Tugas Kelompok 2

(Minggu 5 / Sesi 7)
Essay
1. Terdapat 2 kelompok Integrasi Sistem, yaitu integrasi secara Logical dan secara
Physical. Jelaskan secara singkat mengenai integrasi tersebut!

2. Jelaskan mengenai langkah-langkah dalam proses pembelian ERP pada suatu

perusahaan (High Level ERP Purchasing Process)

3. Jelaskan faktor-faktor yang menjadi tolok ukur keberhasilan pelatihan ERP pada
suatu perusahaan!

Case Study

Taking Control of Cloud ERP

By IDG Contributing Editor
JAN 19, 2017 1:19 PM PT

Today’s maturing and evolving Cloud ERP solutions allow organizations to streamline
their financial operations and business processes — with employees able to access and
support the organization from anywhere, at any time. Easy access, however, also means
increased risk. Unfortunately, many companies struggle to strike a good balance
between business enablement and security protections, and proceed without a clear
direction.

“Moving to Cloud ERP introduces new complexities for organizations to consider, such
as increased cyber threats, data security challenges, burdensome regulatory
requirements, and cloud-centric operational complications,” says KPMG’s Managing
Director of GRC Technology, Laeeq Ahmed, who explains that it’s essential to address
those risks and requirements as early as possible in the Cloud ERP implementation
process. “Our clients that proactively address the universe of cloud risk, controls and
compliance requirements are better prepared and positioned to avoid significant cost
and disruption,” he says.

Conflicting Priorities, Siloed Decision-Making

When a company takes on a Cloud ERP implementation project, there is typically a long
to-do list that often includes conflicting priorities — from core functionality and user
experiences to transaction and data protection. Unrealistic time frames abound, says
Ahmed, with overwhelmed project teams who push critical considerations such as
security, controls and risk management to the bottom of the priority heap. “This tactical
approach can result in risk and control compromises that aren’t fully appreciated until

ISYS6305 – Enterprise System

the project goes live,” he explains. Then, as organizations and auditors realize the
significance of this oversight, remediation projects are required to make corrections,
which then disrupt the user community and are expensive and time-consuming.

In addition, implementations sometimes are scattered and decentralized, which

amplifies siloed organizational decision-making. Individual departments might choose
different subscription-based or out-of-the-box solutions for different functions — one
for financials and one for human resources, for instance — without understanding
integration risks, IT architectural challenges, and how economies of scale are affected.

“Three different vendors may be best-of-breed, but the company may not be fully
looking at the trade-offs,” says KPMG’s Managing Director for Emerging Technology
Risk, Sailesh Gadia. “For example, with different systems, you could lose visibility into
who has the ability to update vendor information and pay the vendor, or you could run
the risk of someone creating dummy customer accounts and siphoning out money —
these aren’t just hypothetical situations, but ones that we see with clients,” he says.
“Some of these concerns existed with on-premise solutions, but cloud has exacerbated
the situation.” It’s important for organizations to understand the next level of complex
challenges resulting from the cloud.

A Holistic View of Securing Cloud ERP

For IT leaders as well as the larger organization, doing the work to secure Cloud ERP
earlier in the cycle rather than later is clearly beneficial. KPMG’s Securing the Cloud
ERP framework takes a holistic view that cuts across individual functions and
departments, and goes beyond tactical exercises specific to functions such as general
ledger, payroll or CRM. “This is a strategic opportunity to do some business process
reengineering,” says Gadia. “It’s about striking a balance between copying your
existing/familiar business processes flows and leveraging what the cloud vendor has to
offer.”

The KPMG framework focuses on five core areas that help establish and maintain the
organization’s overall security posture with Cloud ERP and work to minimize costly
rework after the implementation: Application controls, application security, cyber and
data security, security operations and user access administration and governance.

Each organization is different in terms of what they need — for some companies,
especially for smaller, simplistic business processes, it might make sense to adopt what
the vendor provides right out of the box. For others, there might be a mixture of best-of-
breed point solutions, legacy solutions and out-of-the-box capabilities. “It’s about
helping companies reengineer and find the right balance,” says Ahmed. “Too often
companies think that buying and installing software is enough — that everything will
follow and fall into place. Instead, it has to be an enterprise-wide, joint effort between
the CIO and the business. IT is absolutely involved, but so are business groups,
controllers, and the CFO.”

ISYS6305 – Enterprise System

Three Ways Companies Can Get in Front of Cloud ERP Security

1) Make sure all the right groups are involved. “The whole concept of teaming is
important,” says Ahmed. A Cloud ERP implementation involves more than just the IT
group — it’s the CFO’s organization, the controller’s group, human resources, risk
management and compliance. All of these groups need to be involved, perhaps at a
steering committee level. “To be successfully functional and technical leaders, they need
to collaborate throughout the project implementation phases and look to address cross-
functional risk and controls requirements and unique cloud security details,” he says.

2) Put the right talent management in place. For a successful and secure Cloud ERP
implementation, you need talent with a combination of business process understanding
as well as relevant training in the vendor solution,” says Gadia. That means sending
employees for cloud vendor training and conferences, to become part of the solution
community that helps build their knowledge. “Understanding the direction the vendor is
going is particularly important,” he says: “For example, if cloud-based companies get
acquired, what does it mean for the enterprise roadmap?”

3) Make sure HR has a hand in. When it comes to ERP, a great deal of personnel data is
owned by HR — it can be a single source of truth where you impose certain roles and
responsibilities, says Ahmed, so they need to be involved in the Cloud ERP
implementation and efforts to secure the solutions. “That’s where organizations need to
start in terms of understanding roles and responsibilities, segregating the kind of access
you assign to different users to prevent certain types of unwanted behaviors,” he
explains.

Link : http://www.cio.com/article/3159708/leadership-management/taking-control-of-cloud-
erp.html

Pertanyaan :

1. Jelaskan secara singkat mengenai Cloud ERP!

2. Apa manfaat dan kendala yang didapatkan perusahaan dengan menggunakan

Cloud ERP ?

3. Apa yang menjadi pertimbangan/alasan perusahaan dalam memilih vendor yang

sesuai dengan kebutuhan perusahaan?

4. Menurut Anda, mengapa suatu perusahaan perlu menerapkan Cloud ERP?

ISYS6305 – Enterprise System