As discussed several of the questions on Exam 2 relate to this real-world like small business case. You are encouraged to pre-read, print, etc. this case prior to the Exam.
Exam 2: Take November 13
The second exam of the semester will be conducted by Blackboard at the beginning of class next week (Monday November 13).
Some specifics:
- Questions mainly focus on course content (on-line and from class) from Weeks 7 – 10. Note topics listed on any ‘Overview’ or ‘Review’ slides.
- Some questions from prior material (see Review slides from Week 7) may also be included on the exam.
- Maximum amount of time to complete the exam is 60 minutes
- Exam is approximately 25 questions (variety of formats i.e. Fill in blank, multiple choice
- Some of the questions relate to a real-world like small business case (to be published Thursday). You are invited to pre-read, print, etc. prior to the exam.
Week 10: Data, SOD/SAT Review Wrap-up
Continuing great job on the discussions. Keep up the good work. You raised most of the important points but let me summarize my view.
Q1: How to assure master data integration works well for all? This is hard with ERP systems because master data is used so extensively across so many transactions, processes, etc. Company needs to have a good plan, lots of well defined processes and controls. It’s important that there is a broad understanding of master data and appreciation for good data. This comes only with good training and strong management focus.
Q2: Who should play the key role in defining and assuring quality of master data? All processes who use the data, not just the main users need a say in what the master data is (definitions, processes, etc.). Because of the high degree of integration across business processes in ERP systems those in charge of master data need integration/ broad perspectives. Accounting / finance is one critical voice but in my experience not the best to be in charge. A strong financial focus can be just as bad as another groups focus (e.g. sales, supply chain, etc.)
My experience is there needs to be a defined master data coordinator (data steward is term many of you used – great term). Great, cooperative master data coordinators and new Master Data Management (MDM) software are becoming a must for strong ERP system users.
Q3: What is riskier: inaccurate data or excessively repetitive data? Both are bad. You all gave some great examples. I agree that inaccurate data causing problems is more common than repetitive, but be aware of both.
Q4: Which transaction is most ‘Sensitive’? Many, many transactions are sensitive – no correct answer. The rule of thumb I used is that any transaction that creates master data or creates or can lead to creation of a financial transaction is sensitive. Note that many systems and configuration transactions are sensitive and need to be locked down in production.
A good ERP systems runs on good master data.
This coming week we will look change management and development aspects of ERP systems.
Extra Credit Assignment
Background
Context is Global Bike Inc. (GBI) that we’ve used in all other course assignments.
You are an auditor in GBI’s internal auditing team. As a result of your work at GBI you’ve uncovered a significant risk in one of GBI’s business processes. You’ve made this risk known to your manager who requested that you investigate what potential changes / controls should be put in place to address the risk.
Assignment
You have the opportunity to address the audit committee of the board to discuss the risk you’ve uncovered in your work and recommended changes / controls. Unfortunately, the agenda is packed and you only have 5 minutes to make your presentation.
Deliverables
- Brief (1 slide?) Powerpoint slide(s)
- Brief script of what you plan to say to the audit committee
Grade
Treat like a ½ credit Assignment Exercise. Full credit can yield extra 4 points in final grade (e.g. raise a grade of 90 to an 94)
Grading Rubric
- Substantive content related to class content 2
- Concise, clear message appropriate for audience 1
- Convincing argument, message 1
Due Send deliverables to professor by Tuesday December 12. Wednesday December 13.
Exam 2: Coming up November 11 – 13
A reminder that the second exam of the semester will be conducted by Blackboard and must be completed between Friday November 11 and Sunday November 13 (midnight).
Some specifics:
- Questions mainly focus on course content (on-line and from class) from Weeks 7 – 10. Note topics listed on any ‘Overview’ or ‘Review’ slides.
- Some questions from prior material (see Review slides from Week 7) may also be included on the exam.
- Test will be conducted via Blackboard – you must complete between Friday November 11 and Sunday November 13 (midnight).
