Unit VI ERP : Related Technologies & Security

• Business Process Reengineering,

• Business Intelligence and Analytics,
• Product LifeCycle Mgmt(PLM),
• Geographic Information systems(GIS),
• ERP and SCM, CRM, OLAP,
• Security Systems for ERP,
ERP and related technologies
• To overcome limitations in ERP various technologies are used with ERP package
Technologies used :
• BPR
• BI : board, Sisense, Dundas BI,Tableau Big Analytics
• BA : Descriptive Analytics(Jreport),
• Data Warehousing : Amazon Red shift, Panoply, Bigquery, blendo ,teradata
• Data Mining: rapid miner, orange, Dundas, H3O
• OLAP : micro strategy, Ibm cognos
• SCM :Watson supply chain, E2 open, Epicor SCM
• PLM : Arena, Upchain, Windchill
• CRM : Hubspot CRM, Zoho CRM, Onpipeline
• GIS : Quantum GIS, Grass GIS, SAGA GIS
• Intranet and Extranet
BPR : Introduction

• BPR involves dramatic changes

• There’s change in organizational structures, management systems, job
descriptions, performance measurements, skill development, training and
use of IT.
• BPR has impact on every aspect
• Changes cause total success or complete breakdown and failure.
BPR at Nike
• Nike is a sportswear leading company which was using 27 applications world wide for its supply
chain management. Nike was going to implement ERP with the objectives:
• Implement new enterprise system build by them
• Increase design manufacturing
• Increase company margin
• Cut the shipping time
• Reduce stock in inventory
PROBLEMS : Inaccurate order shipping
• Unbalanced production and demanding
• Too much stock inventory
• Decreased revenue
• Demand cannot be completed
•     Business Process will be restructured if the organization decided to do BPR
BPR case
• Air Bn B : The three main functions which contributed to the Airbnb product development
process — designers, engineers, and researchers — worked in silos, only jumping into the
process at defined times. 
• Those defined times weren’t serving the end goal of delivering a great product on time.  
• Designers had to wait on engineers to write code before a mock-up could be visualized on
screen.
• In turn, engineers had to wait on researchers to validate product ideas, only to find at the very
end that project assumptions were off-base. 
• as a process failure. 
Solution : Treat Geographically Dispersed Resources as Though They Were
Centralized, Organize around outcomes, not tasks,Link parallel activities
 BPR : Introduction(contd)

Successful BPR results in :

• Dramatic performance improvements
• Increase in profits,
• Better business practices
• Enormous cost reductions,
• Dramatic improvement in productivity
• Create substantial improvements in quality
• Improvement in customer service
• Employee satisfaction
BPR : Introduction(contd)
• Evaluation:Dr.Michael Hammer, James Champy,
Thomas Davenport created the concept of BPR
• Hammer gathered information about organizations
surviving in their industries and observed the
companies that had succeeded changing their
processes had used similar set of tools and tactics.
They called this set as Business Reengineering
• Thomas Davenport also carried research and
examined redesigning processes. He collected
information on methods and practices leading to
successful implementation which he called Process
Innovation
 BPR : Introduction(contd)

• Both the approaches address the concept of

redesigning the way businesses perform strategic
processes.
• Both share a number of core activities.
• To describe these efforts the term BPR was adopted
• Many organizations have acquired experience in
performing BPR
• Experts still are not in agreement on every activity
necessary for performing BPR.
• The core activities still are stable
BPR Principles
• Several jobs are combined into one
• Workers make decisions
• Steps are performed in natural order
• Processes have multiple versions
• Work is performed where it makes most sense
• Checks and controls are reduced
• Case manager is single point of contact
• Hybrid centralized/decentralized operations
BPR Impact

• Change in Work Units(functional department to process teams)

• Change in jobs(Simple to multi-dimensional)
• Change in people’s roles(controlled to enpowered)
• Change in job preparation(training to education)
• Change in focus of performance measures(Bonus)
• Change in advancement criteria(performance to ability)
• Change in values
• Change in manager’s role(supervisor to coach)
• Change in role of executives(scorekeepers to leaders)
• Change in organisation structure
 BPR : Different Phases

