Enterprise Resource Planning

Systems
 Learning Objectives
Understand the general functionality and key elements
of ERP systems.
Understand the various aspects of ERP configurations
including servers, databases, and the use of bolt-on
software.
Understand the purpose of data warehouses as a
strategic tool and recognize the issues related to the
design, maintenance, and operation of a data
warehouse.
Recognize the risks associated with ERP
implementation.
Be aware of key considerations related to ERP
implementation.
Understand the internal control and auditing
implications associated with ERPs.

2
Problems with Non-ERP Systems
In-house design limits connectivity outside the
company
Tendency toward separate ISs within firm
lack of integration limits communication within the
company
Strategic decision-making not supported
Long-term maintenance costs high
Limits ability to engage in process
reengineering
3
Traditional IS Model:
Closed Database Architecture
Similar in concept to flat-file approach
data remains the property of the application
fragmentation limits communications
Existence of numerous distinct and independent
databases
redundancy and anomaly problems
Paper-based
requires multiple entry of data
status of information unknown at key points
4
Traditional Information System

Figure 11-1

5
What is an ERP System?
Multi-module application software that
helps a company manage the important
parts of its business in an integrated
fashion.
Key features include:
smooth and seamless flow of information
across organizational boundaries
standardized environment with shared
database independent of applications and
integrated applications

6
ERP System

Suppliers
Customers

Figure 11-2
7
Two Main ERP Applications
Core applications
a.k.a. On-line Transaction Processing (OLTP)
transaction processing systems
support the day-to-day operational activities of
the business
support mission-critical tasks through simple
queries of operational databases
include sales and distribution, business
planning, production planning, shop floor
control, and logistics modules
8
Two Main ERP Applications
Business analysis applications
a.k.a. On-line Analytical Processing (OLAP)
decision support tool for management-critical
tasks through analytical investigation of
complex data associations
supplies management with real-time
information and facilitates timely decisions to
improve performance and achieve competitive
advantage
includes decision support, modeling,
information retrieval, ad-hoc reporting/analysis,
and what-if analysis
9
 OLAP
Supports management-critical tasks
through analytical investigation of complex
data associations captured in data
warehouses:
Consolidation is the aggregation or roll-up
of data.
Drill-down allows the user to see data in
selectively increasing levels of detail.
Slicing and Dicing enables the user to
examine data from different viewpoints to
uncover trends and patterns.

10
Major ERP Modules (SAP)

Sales and Distribution

Records customer orders
Shipping
Billing

Connections to
Materials management module
Financial accounting module
Controlling module

11
Major ERP Modules, Contd.

Materials Management

Acquisition and management of goods from

vendors
Purchase order preparation
Receiving
Recording invoice

Interacts with
Sales and distribution module
Financial accounting module
Controlling module

12
 Major ERP Modules, Contd.
Financial Accounting
Plays a central role in an ERP system and
incorporates data from other modules into general
ledger accounts and financial statements

Business events from other modules, such as SD

and MM, are incorporated by the FI module into the
general ledger accounts and included in the external
account statements, the balance sheet, profit and
loss statement, and statement of cash flows.

The FI module also includes accounts receivable and

accounts payable functions to record and manage
that data directly and to complete events begun in the
SD and MM modules.

13
Major ERP Modules, Contd.

Controlling and Profitability Analysis

Handles internal accounting including:
Cost center accounting
Profitability analysis for sales
Activity-based accounting
Budgeting

14
Processing Orders Requires Multiple
Tables

15
ERP System Configurations:
Client-Server Network Topology

Two-tier
common server handles both
application and database duties
used especially in LANs

16
 Two-Tier Client Server

First Tier User

Presentation
Layer

Application and
Second Tier Server Database Layer

Applications Database
Figure 11-3

17
ERP System Configurations:
Client-Server Network Topology

Three-tier
client links to the application server
which then initiates a second
connection to the database server
used especially in WANs
18
 Three-Tier Client Server

User
First Tier Presentation
Layer

Second Tier Applications Application

Layer

Third Tier Database Layer

Database
Figure 11-4

19
OLTP and OLAP Client Server

Figure 11-5 20
 ERP System Configurations:
Databases and Bolt-Ons
Database Configuration
selection of database tables in the thousands
setting the switches in the system
Bolt-on Software
third-party vendors provide specialized
functionality software
Supply Chain Management (SCM) links
vendors, carriers, logistics companies, and IS
providers
21
 What is a Data Warehouse?
A multi-dimensional database often using
hundreds of gigabytes or even terabytes of
memory
Data are extracted periodically from operational
databases or from public information services.
A database constructed for quick searching,
retrieval, ad-hoc queries, and ease of use
ERP systems can exist without data
warehouses.
However, most large ERP implementations include
separate operational and data warehouse databases.
Otherwise, management data analysis may result in
pulling system resources away from operational use.
Also, there are many sophisticated data-mining tools.
22
Data Warehouse Process
The five stages of the data
warehousing process:
1. modeling data for the data warehouse
2. extracting data from operational
databases
3. cleansing extracted data
4. transforming data into the warehouse
model
5. loading data into the data warehouse
database

