in terms of user experience.
It has made acquisitions in recently to address this as Fiori platform allows for a number of modules to “bolt” on and allow applications like Concur (T&E) to run on a mobile platform and integrate with the internal system..
Nathan A. Van Cleave says
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer?
For highly regulated industries such as banking/financial and pharmaceutical/consumer healthcare, regulatory compliance should be the primary objective with regards to compliance processes and controls. I would say it is even more critical in the pharma/healthcare industry simply because adverse events and patient safety can immediately impact people’s lives.
Robert Conard says
3. This answer depends on the compliance demands of that organization. Public companies have to remain compliant with SOX first and foremost. Failure to follow guidelines acceptable by SOX can result in fines and penalties that will impact their position with the SEC.
The company should consider second compliance driven by profits. In the context again of public companies, their responsibility is to investors and the well-being of all shareholders. For a public company,that means remaining profitably driven and reputable stable.
Overall there is a baseline of compliance given by SOX, HIPPA, FIPS, etc. Once those standards are met, the organization should continue to focus on its industry demands.
Xiaozhou Yu says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
I honestly have very limited experiences with SAP through MIS classes, but I found SAP is a powerful tool for ERP that means it has various functions and modules to support the functions within ERP system.
For me, view across the SAP functions is really complicated and time consuming, also if there are mistakes made in certain step, the following functions wont able to be processed.
I think SAP could provide training courses and specialized technical support at the beginning period of SAP implementation within the organization, when there will be most problems during that time.
Xiaozhou Yu says
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
There are many ERP providers in the market and all business organizations whether profit or non-profit need such service to support the operations and functions within the business.
From my point of view, I found most of small business today are seeking for efficient solution related to ERP. They are in a situation that hard to decide which product to use, since ERP support is originally designed for enterprise level of business, but I think today even small business are handling complicated business process using limited personnel and powerful technology.
The price is the major concern as well as the scale of the product might be to large for small business. I would like to have those major ERP providers design specialized service and ERP solutions for small business, since they are more experienced in this area and it is always easier to resize the big one to small one than expand small one bigger. Those providers will be able to have more small business customers, which have much greater number compared will enterprise level business.
Xiaozhou Yu says
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer?
An organization must have standards of conduct and internal controls reasonably capable of reducing the likelihood of criminal and other improper conduct. In addition to the code, an organization needs to have more specific policies and procedures to provide detailed guidance on the approach the organization wants employees to follow, or avoid, in its business relationships. These more detailed policies and procedures should address legal and regulatory risks relevant to the organization’s business.
There are many different types of compliance for example the HIPPA, Sarbanes-Oxley and IT compliance, organizations in different industry will have different focus on these compliances. There are compliances with industry standards, external client specifications and licensing, permits.
Different business will have different policies and code of conduct on certain area, for example a non-profit organization will care less about the financial area, but more about marketing.
Derrick A. Gyamfi says
Hana,
Thanks for sharing – I think it is also good to note that some organizations keep compliance data—all data belonging or pertaining to the enterprise or included in the law, which can be used for the purpose of implementing or validating compliance—in a separate store for meeting reporting requirements. Nevertheless, compliance frameworks (such as COBIT) or even standards (NIST) inform on how to comply with regulations.
Akiyah Baugh says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
As an SAP customer, I would expect the ERP system provider to listen to our needs, understand our business process and off us a product that is a good fit for our company. I would expect them to continue this partnership once we have spent the funds and are “all in”. I would expect them to offer training to my employees to ensure proper usage of the SAP system. I would expect them to stay up-to-date with technological and security updates.
Heiang Cheung says
Hi Akiyah,
I agree as a SAP customer you would expect them to provide and service the needs for the system like updates and patches because not only do you pay the initial upfront cost you actually get charged a recurring fee for them to provide those services.
Akiyah Baugh says
The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
I think SAP and other ERP system providers should offer products that are easy to use/intuitive.
As I mentioned in my response to question 1, I believe they should offer training to their clients.
Security controls to protect the company and their clients
Agile design – able to grow with the company’s needs
Cost/Competitve market/affordability
Easy to understand user interface
Akiyah Baugh says
What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this A answer
A company should put the most effort into risk assessment. It is important to know what your company’s risks are for many reasons such as security, fraud prevention, financial, etc. A company should also understand the cost associated with each risk to determine whether or not adding controls to mitigate the risk would be beneficial.