• Begin Organizational Change

• Building the Reengineering Organization
• Identifying BPR Opportunities
• Understanding the Existing Process
• Reengineering the Process
• Blueprint the New Business System
• Perform the transformation
 BPR : Different Phases
Phase 1 : Begin Organizational Change
• Assess the current state of organisation
• Explain the need for change
• Illustrate the desired state
• Takes a look at how organizations operate. Focus is
analysis of operating procedures and results
generated by them
Aspects of the business that need to be evaluated are :
• How things are done currently
• What changes may be occuring
• What new circumstances exist in the business
environment
BPR : Different Phases
Phase 1 : Begin Organizational Change
Main Activities are :
• Assess the current state of the organisation
• Explain the need for change
• Illustrate the desired change
• Create a communications campaign for change
Work on how the organisation operates focussing on
the operating procedures and results generated by
them. This helps to determine if dramatic changes are
possible with BPR
BPR : Different Phases(contd)
Phase 1 : Begin Organizational Change
Aspects of business that is evaluated are :
• Currently how things are done
• What changes may be occuring
• New circumstances in the business environment
Next step is look at harmful operating procedures
which have or may cause irreparable damage to the
company’s business goal and functioning. Check if
organisation is able to meet needs of market.
BPR : Different Phases(contd)

Phase 1 : Begin Organizational Change

• Consequences should be understood and well
identified. It can be loss of jobs, closing few
operations.
• Proper future direction should be decided
• If changes are desired, organisation needs to turn to
people
• Business plans and strategies guide the people
• Everyone needs to communicated about the need to
change
•
BPR : Different Phases(contd)
Phase 2 : Build the reegineered Organization
Major activities are :
• Establish a BPR organisation structure(Infrastucture
establishment)
• Establish the roles for performing BPR
• Choose the personnel who will reengineer
Decide who are the people enlisted to reengineer the
business, what are their responsibilities, who will they
report to, What happens to the normal business when
BPR is going on
BPR : Different Phases(contd)
Phase 2 : Build the reegineered Organization
Members of reengineering team :
• Executive leader: High level executive who has
authority to make people listen and the motivational
power to make people follow.
• Process owner: Responsible for a specific process
and reengineering efforts focussed on it. There is a
process owner for each process being reengineered.
Executive leader appoints a process owner
BPR : Different Phases(contd)

Phase 2 : Build the reegineered Organization

Members of reengineering team :
• Team dedicated to the reengineering of a specific
process should be made up of insiders
• These people are aware of strengths and
weaknesses, along with outsiders who give ideas for
redesign. Team should be small, they investigate the
existing process and oversee redesign and
implementation.
BPR : Different Phases(contd)
Phase 2 : Build the reegineered Organization
Members of reengineering team :
• Steering Committee: Control chaos and monitor
progress
• Reengineering specialist/ consultant: Assist the team
by providing tools, techniques and methods to help
them with their reengineering tasks
BPR : Different Phases(contd)
Phase 3: Identify BPR opportunities
• Identify high level processes(divide organisation into
high level process rather than vertical business areas)
• Recognise potential change-enablers
• Gather performance metrics within the industry
• Select processes that should be reengineered
• Prioritize selected processes
• Evaluate pre-existing business strategies
• Consult with customers to know their desires
BPR : Different Phases(contd)
Phase 3: Identify BPR opportunities
• Determine customer’s actual needs
• Formulate new process performance objectives
• Establish key process characteristics
• Identify potential barriers to implementation
Seeing the company from customers point of view can
help identify the high level processes.
BPR : Different Phases(contd)
• Phase 3: Identify BPR opportunities
Helpful to think about change levers that may bring
dramatic changes in organisation processes.
• Change levers may be use of information, use of IT
and human factors
Common questions asked are :
• What new information is available and easily
accessible to organisation?
• What new technologies have recently been introduced
or are on the horizon, that can change how
businesses and customers interact?
• New ways of structuring?
BPR : Different Phases(contd)

Phase 3: Identify BPR opportunities

• Modification in one of these areas information, IT and
people needs changes in other areas once major
processes are reengineered.
• Compare performance of high level processes with
competitors
Criteria used :
• Dysfunction(processes most ineffective)
• Importance(processes have greatest impact on
customers)
• Feasibility(processes at the moment susceptible to
accomplish redesign
BPR : Different Phases(contd)

Phase 3: Identify BPR opportunities

• Pick process of high success potential.
• Assess business strategy
• New process strategy defined
• Process goals and objectives can be determined
BPR : Different Phases(contd)
Phase 4: Understand the Existing process
• Understand why current steps are being performed
• Model the current process
• Understand how technology is currently used
• Understand how information is currently used
• Understand the current organisational structure
• Compare current processes with new objectives
BPR : Different Phases(contd)
Phase 4: Understand the Existing process
• Understand why a current process is done the way it
is done
• Understand is key word
• Not scrutinize every detail
• Process objectives clearly defined
• Modelling current process Helps plan migration of old
process to new one
BPR : Different Phases(contd)

Phase 4: Understand the Existing process

• Understanding how and why the current processes
use information is also important.
Answering questions will be helpful :
• Do staff members have access to essential
information
• Why is technology used to support some tasks and
not others
• How effective are the current interfaces
BPR : Different Phases(contd)
Phase 4: Understand the Existing process
• Are some processes wasting time and effort by
creating duplicate information when information can
be shared across organisational boundaries
• Are they easy to use
• What way the existing process take advantage of
technology
BPR : Different Phases(contd)