23
Data Warehouse System

Figure 11-7

24
 Applications of Data Mining

Table 11-1

25
Risks Associated with ERP
Implementation
Pace of implementation
Big Bang--switch operations from legacy
systems to ERP in a single event
Phased-In--independent ERP units installed over
time, assimilated, and integrated
Opposition to change
user reluctance and inertia
need of upper management support

26
 Risks Associated with ERP
Implementation
Choosing the wrong ERP
goodness of fit: no one ERP product is best for all
industries
scalability: systems ability to grow
Choosing the wrong consultant
common to use a third-party (the Big Four)
thoroughly interview potential consultants
establish explicit expectations

27
Risks Associated with ERP
Implementation
High cost and cost overruns
common areas with high costs:
training
testing and integration
database conversion
Disruptions to operations
ERP implementations usually involve business
process reengineering (BPR)
expect major changes in business processes

28
Implications for Internal Control
and Auditing
Transaction authorization
Controls are needed to validate transactions
before they are accepted by other modules.
ERPs are more dependent on programmed
controls than on human intervention.
Segregation of duties
Manual processes that normally require
segregation of duties are often eliminated.
User role: predefined user roles limit a users
access to certain functions and data.

29
Implications for Internal Control
and Auditing
Supervision
Supervisors need to acquire a technical and
operational understanding of the new system.
Employee-empowered philosophy should not
eliminate supervision.
Accounting records
Corrupted data may be passed from external
sources and from legacy systems.
loss of paper audit trail

30
Implications for Internal Control
and Auditing
Access controls
critical concern with confidentiality of
information
Who should have access to what?
Access to data warehouse
Data warehouses often involve sharing
information with suppliers and customers.
31
Implications for Internal Control
and Auditing
Contingency planning
keeping a business going in case of disaster
key role of servers requires backup plans:
redundant servers or shared servers
Independent verification
traditional verifications are meaningless
need to shift from transaction level to overall
performance level
32
Examples of ERP Vendors

33
34
Electronic Commerce Systems
 Objectives
Be acquainted with the topologies that are employed
to achieve connectivity across the Internet.
Possess a conceptual appreciation of the protocols
and understand the specific purposes several Internet
protocols serve.
Understand the business benefits associated with
Internet commerce and be aware of several Internet
business models.
Be familiar with risks associated with intranet and
Internet electronic commerce.
Understand issues of security, assurance, and trust
pertaining to electronic commerce.
Be familiar with electronic commerce implications for
the accounting profession.
36
What is E-Commerce?
The electronic processing and transmission
of business data
electronic buying and selling of goods and
services
on-line delivery of digital products
electronic funds transfer (EFT)
electronic trading of stocks
direct consumer marketing
electronic data interchange (EDI)
the Internet revolution
37
Internet Technologies
Packet switching
messages are divided into small packets
each packet of the message takes a different routes
Virtual private network (VPN)
a private network within a public network
Extranets
a password controlled network for private users
World Wide Web
an Internet facility that links users locally and globally
Internet addresses
e-mail address
URL address
IP address
38
 Protocol Functions
facilitate the physical connection between
the network devices.
synchronize the transfer of data between
physical devices.
provide a basis for error checking and
measuring network performance.
promote compatibility among network
devices.
promote network designs that are flexible,
expandable, and cost-effective.
39
 Internet Protocols
Transfer Control Protocol/Internet Protocol
(TCP/IP) - controls how individual packets of
data are formatted, transmitted, and received
Hypertext Transfer Protocol (HTTP) - controls
web browsers
File Transfer Protocol (FTP) - used to transfer
files across the internet
Simple Network Mail Protocol (SNMP) - e-
mail
Secure Sockets Layer (SSL) and Secure
Electronic Transmission (SET) - encryption
schemes
40
Open System Interface (OSI)
The International Standards
Organization developed a layered set
of protocols called OSI.
The purpose of OSI is to provide
standards by which the products of
different manufacturers can interface
with one another in a seamless
interconnection at the user level.
41
 The OSI Protocol
NODE 1 NODE 2

Data Layer 7 Application Layer 7 Application

Manipulation Layer 6 Presentation Layer 6 Presentation
Tasks
Layer 5 Session Layer 5 Session
Layer 4 Transport Layer 4 Transport
Data
Communications Layer 3 Network Layer 3 Network
Tasks
Layer 2 Data Link HARD- Layer 2 Data Link HARD-
HARD
WARE
WARE WARE
Layer 1 Physical Layer 1 Physical