Nauman Shah says
I would expect them to provide a set of best practices that are specific to my industry and provide functional/technical consultants that can help with the implementation of controls for those best practices. I would also expect them to provide ongoing support for configuration related issues. They should also offer some initial training as part of their change management program.
Nauman Shah says
SAP is a top rated ERP in the market right now, but even with SAP the most common compliant is how unfriendly the user interface is. People have a hard time navigating the system and therefore ERP companies need to focus on making a more user friendly design. Companies should also build APIs that would enable the ERP to interface with existing systems at the client company.
Nauman Shah says
No control should be implemented without first performing a risk assessment and cost –benefit analysis to determine whether or not the cost of implementing the control is higher than the benefit derived from it. If the cost is higher than the benefit, management should document the level of risk, its exposure to it and figure out alternative ways of monitoring that risk.
Nauman Shah says
First and foremost, organizations should focus on the essentials, which is the absolute must have controls required for regulatory purposes such as SOX. Lack or improper functioning of these controls would cause incompliance and the business could be fined or even shut down. After the regulatory controls are implemented, businesses should implement continuous monitoring if they have the resources to do so.
Mengqiao Liu says
1. SAP is a world class ERP system provider. If you are an SAP customer – what would you expect them to provide to support your company’s internal controls?
Leading companies recognize the importance of practicing strong business ethics and that doing so still supports them to deliver a healthy margin. While integrity in business may have a short-term cost, the long-term value it brings can certainly be worth it. Increasingly, the value attributed to an organization will be based not just on the wealth it creates, but on how it goes about creating it.
2. The ERP systems market is very competitive. What should SAP and other ERP systems providers be focusing on to make their systems more competitive in the future?
Effective internal controls and compliance programs are a key component of an organization’s code of conduct and ethical framework. Auditors continue to raise the bar with increasingly tougher internal control examinations and, at the same time, pressure on compliance continues to build with constant regulatory change. Despite these drivers, when it comes to managing internal controls, many organizations still take a sophisticated, yet manual, approach. This is despite the recognition that significant operational effectiveness and efficiencies could be gained through a more automated and centralized control model.
3. What aspect of compliance should an organization put the most effort into ensuring their controls are adequate? What factors about an organization (it’s industry, profit / non-profit, international) would drive this answer
When internal controls exist without automation or workflow, they’re hugely dependent on people: people who need to remember to do something at the right time, people who may need to break from their day job and remember what procedure to follow, and people who need to document everything in the right way. Today, there are still a lot of manually operated controls that could easily be replaced by a “management by exception” rule through automation.
Mengqiao Liu says
Effective compliance requires organizational support, process control methodology, and content control. Create an explicit link between compliance, performance management, and value. To control compliance costs, look for commonality in compliance requirements, use an investment approach for budgeting, and take the complexity out of the system whenever possible.
Derrick A. Gyamfi says
If I was an SAP customer, I would expect them to provide my company with:
Increased visibility and efficiency – Streamline our process control operations by identifying, prioritizing, and focusing resources on key business processes and risks.
Streamlined business processes – Align internal controls and policies with business objectives and risks, monitor key business processes, and monitor high transaction volumes in real time.
Comprehensive control evaluations: Improve compliance and control processes by performing comprehensive control evaluations, managing the complete policy lifecycle, and streamlining issue management.
Improve compliance – Support compliance efforts across regulations including anti-bribery and corruption, financial compliance, IT controls, and industry-specific requirements.
Derrick A. Gyamfi says
I think ERP systems should place extra emphasis on the following to make their systems for competitive:
Customized solutions: Since the needs of every company are different, each gets a customized system. It considers operational and departmental needs. ERP systems are simple, flexible, and adaptable. That means it is easy for every employee to use it. It is flexible because there are different system modules for different departments. Focusing on this level of specificity and customization will be a competitive advantage for any provider.
Cost Efficiency: For the price of one, a company gets a system that operates in each department. It reduces the cost of labor by making sure everyone is working at the right time. This helps to reduce administration costs as well. Focusing on cutting the costs of the system but providing more services will provide a competitive advantage to any ERP system provider.
Derrick A. Gyamfi says
I think regulatory compliance should be the utmost concern for an organization. Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations.[1] Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls. Moreover, regulations and accrediting organizations vary among fields, with examples such as PCI-DSS and GLBA in the financial industry, FISMA for U.S. federal agencies, HACCP for the food and beverage industry, and the Joint Commissionand HIPAA in healthcare. s.