Risks in an ERP environment:

The use of ERP systems clearly introduces additional risks into the system environment. These additional risks include problems associated with:

Improper use of technology. Inability to control technology. Inability to translate user needs

into technical requirements. Illogical processing.

Inability to react quickly (to stop processing).

Cascading of errors. Repetition of errors. Incorrect entry of data. Concentration of data. Inability to substantiate

processing. Concentration of responsibilities.

Improper Use of Technology:

One of the more common misuses of technology is the introduction of new technology prior to the clear establishment of its need.

For example, many organizations introduce database technology without clearly establishing the need for that technology.

The conditions that lead to the improper use of technology include:

Premature user of new hardware technology.

Early user of new software technology.

Minimal planning for the installation of new hardware and software technology.

Systems analyst/programmer improperly skilled in the use of technology.

Inability to Control Technology:

Controls are needed over the technological environment. These controls ensure that the proper version of the proper program is in production at the right time, and that the operators perform the proper instructions.

Adequate procedures must be developed to prevent, detect, and correct problems in the operating environment. The proper data must be maintained and retrievable when needed.

The conditions that result in uncontrolled technology include:

Selection of vendor-offered system control capabilities by systems programmers without considering audit needs.

Inadequate restart/recovery procedures.

Inadequate control over different versions of programs.

Inadequate control over system operators, print capabilities, and data transmission capabilities.

Inadequate review of outputs.

Inability to Translate User Needs into Technical Requirements:One of the major failures of information technology has been a communication failure between users and technical personnel. In many organizations, users cannot adequately express their needs in terms that facilitate the implementation of ERP applications. And the technical people are often unable to appreciate the concerns and requirements of their users.

Conditions that can lead to the inability to translate user needs into technical requirements include:

Users without technical IT skills. Technical people without sufficient

understanding of user requirements. User’s inability to specify

requirements in sufficient detail. Multi-user systems with no user in

charge of the system.

Failure to implement needs because users were unaware of technical capabilities.

Improperly implemented needs because the technical personnel did not understand user requirements.

Building of redundant manual systems to compensate for weaknesses in ERP applications.

Illogical Processing: Illogical processing is the

performance of an automated event that would be highly unlikely in a manual processing environment.

for example, producing a payroll check for a clerical individual for over $1 million. This is possible in an automated system due to programming or hardware errors, but highly unlikely in a manual system.

Inability to React Quickly:ERP applications are valuable because they are able to satisfy user needs on a timely basis. Some of these needs are predetermined and reports are prepared on a regular basis to meet these needs. Other needs occur periodically and require special actions to satisfy.

If the ERP application is unable to satisfy these special needs on a timely basis, redundant systems may be built for that purpose.One of the measures of an ERP application’s success is the speed with which special requests can be satisfied. Some of the newer online database applications that include a query language can satisfy some requests within a very short time span.

The conditions that make ERP applications unable to react quickly include:

Computer time is unavailable to satisfy the request, or computer terminals/microcomputers are not readily accessible to users.

General-purpose extract programs are not available to satisfy the desired request.

The cost of processing exceeds the value of the information requested.

Cascading of Errors: An error in one part of the

program or application triggers a second yet unrelated error in another part of the application system. This second error may trigger a third error, and so on.

The cascading of error risk is frequently associated with making changes to application systems.

A change is made and tested in the program in which the change occurs. However, some condition has been altered as a result of the change, which causes an error to occur in another part of the application system.

Cascading of errors can occur between applications. This risk intensifies as applications become more integrated.

For example, a system that is accepting orders may be tied through a series of applications to a system that replenishes inventory based upon orders.Thus, an insignificant error in the order-entry program can “cascade” through a series of applications resulting in a very serious error in the inventory replenishment program.

The types of conditions that lead to cascading of errors include:

Inadequately tested applications.

Failure to communicate the type and date of changes being implemented.

Limited testing of program changes.

Repetition of Errors: In a manual processing

environment, errors are made individually. Thus, a person might process one item correctly, make an error on the next, process the next twenty correctly, and then make another error.

In ERP systems, the rules are applied consistently.

Thus, if the rules are correct, processing is always correct. But, if the rules are erroneous, processing will always be erroneous.

Errors can result from application programs, hardware failures, and failures in vendor-supplied software. For example, a wrong percentage may have been entered for tax deductions. Thus, every employee for that pay period will have the wrong amount deducted for tax purposes.

The conditions that cause repetition of errors include:

Insufficient program testing.

Inadequate checks on entry of master information.

Failure to monitor the results of processing.