Communications Channel

42
 Benefits of E-Commerce
Access to a worldwide customer and/or
supplier base
Reductions in inventory investment and
carrying costs
Rapid creation of business partnerships to fill
emerging market niches
Reductions in retail prices through lower
marketing costs
Reductions in procurement costs
Better customer service

43
The Internet Business Model
Information level
using the Internet to display and make accessible
information about the company, its products,
services, and business policies
Transaction level
using the Internet to accept orders from
customers and/or to place them with their
suppliers
Distribution level
using the Internet to sell and deliver digital
products to customers
44
Dynamic Virtual Organization

Perhaps the greatest

potential benefit to
be derived from
e-commerce is the
firms ability to forge
dynamic business
alliances with other
organizations to fill
unique market
niches as the
opportunities arise.

45
Areas of General Concern
Data Security: are stored and
transmitted data adequately protected?
Business Policies: are policies publicly
stated and consistently followed?
Privacy: how confidential are customer
and trading partner data?
Business Process Integrity: how
accurately, completely, and consistently
does the company process its
transactions?
46
 Intranet Risks
Intercepting network messages
sniffing: interception of user IDs, passwords,
confidential e-mails, and financial data files
Accessing corporate databases
connections to central databases increase the risk
that data will be accessible by employees
Privileged employees
override privileges may allow unauthorized access
to mission-critical data
Reluctance to prosecute
fear of negative publicity leads to such reluctance
but encourages criminal behavior
47
Internet Risks to Consumers

How serious is the risk?

National Consumer League: Internet fraud rose by
600% between 1997 and 1998
SEC: e-mail complaints alleging fraud rose from
12 per day in 1997 to 200-300 per day in 1999
Major areas of concern:
Theft of credit card numbers
Theft of passwords
Consumer privacy--cookies

48
Internet Risks to Businesses
IP spoofing: masquerading to gain access to
a Web server and/or to perpetrate an
unlawful act without revealing ones identity
Denial of service (DOS) attacks: assaulting a
Web server to prevent it from servicing users
particularly devastating to business entities that
cannot receive and process business transactions
Other malicious programs: viruses, worms,
logic bombs, and Trojan horses pose a threat
to both Internet and Intranet users

49
 SYN Flood DOS Attack

Sender Receiver

Step 1: SYN messages

Step 2: SYN/ACK

Step 3: ACK packet code

In a DOS Attack, the sender sends hundreds of messages, receives the

SYN/ACK packet, but does not response with an ACK packet. This
leaves the receiver with clogged transmission ports, and legitimate
messages cannot be received.
50
Three Common Types of DOS Attacks
SYN Flood when the three-way handshake
needed to establish an Internet connection occurs,
the final acknowledgement is not sent by the DOS
attacker, thereby tying-up the receiving server while it
waits.
Smurf the DOS attacker uses numerous
intermediary computer to flood the target computer
with test messages, pings.
Distributed DOS (DDOS) can take the form of
Smurf or SYN attacks, but distinguished by the vast
number of zombie computers hi-jacked to launch
the attacks.
51
SMURF Attack

Figure 12-3

52
Distributed Denial of Service Attack

Figure 12-4

53
 E-Commerce Security:
Data Encryption
Encryption - A computer program
transforms a clear message into a coded
(ciphertext) form using an algorithm.

54
 Public Key Encryption

Figure 12-5

55
 E-Commerce Security:
Digital Authentication
Digital signature: electronic authentication
technique that ensures that the transmitted
message originated with the authorized sender
and that it was not tampered with after the
signature was applied
Digital certificate: like an electronic
identification card that is used in conjunction
with a public key encryption system to verify
the authenticity of the message sender

56
E-Commerce Security: Firewalls
Firewalls: software and hardware that
provide security by channeling all network
connections through a control gateway
Network level firewalls
low cost/low security access control
uses a screening router to its destination
does not explicitly authenticate outside users
penetrate the system using an IP spoofing technique
Application level firewalls
high level/high cost customizable network security
allows routine services and e-mail to pass through
performs sophisticated functions such as logging or
user authentication for specific tasks 57
 Seals of Assurance
Trusted third-party organizations offer seals
of assurance that businesses can display on
their Web site home pages:
BBB
TRUSTe
Veri-Sign, Inc
ICSA
AICPA/CICA WebTrust
AICPA/CICA SysTrust

58
 Implications for Accounting
Privacy violation
major issues:
a stated privacy policy
consistent application of stated privacy policies
what information is the company capturing
sharing or selling of information
ability of individuals and businesses to verify
and update information captured about them
1995 Safe Harbor Agreement
establishes standards for information transmittal
between US and European companies
59
Implications for Accounting

