Business is all about taking risks. But intelligent managers know how to manage risks, thus preventing accidental losses as well as other operational, financial, and strategic risks—including fraud.
To manage business risks by using technology, we must first understand and prioritize the risks a specific business faces, and then understand how IT can help that business. Then we can come to understand how those risks intersect with the IT systems a business might already have in place.
One risk within your business may stem from operating in an e-commerce environment. In that case, you want to know how IT is supporting the Web portal. Do people simply view a catalog, or do they order online and log back into your system later to view their order status? How does that portal tie in with your back-end systems and business data?
Or maybe you have multiple business units, several running on a top-tier enterprise resource planning (ERP) system like IFS Applications. But a Mexican unit is still running a homegrown application, passing its data to you in spreadsheets modified to reflect currency exchange. The manual processes involved in this data transfer and data alteration represent a business risk that could be mitigated by the built-in security features of an ERP system.
So, while technology might be designed to assist in risk management, that technology must still be configured and used intelligently to deliver this business benefit.
Indeed, intelligent use of an ERP system can not only help ensure compliance with legal requirements and accounting rules, but it can also help prevent fraud. An ERP application and its user permissions settings can prevent theft. Aggressive and intelligent use of an ERP system's safeguards can save time during auditing. Properly configuring an ERP application can help protect your company from fraud and costly corporate mistakes in a number of ways. Following are three practical approaches a business can take to protect its assets through its ERP system.
1. Use a top-down approach to identify risks.
Business risk management requires a top-down approach. Senior management often focuses its efforts on creating competitive advantages and might not see one in spending extra money on compliance. But even companies not immediately affected by regulations like the US Sarbanes-Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA) of 1996 can benefit from applying some of the principles required for compliance to their business. Efforts to comply with basic data security and risk prevention guidelines can even further reduce the risk of financial loss through administrative mistakes or fraud. The specific steps necessary to ensure compliance with these guidelines will differ from one company or business model to the next, but any company needs to pay attention to such basics as good financial statements, data security, privacy, and housing of key information—and how that information affects things like ensuring accurate financial reporting.
Part of this top-down approach involves identifying what information is key to your business. For a manufacturer, this data might consist of accounting, payroll, and health insurance information, plus things like physical plant assets and inventory. In contrast, a professional services environment is much simpler, with key information consisting of things like customer service and payroll data, with the only other real assets consisting of phones and perhaps leased office space.
To manage business risks by using technology, we must first understand and prioritize the risks a specific business faces, and then understand how IT can help that business. Then we can come to understand how those risks intersect with the IT systems a business might already have in place.
One risk within your business may stem from operating in an e-commerce environment. In that case, you want to know how IT is supporting the Web portal. Do people simply view a catalog, or do they order online and log back into your system later to view their order status? How does that portal tie in with your back-end systems and business data?
Or maybe you have multiple business units, several running on a top-tier enterprise resource planning (ERP) system like IFS Applications. But a Mexican unit is still running a homegrown application, passing its data to you in spreadsheets modified to reflect currency exchange. The manual processes involved in this data transfer and data alteration represent a business risk that could be mitigated by the built-in security features of an ERP system.
So, while technology might be designed to assist in risk management, that technology must still be configured and used intelligently to deliver this business benefit.
Indeed, intelligent use of an ERP system can not only help ensure compliance with legal requirements and accounting rules, but it can also help prevent fraud. An ERP application and its user permissions settings can prevent theft. Aggressive and intelligent use of an ERP system's safeguards can save time during auditing. Properly configuring an ERP application can help protect your company from fraud and costly corporate mistakes in a number of ways. Following are three practical approaches a business can take to protect its assets through its ERP system.
1. Use a top-down approach to identify risks.
Business risk management requires a top-down approach. Senior management often focuses its efforts on creating competitive advantages and might not see one in spending extra money on compliance. But even companies not immediately affected by regulations like the US Sarbanes-Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA) of 1996 can benefit from applying some of the principles required for compliance to their business. Efforts to comply with basic data security and risk prevention guidelines can even further reduce the risk of financial loss through administrative mistakes or fraud. The specific steps necessary to ensure compliance with these guidelines will differ from one company or business model to the next, but any company needs to pay attention to such basics as good financial statements, data security, privacy, and housing of key information—and how that information affects things like ensuring accurate financial reporting.
Part of this top-down approach involves identifying what information is key to your business. For a manufacturer, this data might consist of accounting, payroll, and health insurance information, plus things like physical plant assets and inventory. In contrast, a professional services environment is much simpler, with key information consisting of things like customer service and payroll data, with the only other real assets consisting of phones and perhaps leased office space.
No comments:
Post a Comment