Outsourcing, ERP implementation, and business continuity plan
Outsourcing is the act of contracting an outside party to business to perform the business processes that could have been done by the outsourcing firm. A firm purchases a service or an activity from outside to fulfill its needs (Elitzur, Gavious, & Wensley, 2012). It is a make-or-buy activity that can be done domestically or overseas. The propensity of companies deciding to outsource is based on the intangibility of a product or service.
The advantages of outsourcing include strategic optimization of company core mission, goals, and strategies, financial benefits, market discipline, better utilization of technology, better focus on the market, reduced operational and recruitment costs, risk sharing, and better management of outsourced activities (Feeny, Lacity, & Willcocks, 2012). On the other hand, the disadvantages include loss of expertise, loss of vision, security control, loss of control over costs, and dependence on external expertise. Other issues include legal constraints, lack of customer focus, taxes, and inability to use new technology.
The key challenges in offshore outsourcing include legal and regulatory frameworks; technology can be stolen, changing workforce and job loss, political issues, societal factors, culture, technical capability and certification of the offshore company, security control, licenses, related work experience, loss of vision, language barriers, government interventions, labor flexibility, qualifications, economic conditions, quality of labor force, and ethical concerns. However, the best five practices in outsourcing include:
- Creation of a formal governance process
- Accountability
- Insourcing
- Expediency
- Plan for installing upgrades
SaaS is known as a Software-as-a-Service model where services are offered on a pay as you use basis. It is considered as an outsourced option because the software is offered, used, and paid for or rented as one consumes the services. The user enjoys various benefits such as universal access, reliability due to web access, global market, and use of standardized applications.
An auditor’s presence is important when implementing ERP because it requires that the implementation be done with accuracy besides ensuring that the business process reengineering is done to meet the business goals and objectives of the company on the question (Monk & Wagner, 2012). Here, the auditor makes sure that various factors such as the inclusion of accounting tools are implemented appropriately. That is in addition to careful planning, addressing risk assessment issues as well as analyzing them, ensuring that the technical structures satisfy the accounting and financial requirements of the firm, and providing a complete evaluation of each of the internal controls of the firm.
Studies point out that auditing is necessary to assess the internal access controls because the data in ERPS are pooled together into a single database and the privileges of modifying materials, financial information, and human resources must be secured at the application level, network, database, and operating systems levels. Also, auditing enables user IDs to be scrutinized properly, evaluation and verification of the company’s business processes’ configurations can reveal those business processes that are faulty and the right corrections to be done to make sure they are up to standard. Other factors that make auditing of the ERPS implementation necessary include ensuring that there is the effective implementation of change management strategies, the use of best practices to assure users of their privacy, provision of effective user-friendly interfaces, and the ability to secure personnel information.
The Sarbanes-Oxley Act is a critical component for investors because it provides managers and those on the corporate ladder to take responsibility for their actions and decisions concerning how they handle the finance of those corporate entities they head (Monk & Wagner, 2012). The act requires that managers provide accurate financial reporting of corporate financial statements because it binds them with the mandatory responsibility of certifying that a company’s reports reflect a true financial position the company operates on.
Disaster recovery and plan and business continuity include the level of risk exposure, the personnel and financial commitment to ensure that business continues after a disaster has occurred. Other components include insurance, site designation, documentation, data backup, communication channels, emergency procedures, and backup of key personnel. Those who should be involved include the manager, all departments that use the ERP, an ethics guru, auditor, information systems technicians, and Medicare providers.
Components to system security and ERP implementation
The five top security questions to ask include:
- Which hardware, software, and hardware technologies are in use?
- What approaches were applied to address organizational security objectives?
- Which is the mission statement of the organization?
- How does the organization assure confidentiality, integrity, and availability of data?
- How does the organization assure authenticity and accountability of information?
- Who is responsible for the planning and implementation of the security of information systems?
Security must be planned, tested, and ready by the time the ERP implementation to ensure that the system security strategies are consistent with the required standards and requirements for compliance.
Software as a Service
According to Wu, Garg, and Buyya (2012), SaaS is a model that depicts software that is used as a utility and paid for as long as the user has maintained access. On the other hand, traditional outsourcing is based on having the services done by another party where the outsourcing company agrees with the outside firm. Here, the customer, vendor, and outsourcer establish a triangular relationship. Software-as–a-Service is an on-demand-software. Software On-Demand (SOD) and Application Service Provider (ASP) constitute the two models on which SaaS services are offered. The vendor takes the responsibility of maintenance, support, and technical operations of the software from a central location.
In comparison, traditional outsourcing is done at a cost without caring who does the work, while SaaS is charged on a monthly or annual basis and usage patterns and the user of the service are from within the company that uses the SaaS. Unlike the ability to use SaaS in a multi-tenant environment and offer some services for free, traditional outsourcing models restrict the availability of services to the full ownership of the software (Wu, Garg, & Buyya, 2012). The vendor has exclusive access to their software products while SaaS enables the user to access the software. Both are time and cost-saving strategies. The circumstances under which companies choose SaaS as opposed to traditional software include when there are enough expertise and employees have experience.
Expert employees can use available technology and that could save the company additional costs of outsourcing besides saving the knowledge in-house that could be used for the future. Also, a company with a focused strategy and that requires improved compliance is bound to for SaaS because its employees are responsible for strategy implementation. Enhanced accuracy in the part of the user necessitates a company to opt for SaaS as opposed to outsourcing. Additional factors include technology advances, risk mitigation, and the need to comply with the recommended software standards and regulations.
References
Elitzur, R., Gavious, A., & Wensley, A. K. (2012). Information systems outsourcing projects as a double moral hazard problem. Omega, 40(3), 379-389.
Feeny, D., Lacity, M., & Willcocks, L. (2012). Taking the measure of outsourcing providers. MIT Sloan management review, 46(3).
Monk, E., & Wagner, B. (2012). Concepts in enterprise resource planning. New York: Cengage Learning.
Wu, L., Garg, S. K., & Buyya, R. (2012). SLA-based admission control for a Software-as-a-Service provider in Cloud computing environments. Journal of Computer and System Sciences, 78(5), 1280-1299.