- Maximum amount of time to complete the exam is 40 minutes
- Exam will be approximately 25 questions (variety of formats i.e. Fill in blank, multiple choice)
- Some of the questions relate to a real-world like small business case. I’ll publish case which you can pre-read, print, etc. Tuesday prior to the exam.
Exercise 4 (SOD) Due November 11
Reminder: Exercise 4 – Segregation of Duties is now due (via e-mail) on Saturday November 11 at 11:59 pm.
UpdatedGuide (Updated with additional SAP screen shots November 6 @ 7:30 pm)
Week 9: Security: User Management, Segregation of Duties (SOD) Wrap-up
Continuing great job on the discussions – I enjoy your thoughtfulness and depth in answering. I trust the questions help you explore and understand topics being discussed in a given week.
You raised most of the important points but let me summarize my view.
Q1: What is segregation of duties (SOD) and why is it a commonly used control? – We discussed this topic in class. Great examples of IT roles that should be segregated (e.g. development from DBA, development and security, development and move code, developers not in production system, development from audits). We’ll discuss controls related to development more thoroughly in future classes.
Q2: Security in an ERP system (e.g. SAP) is complex. What is the most fuzzy, difficult to understand component? You nailed the core issue – ERP systems are large and complex. Therefore the security is also large and complex – especially when there are complex requirements (many people needing broad access).
Q3: What are Key competencies of person responsible for security? I like the terms you chose. Specifically: Skepticism and curiosity
Functional Knowledge – critical to effectively make decisions
Decision making – to which I would add good judgement.
Data analytic – I call this basic smarts. Security is highly complex and requires strong cognitive skills.
Q4: Companies are dynamic entities. Best practices for managing system users and their security access? You provide many great ideas including: Password policies and procedures, documenting change (more on this in a couple weeks), periodic user access reviews, least privilege access, proper management approvals, etc. Bottom line is that security although sometimes viewed as a backroom IT task requires strong processes to be done well.
Exercise 3: Possible ‘Missing CO Object’ Error
When performing Task 4 (Enter Journal Entry Transactions into the General Ledger) and the use of transaction FB50 you many find that one or more General Ledger accounts require the entry of a Cost Center (CO) value. You get and error such as ‘Account xxxxxxx requires the assignment of a CO object’.
This is an additional financial control.
This short guide shows how to address this issue.
Real World Control Failure: Post your Presentation
Your options for posting your Real World Control Failure presentations are:
- Post as a comment to this post. This requires you to embed a URL to where your presentation is stored (e.g. on OneDrive or Google Drive).
- Post as a new blog post. You can upload your presentation as media when creating the blog post. Make sure to select the ‘Real World Control Failure Presentations’ category.
- Edit this post or send me your presentation and I’ll include in the list below.
| Date | Student | Subject / Link |
| October 16 | Candace Nelson | Salvation Army |
| October 23 | Lezlie Jiles | USIS Separateblog post |
| October 30 | Andres Galarza | Ukrainian Artillery App |
| October 30 | Parneet Toor | UBS Rogue Trading Scandal |
| November 6 | Khawlah AlSwaillem | Marrone Bio Innovations |
| November 12 | Kevin Berg | Leone Industries |
| November 13 | Xiaomin Dong | PTC Inc. China |
| November 13 | Yijiang Li | Yahoo |
| November 27 | Qiyu Chen | Google Mail Hack |
| November 30 | Mengting Li | Target |
| December 1 | Binju Gaire | Advanced Emissions Solutions |
| December 4 | Jing Jiang J | Satyam Computer Services |
| Michelangelo Collura | Lehman Brothers |
Exercise 3 – Due Date Changed to Saturday October 28
I have changed the due date for Exercise 3 (Journal Entries) from Thursday until Saturday October 28 at the end of the day.
Note: this is a group exercise. Only one submission file (spreadsheet) is due from each team.