Continuous auditing
auditors review transactions at frequent
intervals or as they occur
intelligent control agents: heuristics that
search electronic transactions for anomalies
Electronic audit trails
electronic transactions generated without
human intervention
no paper audit trail
60
 Implications for Accounting
Confidentiality of data
open system designs allow mission-critical
information to be at the risk to intruders
Authentication
in e-commerce systems, determining the
identity of the customer is not a simple task
Nonrepudiation
repudiation can lead to uncollected revenues or
legal action
use digital signatures and digital certificates
61
Implications for Accounting

Data integrity
determine whether data has been intercepted
and altered
Access controls
prevent unauthorized access to data
Changing legal environment
provide client with estimate of legal exposure

62
 Appendix

Intra-Organizational
Electronic Commerce

63
 Local Area Networks (LAN)
A federation of computers located close
together (on the same floor or in the same
building) linked together to share data and
hardware
The physical connection of workstations to the
LAN is achieved through a network interface
card (NIC) which fits into a PCs expansion slot
and contains the circuitry necessary for inter-node
communications.
A server is used to store the network operating
system, application programs, and data to be
shared.
64
LAN Files

File Server

Node
Node
LAN

Node Printer Server

Printer
Node
65
Wide Area Network (WAN)
A WAN is a network that is dispersed over a
wider geographic area than a LAN. It
typically requires the use of:
gateways to connect different types of
LANs
bridges to connect same-type LANs
WANs may use common carrier facilities,
such as telephone lines, or they may use a
Value Added Network (VAN).

66
 WAN
Bridge

LAN
LAN

Gateway
Gateway

LAN

WAN

67
Star Topology
A network of IPUs with a large central
computer (the host)
The host computer has direct connections
to smaller computers, typically desktop or
laptop PCs.
This topology is popular for mainframe
computing.
All communications must go through the
host computer, except for local computing.
68
 Star Network
Topeka St. Louis

Local Data Local Data

Kansas
City Central Data

POS

POS

Dallas
Tulsa
Local Data

POS

Local Data
POS
POS
69
 Hierarchical Topology
A host computer is connected to several
levels of subordinate smaller computers in
a master-slave relationship.
Corporate Production
Level Planning System

Production
Regional Scheduling
Regional
Level System Sales System

Sales Sales Sales

Warehouse Warehouse Production Production Local Processing Processing
Processing
System System System System Level System System
System

70
 Ring Topology
This configuration eliminates the central
site. All nodes in this configuration are
of equal status (peers).
Responsibility for managing
communications is distributed among
the nodes.
Common resources that are shared by
all nodes can be centralized and
managed by a file server that is also a
node.
71
Ring Topology

Figure 12-10

72
Bus Topology
The nodes are all connected to a
common cable - the bus.
Communications and file transfers
between workstations are controlled by
a server.
It is generally less costly to install than a
ring topology.

73
Bus Topology

Figure 12-11

74
Client-Server Topology
This configuration distributes the
processing between the users (clients)
computer and the central file server.
Both types of computers are part of the
network, but each is assigned functions
that it best performs.
This approach reduces data
communications traffic, thus reducing
queues and increasing response time.
75
Client-Server Topology

Figure 12-12

76
Network Control Objectives

establish a communications session

between the sender and the receiver
manage the flow of data across the network
detect errors in data caused by line failure or
signal degeneration
detect and resolve data collisions between
competing nodes

77
 Polling Method
of Controlling Data Collisions

Figure 12-13

78
Token-Passing Approach to Controlling Data Collision

Figure 12-14

79
 Carrier Sensing
A random access technique that detects
collisions when they occur
This technique is widely used--found on Ethernets.
The node wishing to transmit listens to the line to
determine if in use. If it is, it waits a pre-specified
time to transmit.
Collisions occur when nodes listen, hear no
transmissions, and then simultaneously transmit.
Data collides and the nodes are instructed to hang
up and try again.
Disadvantage: The line may not be used optimally
when multiple nodes are trying to transmit
simultaneously.
80
 What is Electronic Data
Interchange (EDI)?
The exchange of business
transaction information:
between companies
in a standard format (ANSI X.12 or
EDIFACT)
via a computerized information system
In pure EDI systems, human
involvements is not necessary to
approve transactions. 81
Communications Links

Companies may have internal EDI

translation/communication software and
hardware.
OR
They may subscribe to VANs to perform
this function without having to invest in
personnel, software, and hardware.

82
Overview of EDI

Figure 12-15

83
Advantages of EDI

Reduction or elimination of data entry

Reduction of errors
Reduction of paper
Reduction of paper processing and
postage
Reduction of inventories (via JIT
systems)
84