Summary Session 19-20

Global, Ethics, and Security Management (Session 19-20)

Outsourcing

•          Outsourcing occurs anytime a company decides to subcontract its business processes or functions to another company

•          Most IT outsourcing initially occurred in such back-office functions as technical support, software development, and maintenance areas

Benefits of Outsourcing

•          Economics

•          Market Agility

•          Breadth of Skills

•          Technical Expertise

•          Multiple Feedback Points

•          Scalability

•          Best Practices

•          Process-Oriented

•          Solution-centric

•          Upgrade Crunch

•          Fear of Distraction

Drawbacks of Outsourcing

•          Lack of Expertise

•          Misaligned Expectations

•          Culture Clash

•          Hidden Costs

•          Loss of Vision

•          Security and Control

Offshore Outsourcing

•          Off-shoring is when a company selects an outsourcing partner from another country.

•          Offshore partners are often selected from developing countries to lower the labor costs. 

•          When evaluating an outsourcing partner, ERP selection teams should consider financial status, technical certifications, licenses, qualifications, and related work experience.

•          Culture is one of the biggest challenges facing companies that offshore their ERP initiatives.

•          Factors like: time differences, travel and communication costs, language and cultural differences could retard off-shoring efforts.

Software as a Service (SaaS)

•          Saas is a model of software that can be rented or leased from a software vendor who provides maintenance, daily technical operation, and support for the software.

•          The SaaS model brings lower risk in the implementation cycle and better knowledge transfer from integrators to users of systems.

Benefits of the Saas Model

•          Universal Access

•          Ubiquitous Computing

•          Standardized Applications

•          Parameterized Application

•          Global Market

•          Reliability of Web

•          Transparent Security and Trust

Limitations of the Saas Model

•          Minimal user privacy.

•          Limited flexibility allowed to the individual user.

•          Significant investment in resources

•          It is quite possible that over a 3 or 5-year period, traditional ERP architecture might even be cheaper than an SaaS solution.

Types of SaaS Providers

•          Application Service Provider (ASP)

–        A customer purchases and brings to a hosting company a copy of software, or the hosting company offers widely available software for use by customers.

•          Software On-Demand (SOD)

–        This means that one copy of the software is installed for use by many companies who access the software from the Internet.

Ethics

•          Privacy

The right to control what information needs to be safeguarded and what can be made available to the public

•          Accuracy

–        Requires organizations that collect and store data on consumers to have a responsibility in ensuring the accuracy of this data.

–        Protect an individual or consumer from negligent errors and prevent intentional manipulation of data by organizations.

•          Property

–        Makes organizations realize that they are not the ultimate owners of the information collected on individuals.

–        Consumers give organizations their information on a condition that they will be guardians of this property and will use it according to the permission granted to them.

–        ERP systems facilitate the process of sharing information easily by integrating information within the organization and across organizations.

Code of Ethics for ERP

–        Stockholder Theory.  Protects the interest of the investors or owners of the company at all costs.

–        Stakeholder Theory.  Protects the interests of everyone having a stake in the company success; namely, owners and stockholders, employees, customers, vendors, and other partners.

–        Social Contract Theory.  Includes the right of society and social well-being before the interest of the stakeholders or company owners

Green computing is the study and practice of environmentally sustainable computing or IT, this can include "designing, manufacturing, using, and disposing of computers, servers, and associated subsystems—such as monitors, printers, storage devices, and networking and communications systems — efficiently and effectively with minimal or no impact on the environment.”
Security

•          Physical Hardware Security

–        Physical access includes network closets or switch rooms and access to PCs. All must be secure.

•          Network Security

–        Most companies implement some form of firewall(s), virus controls, and network or server, or both, intrusion detection to safeguard the networked environment.

•          Intrusion Detection

–        Real-time monitoring of anomalies in and misuse of network and server activities will assist in spotting intrusions and safeguarding systems from inappropriate access.

•          Portable Devices

–        Society wants the convenience of portability, but it comes at a cost of less security.

•          Awareness

–        Ensure that users are aware of security risks.

–        Enforce policies and procedures related to access.

•          Security Monitoring and Assessment

–        A good security plan will also detail how to provide for constant assessments of security.

–        A periodic review of who has access, what they have access to, and how often they are accessing the system.

•          Encryption

–        Encryption involves using a key, usually a very long prime number that is difficult to guess or program, to scramble at one end and unscramble at the other end.

Implications for Management

•          Outsourcing

–        Determine how much the company should rely on outsourcing and the extent to which they do.

–        Re-evaluate the level of support required for the ERP implementation.

–        Evaluate Business Process Outsourcing (BPO) and hosted applications for key business processes.

–        When considering outsourcing solutions (whether they be offshore development or SaaS providers), ERP management teams need to look beyond cost.

•          Ethics

–        An ethics guru should be appointed to the team to guide the team on privacy, accuracy, property rights, and access principles.

•          Legal

–        Address as many possible legal issues up front to protect the company’s investing in the ERP.

•          Audit

–        Key issue for management with ERPs in general is the law around Sarbanes–Oxley.

•          Security

A security plan must be developed to address all the issues related to access