Phase 5 : Reengineer the Process

• Ensure the diversity of the reengineering team
• Question current operating assumptions
• Brainstorm using change levers
• Brainstorm using BPR principles
• Evaluate the impact of new technologies
• Consider perspectives of stakeholders
• Use customer value as focal point
BPR : Different Phases(contd)
Phase 5 : Reengineer the Process
• Actual reengineering begins
• From strategy, analysis we move to redesign phase
• Team now involved should be well versed in
technology i.e. designers and implementers
• Future owners are critical components
• Outside perspective is equally important. They raise
questions about operating assumptions that may not
be obvious to insider.
• Technologist will provide an insight how to apply in
innovative ways
BPR : Different Phases(contd)

Phase 5 : Reengineer the Process

• Operating assumptions can be questioned
• At times operating assumptions can be thrown out and
new one can be developed
• Brainstorming session is conducted to create new
ideas.
• According to Hammer brainstorming is successful
when BPR principles are considered. During this new
technologies can be considered and their impact is
evaluated.
BPR : Different Phases(contd)

Phase 5 : Reengineer the Process

Technologies considered enablers of reengineering are:

• ERP systems
• Internet technologies
• Distributed computing platforms
• Client/Server architectures
• Workflow automation technologies
• Groupware
BPR : Different Phases(contd)
Phase 5 : Reengineer the Process
• Team searches new information as well as new ways
to use existing information.
• Organisation can collect data not collected before
• Brings new knowledge into process to help decision
making
• Sharing data across organisation eliminate
redundancies
BPR : Different Phases(contd)

• Require evaluation of organisation model and management strategy

• Workgroup will not be traditional hierarchical management
• Workgroup needs new measurement systems and reward values and
belief systems
BPR : Different Phases(contd)

• Consider all process stakeholders in the redesign of a

process.
• Include people(stakeholders) whose actions are
impacted by organisation’s action and whose action
impacted the organization
• Include both those who are internal to the process and
those who are external to the process.
• External stakeholders may not be concerned with how
a process is performed but with the output.
5 Stage BPR model
• Build an overview of the process flow. ...
• Create the process flow detail. ...
• Write the operating procedure. ...
• Develop a detailed work instruction. ...
• Have a Plan for Continuous Process Improvement.
Data Warehousing

Inmon defines the data warehouse in the following terms:

• Subject-oriented: The data in the data warehouse is organised so that all
the data elements relating to the same real-world event or object are linked
together.
• Time-variant: The changes to the data in the database are tracked and
recorded so that reports can be produced showing changes over time.
• Non-volatile: Data in the data warehouse is never overwritten or deleted.
Once committed, the data is static, read-only and retained for future
reporting.
• Integrated: The database contains data from most or all of an organisation’s
operational applications, and that this data is made consistent.
Data Warehousing

• Kimball defines data warehouse as “a copy of transaction data specifically

structured for query and analysis”.
• Kimball’s data warehousing architecture is also known as data warehouse
bus (BUS). Dimensional modelling focuses on ease of end-user
accessibility and provides a high level of performance to the data
warehouse.
Security Systems for ERP

Security is based on following criteria:

• Confidentiality
• Integrity
• Availability
• Accessibility
• Traceability
• Network Security
Technological Advancements

• Broader use of web enabled systems

• AI driven systems
• ERP presence more in mid range manufacturing
• More modular system (best of breed concept)
• More third party applications (bolt on)
 Bolt on

• The term “bolt-on” is similar to the term “plug-and-play” that is used

to describe pieces of software that are easily integrated into other
larger systems.
• Some might also call these “add-ons.”
• Bolt-on solutions for ERP are modules that work side-by-side with the
core ERP system and provide supplementary functionality.
• Typical bolt-on features include customer relationship management,
product lifecycle management, resource planning, supply chain
optimization and more.
 Middleware

