Objective :

ERP is a multi-function and highly integrated application that supports most of the critical operations within the company.  In using such an ERP application, while we can depend on some of the built-in checks and balances embedded in the system, the most important business control and appropriate use of the system lies in the working habit and disciplines of people who use it. This Policy is devised to help ensure such work disciplines are in place among all users as well as all IT staff.

Business Control :

IT responsibility:

Information Technology’s primary responsibility is to keep the ERP system running and usable to the user community, work with users/business analysts to research, detect, and debug problems when they occur, and to consult and work with users/business analysts in defining new requirements, design and implement the enhancement to support the business.

Owners and users of application :

Owner(s) and their responsibilities :

Owners of the application are responsible of setting the functional rules and guideline, and to ensure they are followed flawlessly in order to maintain the integrity of the ERP system, and to maintain the business control mechanism under the company policy and guideline.

Master data quality has long been the plaque of ERP systems. This was the result of lack of knowledge and discipline of users, ad hoc mentality to problem resolution, and a loose built-in system control . For example, we create multiple vendor master records for the same vendor with slight variation of the names, or addresses. This kind of practices cannot be detected or stopped by the built-in validation mechanism of ERP no matter how good the system is. It has to be the procedure and disciplines that management depend on to ensure our data quality.

Segregation of duties :

Under the Company policy and guidelines of Business Control, the segregation of duties is absolute critical to the integrity of business process and flow. Critical control points are devised to ensure visibility and prevent from fraud.

In ERP, IT’s role and function to this is, based on the rules we are given by the management responsible for Business Control, IT ensures that the application of access to ERP functions does not violate such rules.  This is controlled in the review and approval process of the user ID / function application.  Following are examples of some of the rules :

  • The person authorized to create vendor cannot also have access to the creation of purchase orders, or vice versa.
  • The person who can open orders cannot also be authorized to receive goods, or vice versa.