ERP Audit: a tool for SCM individuals to be the “key” on protecting the information

This time, this post is something different. This is about productivity … but not SCM productivity. This is something that you (SCM expert) can help about. Lets begin.

You SCM expert know how information flows through the companies. You could even define what is the critical information for a company and which one is not. Thus, you (as SCM expert) are a key individual on helping companies on protecting their information: you can know information flows in the company.

The goal here is that you (SCM expert) could provide expertise on helping companies to protect their information. Keep note, I am not taking about protecting their systems but their information. Thus, we are talking here on providing guidance on setting up procedures to protect the “Information”. Then, IT (technical) people can take the procedures you (SCM) defined and setup the right technical tools to protect the systems. But, is this protection on their information something you should have only in mind after ERP is deployed? No, selling and implementing an ERP like Microsoft Dynamics NAV is something different than selling and implementing another software (Vista, Exchange, …).

It requires that ERP is align with company business goals. Without the proper skills about what business does (SCM skills), the implementation of an ERP fails (then customers blames the implementation team and them to the ERP vendor … ). Thus, this protection should start during the point in time when the ERP is even considered to be implemented. For instance, lets focus on the ERP implementation. There are quite a number of situations where companies failed implementation: company does not have the Culture to adopt an ERP, high management levels were not compromised on finding resources and defining corporate goals to achieve, Project leader does not have the skills, key users were not identified, requirements are not properly documented, there is no such a methodology to implement the ERP, there is no analysis on support incidents reported, security requirements were not properly defined … There could be tons of reasons.

Another example, before implementation there should be a phase to analyze if ERP is the right tool. This phase is called ERP Adoption. If you are an SCM individual, you should be going through these questions:
– Did the management levels define the business goals to implement the ERP? Do we know why company needs this ERP?
– Does not company have the necessary “corporate culture” to implement an ERP?
– What is the communication in the company about this ERP implementation?
– Has been a Project Leader identified? Does this Project leader have the right experience and reputation in the organization?
– What is the hierarchy structure in the organization?
– What is the IT role in the ERP implementation?
And, the role of the Business departments:
– How the organization has defined their processes with policies, procedures and standards?
– Who else but the SCM individual can better determine if ERP and business are aligned?
– Who knows better than SCM how should business be done efficiently and effective?

Not having the above in mind could lead to not having available the information that company needs or to a "leakage" on the information protection since the critical information has not been properly defined …  And now, what would be my proposal to you as SCM individual: minimize the risk by using your expertise on the "company’s information.

If you are having this in mind, you are in the right direction: you identified the information, you know what is the critical information and you are on the way to manage the risks.

To emphasize, SCM expert: you are key on protecting the "information flow" just because you can visualize it. Do not let people think IT is the key. Use this tool: ERP audit and make sure you also use your SCM skills to determine and help on how effective and efficient is the ERP.