• External applications accessed through APIs

• Bind Applications together
• Removes need for API
• Divided into (i) data oriented products , (ii) messaging oriented vendors
(software or hardware infrastructure supporting sending and receiving
messages between distributed systems). application server middleware,
web middleware, and transaction-processing monitors.
Examples
• Red Hat JBoss Enterprise Application Platform (EAP) ...
• IBM WebSphere. ...
• Oracle WebLogic.
MOM
• Message-driven processing is required in a client/server environment that uses a special program called
a message broker.
• A client sends a message to the message broker which is designed to handle many messages from
multiple clients and forward them to the appropriate server application.
• The middleware creates a communications layer that insulates developers from the complexity of
different operating systems and network protocols.
FEATURES
• Unified messaging
• Provisioning and monitoring
• Dynamic scaling
• Management and control tools
• Dynamic scaling
• Flexible service quality
• Secure communication
• Integration with other tools
Computer Crimes
• Computer crime is an act performed by a knowledgeable computer user,
sometimes referred to as a hacker that illegally browses or steals a
company's or individual's private information.
• In some cases, this person or group of individuals may be malicious and
destroy or otherwise corrupt the computer or data files.
• Cyber Stalking.
• Identity Theft.
• Software Piracy. ...
• Money Laundering. ...
• Malware. ...
• Phishing.
Cyber crime
 fraudulent attempt to obtain sensitive information such as usernames,
passwords and credit card details by disguising oneself as a trustworthy
entity in an electronic communication. Types :
Smishing, Vishing , Pharming
• Examples (i) Generic greeting. Phishing emails are usually sent in
large batches(ii) Forged link (iii) Requests personal
• Spoofing describes a criminal who impersonates another individual or
organization, with the intent to gather personal or business
information
ERP Security
• Security Threat is defined as a risk that which can potentially harm computer
systems and organization.
• The cause could be physical such as someone stealing a computer that contains vital
data.
• Includes Physical, Non physical(Logical threats)
A physical threat is a potential cause of an incident that may result in loss or physical
damage to the computer systems.
Categories :
• Internal
• External
• Human
Logical Threats
• Loss or corruption of system data
• Disrupt business operations that rely on computer systems
• Loss of sensitive information
• Illegal monitoring of activities on computer systems
• Cyber Security Breaches
Logical Threats
• Virus
• Trojans
• Worms
• Spyware
• Key loggers
• Adware
• Denial of Service Attacks
• Distributed Denial of Service Attacks
• Unauthorized access to computer systems resources such as data
• Phishing
• Other Computer Security Risks
• Viruses, worms, Trojans, and bots are all part of a class of software
called "malware."
• Examples :
• Phishing
 fraudulent attempt to obtain sensitive information such as usernames, passwords
and credit card details by disguising oneself as a trustworthy entity in an electronic
communication. types : Smishing, Vishing , Pharming
• Examples (i) Generic greeting. Phishing emails are usually sent in large
batches(ii) Forged link (iii) Requests personal
• Spoofing describes a criminal who impersonates another individual or
organization, with the intent to gather personal or business information
ERP security issues
• Overlooking Software Updates
• Lack of Employee Training and Upkeep
• Inadequate Access and Authentication
• Insider Threats
• Vulnerable Interconnections
• Poor Patch Management
• Poor ERP Security Delegation
Computer security
• Passwords
• Physical access restriction
• Firewall
• Encryption
• Audit
• Backup
• Remote and proactive implementing process
ERP security issues
• Sixty-four percent of the 191 decision makers surveyed whose organizations rely on SAP or Oracle E-
Business Suite confirmed that their deployments have had an ERP-related breach in the last 24 months.
• “Enterprise Resource Planning (ERP) applications such as Oracle E-Business Suite and SAP (ECC) can
be foundational for businesses.
• A breach of such critical ERP applications can lead to unexpected downtime, increased compliance risk
, diminished brand confidence and project delays,”
• ERP platforms in the last 24 months, reported compromised information includes sales data (50
percent), HR data (45 percent), customer personally identifiable information (41 percent),
intellectual property (36 percent) and financial data (34 percent).
• 78 percent of respondents report that ERP application users are audited every 90
days or more.
• 74 percent of SAP and Oracle EBS applications are connected to the internet.
• 56 percent of C-level executives are concerned or very concerned about moving
ERP applications to the cloud.
Security Solutions
• ERP Security is a wide range of measures aimed at protecting 
Enterprise resource planning (ERP) systems from illicit access ensuring
accessibility and integrity of system data.
• ERP Security scanner is a software intended to search for
vulnerabilities in ERP systems. Scanner analyzes configurations of ERP
system, searches for misconfigurations, access control and encryption
conflicts, insecure components, and checks for updates. 
• RBAC (Role-Based Access Control) model is applied for users to
perform transactions and gain access to business objects
• SOD (segregation of duties)
ERP security
• Hackers have targeted the systems of 62 colleges and universities by exploiting a
vulnerability in an enterprise resource planning (ERP) web app, (the US Department
of Education)
•  vulnerability in the authentication mechanism used by the two modules that can
allow remote attackers to hijack victims' web sessions and gain access to their
accounts.
•  attackers created thousands of fake accounts over days, with around 600 accounts
created during a 24-hour period.
• Officials said the accounts were used "almost immediately for criminal activity," but
did not provide any details about the nature of the activity.
• Attackers are utilizing bots to submit fraudulent admissions applications and obtain
institution email addresses through admission application portals,"