Everything has its birth, maintenance and end of life. This presentation gives an overview of the entire SDLC Process.
Blog Archives
Role of a CA in Implementing an ERP
published in the SICASA Newsletter of the Mangalore Branch of ICAI in the month of December 2013
Business Expansion and Development is a continuous phase for any Enterprise. In this era where there is technological growth, we now observe a “Big Bang” explosion among the enterprises present all over the world. Enterprises are growing in terms of size and presence, service offerings and product offerings which have all resulted in two things, Economic Growth and Difficulties in Management.
Economic Growth is excellent for any economy as we can witness a better standard of life and many more merits and are welcomed by everyone. However Difficulties in Management of the Enterprise is a matter of great concern as there is considerable amount of items which are at stake. The following are a few difficulties which were faced in common by many growing enterprises, Co-ordination between departments, regulatory compliances, Accounting Frauds, Lack of uniform business processes, communication gaps, privacy of data, data redundancy and too much of paperwork and thus had made the job of managing an enterprise extremely challenging.
Thus a solution called ERP was presented to the enterprises. The magic of the ERP was that literally running the whole enterprise using a single interface. All the business processes, accounting functions, communications etc. were integrated. ERP is an abbreviation for Enterprise Resource Planning. ERP is another genre of software. Major players of the ERP market are SAP (SAP AG), Oracle e-business suite (Oracle Corporation), Microsoft Dynamics (Microsoft) etc. The ERP is used to run the day to day show of the enterprise. Every transaction is passed through the ERP be it an internal transaction or a regular business transaction. General Internal Controls are enforced by the ERP solution. And any and every accounting impact that arises as a result of the above functions is automatically recorded in the required accounting standards are performed by the ERP. Central Administration and a smooth functioning enterprise is an end result.
There is a difference between ‘Installation’ and ‘Implementation’ of an ERP. Installation simply means the representative of the service provider installs the ERP solution on the servers and workstations of the Enterprise. Implementation is a different concept altogether. It refers to configuring the installed ERP to merge the business processes of the enterprise, regulatory requirements, Accounting Functions those are applicable and the Internal Controls that are required to the enterprise. An effective implementation of an ERP would lead to very strict internal controls, accuracy in maintaining books of accounts, savings of time and thus would lead the management to focus more of the time on Business rather than internal affairs.
A Chartered Accountant being an auditor and also as an accountant is aware about the business processes and workflows of an enterprise. A Chartered Accountant can provide consultancy services in implementation of an ERP. A CA can be right best person to provide the correct guidance.
The implementation of an ERP can be broadly categorized into three sections viz. Access, Process and Compliance.
Compliance: Laws and regulations of various countries need to be followed by the enterprise having its presence in the respective countries. Each country may have its own Generally Accepted Accounting Standards. In India we have the Accounting Standards, Ind AS, IFRS as the GAAP to the enterprises as applicable. Other regulations include the Clause 49, the Sarbanes Oxley Act, Data Privacy Acts’ of other countries etc. It is extremely important for the enterprise to comply with every regulation. The ultimate goal of any regulation is to maintain uniformity of accounts and to showcase a “True and Fair” view of the Financial Statements. A Chartered Accountant is known for his superiority in Accounting Knowledge. It is most crucial that the accounting transaction to be passed at the correct point of the workflow. Deciding the accounting policy to be implemented for the enterprise can be performed by the CA.
Process: All the workflows and Processes of various functions of the enterprise have to be implemented. Implementing an ERP is a time consuming process and not a simple task enterprise would opt for will also be the best time to perform a Business Process Engineering. All existing processes and workflows can be redesigned in order to make it smaller and simpler but to retain the level of inflows that are generated by the said function. A process is a series of workflows of a specific function. A CA can conduct a risk assessment on the controls that is present in the enterprise and the new processes can be designed with the motive of mitigating the risk that is there. Internal Controls also can be redesigned and enforced through the ERP. A CA can design the structure of the process and workflows that would be most beneficial to the enterprise.
Access: Access should be given to the end users in a need to know basis and at a Minimum Requirement to the employees. It is essential to have adequate Internal Controls to prevent data leakage and abuse. Segregation of Duties (SODs) is a concept that is being practiced by the enterprises. SOD in layman’s language means the maker and the checker should not be the same person. Deciding the roles and responsibilities that is possible to be performed at the enterprise can be provided by the CA. The Correct combination of the responsibilities and roles to ensure that there is no conflict of the SOD can be designed by the CA.
The successful implementation of the ERP is possible only if the correct solution is presented. Hence it is essential for a CA to ensure that each and every function of the Business of the enterprise is taken care of. All resources are effectively used and no deviations from regulations are to be ensured. In brief, A CA used to provide services like Auditing, Book Keeping and Compliances to the enterprise. We can now observe that the services that could be provided by the CA are increased and there is a heavy dependence from the enterprise on Chartered Accountants. We can now be an architect for the enterprise, give a solution for running their business. Thus with the continuous improvement of Technology, services of a CA is required at a whole new level by the enterprise.
Share this:
Business Continuity Planning
– published in the SICASA Newsletter of Mangalore ICAI in the month of August 2013
Business and enterprises of today depend heavily on information and communication technology (ICT) to conduct business. The ICT plays a central role in the operation of the business activities. This dependence on the systems means that all enterprises should have contingency plans for resuming operations of the business activities. For example, the stock market is virtually paperless. Banks and financial institutions have become online, where the customers rarely need to set foot in the branch premises. This dependence on the systems means that all enterprises should have contingency plans for resuming operations from disruption.
This disruption of business operations can be due to unforeseen man-made or natural disaster that mat result into revenue loss, productivity loss and loss of market share among many other impacts. Thus enterprises have to take necessary steps to ensure the continuity of operation in the event of disruptions.
Business continuity is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores such as project management, system backups, change control, and help desk. Business continuity is not something implemented at the time of a disaster; Business Continuity refers to those activities performed daily to maintain service, consistency, and recoverability.
The objective of a Business Continuity Plan (BCP) is to enable an organization to continue to operate through an extended loss of any of its business premises or functions. The fundamental aim of BCP is to:
· Manage the risks which could lead to disastrous events.
· Reduce the time taken to recover when an incident occurs and,
· Minimize the risks involved in the recovery process.
The foundation of business continuity are the standards, program development, and supporting policies; guidelines, and procedures needed to ensure a firm to continue without stoppage, irrespective of the adverse circumstances or events. All system design, implementation, support, and maintenance must be based on this foundation in order to have any hope of achieving business continuity, disaster recovery, or in some cases, system support. Business continuity is sometimes confused with disaster recovery, but they are separate entities. Disaster recovery is a small subset of business continuity. It is also sometimes confused with Work Area Recovery (due to loss of the physical building which the business is conducted within); which is but a part of business continuity.
Steps in constructing an effective BCP:
1. Document internal key personnel and backups. These are people who fill positions without which a business absolutely cannot function – make this list as large as necessary but as small as possible.
· Consider which job functions are critically necessary, every day. Think about who fills those positions when the primary job-holder is on vacation.
· Create a list of all those individuals with all contact information including business phone, home phone, cell phone, business email, personal email, and any other possible way of contacting them in an emergency situation where normal communications might be unavailable.
2. Identify who can telecommute. Some people in an organization might be perfectly capable of conducting business from a home office. Find out those who can and who cannot work from home.
3. Document external contacts. If an organization has critical vendors or contractors, then build a special contact list that includes a description of the organization and any other absolutely critical information about them including key personnel contact information.
· Include in the list people like attorneys, bankers, IT consultants etc anyone that you might need to call to assist with various operational issues.
· Don’t forget utility companies, municipal and community offices (police, fire, water, hospitals) and the post office.
4. Document critical equipment. Personal computers often contain critical information
· Some businesses cannot function even for a few hours without a fax machine. Does the company rely heavily on the copy machine? Does the company have special printers that it absolutely must have?
· Don’t forget software – that would often be considered critical equipment especially if it is specialized software or if it cannot be replaced.
5. Identify critical documents. Articles of incorporation and other legal papers, utility bills, banking information, critical HR documents, building lease papers, tax returns. You need to have everything available that would be necessary to start your business over again. Critical Documents would include loan payment schedules, email services bill payments etc
6. Identify contingency equipment options. If your company uses trucks, and it is possible the trucks might be damaged in a building fire, where would you rent trucks? Where would you rent computers? Can you use a business service outlet for copies, fax, printing, and other critical functions?
7. Identify your contingency location. This is the place where the company would conduct business while the primary offices are unavailable.
· It could be a hotel – many of them have very well-equipped business facilities you can use. It might be one of the company’s contractors’ offices, or its attorney’s office.
· Telecommuting for everyone is a viable option.
· If you do have an identified temporary location, include a map in your BCP. Wherever it is, make sure you have all the appropriate contact information (including people’s names).
8. Make a “How-to”. It should include step-by-step instructions on what to do, who should do it, and how.
9. List each responsibility and write down the name of the person assigned to it. Also, do the reverse: For each person, list the responsibilities. That way, if you want to know who is supposed to call the insurance company, you can look up “Insurance
10. Put the information together! A BCP is useless if all the information is scattered about in different places. A BCP is a reference document – it should all be kept together in something like a 3-ring binder.
· Make plenty of copies and give one to each of your key personnel.
· Keep several extra copies at an off-site location, at home and/or in a safety-deposit box.
11. Communicate. Make sure everyone in the company knows the BCP. Hold mandatory training classes for each and every employee whether they are on the critical list or not. You do not want your non-critical staff driving through an ice storm to get to a building that has been damaged by fire then wondering what to do next.
12. Test the plan! You’ve put really good ideas down, accumulated all your information, identified contingency locations, listed your personnel, contacts and service companies, but can you pull it off?
· Pick a day and let everyone know what’s going to happen (including your customers, contractors and vendors); then on that morning, act as though your office building has been destroyed. Make the calls – go to the contingency site.
· One thing you will definitely learn in the test is that you haven’t gotten it all just exactly right. Don’t wait until disaster strikes to figure out what you should do differently next time. Run the test.
· If you make any major changes, run it again a few months later. Even after you have a solid plan, you should test it annually.
13. Plan to change the plan. No matter how good your plan is, and no matter how smoothly your test runs, it is likely there will be events outside your plan. The hotel you plan to use for your contingency site is hosting a huge convention. You can’t get into the bank because the disaster happened on a banking holiday. The power is out in your house. The copy machine at the business services company is broken. Your IT consultant is on vacation.
· Every time something changes, update all copies of your BCP.
· Never let it get out of date. An out-of-date plan can be worse than useless: it can make you feel safe when you are definitely not safe.
the name is Bharath!!!! 