Table of Contents

SU1 .................................................................................................................... 2
Accounting information system AIS .............................................................................. 2
Enterprise resource planning ERP ................................................................................ 2
Management information system MIS .......................................................................... 3
SU2 .................................................................................................................... 6
BPR Business Process reengineering ............................................................................ 6
BPR vs BPI ................................................................................................................... 6
Ford case .................................................................................................................... 8
XEROX case ................................................................................................................ 9
IBM IT-enabled BPR ................................................................................................... 10
SU3 .................................................................................................................. 11
Internal controls ....................................................................................................... 11
COSO internal control framework .............................................................................. 11
Enterprise Risk Management (ERM) ............................................................................ 12
ERM vs COSO ............................................................................................................ 14
COBIT vs COSO ......................................................................................................... 15
BCP vs BCM vs DRP ................................................................................................... 16
SU3 Activity 3.3 Appropriate Internal Control Activities for the Scenarios..................... 17
Internal controls ....................................................................................................... 18
Factors for consideration for controls used ................................................................ 19
SOX (impact on corporate governance and financial reporting) .................................... 20
SU4 .................................................................................................................. 21
Class activity 4.2 (revenue cycle) ............................................................................... 21
Class activity 4.3 (expenditure cycle) ......................................................................... 22
VMI vs JIT: Advantages, Disadvantages, and Controls .................................................. 23
SU5 .................................................................................................................. 25
REA model ................................................................................................................ 25
SU5 Class activity 5.3 ................................................................................................ 26
RPA and BPR ............................................................................................................. 28
Potential RPA Use Cases in Various Business Functions .............................................. 29
SU6 .................................................................................................................. 30
Dempster’s triangle ................................................................................................... 31

Top of the Document

 Typical AIS/ERP Implementation Process ................................................................... 32
Review key ERP project challenges and risks .............................................................. 33
Discuss typical strategies to meet specific project challenges and risks ...................... 33

SU1
Accounting information system AIS
Enterprise resource planning ERP
ERP stands for Enterprise Resource Planning. It's a software system that integrates and manages
many core business processes for an organization. Imagine it as a central hub that connects various
departments and functions within a company.
Here are some key features of ERP systems:
• Integration: ERP systems connect different departments like finance, accounting, human
resources, manufacturing, supply chain, customer relationship management (CRM), and
sales. This eliminates the need for separate software systems for each function, improving
data flow and reducing redundancy.
• Data Sharing: Information entered into one module of the ERP system is accessible to
authorized users in other departments. This allows for better collaboration and quicker
decision-making.
• Automation: ERP systems can automate many routine tasks, such as order processing,
inventory management, and payroll processing. This frees up employee time for more
strategic work.
• Real-time Data: Many ERP systems provide real-time data on various aspects of the
business. This allows managers to make informed decisions based on up-to-date
information.
Benefits of using an ERP system:
• Improved efficiency and productivity
• Reduced costs
• Better decision-making
• Enhanced collaboration
• Improved customer service
• Increased visibility into operations
Examples of ERP systems:
• SAP
• Oracle NetSuite
• Microsoft Dynamics 365
• Infor CloudSuite Industrial
Who uses ERP systems?
ERP systems are used by businesses of all sizes, from small and medium-sized enterprises (SMEs) to
large corporations. The specific features and functionalities of an ERP system will vary depending
on the size and needs of the business.

Top of the Document

Management information system MIS

Top of the Document

Top of the Document
Top of the Document
SU2
BPR Business Process reengineering
1. Organise around outcomes, not tasks
2. Have those who use the output of the process perform the process
3. Link parallel activities during the process, rather than at the end of the process
4. Treat geographically dispersed resources as if centralised
5. Capture information at source
6. Merge information processing work into the real work that produces the information
7. Put decision points where work is done, and build controls in the Process

- Process redesign
- Single source of data
- Total customer experience

BPR vs BPI
Identifying the difference between Business Process Reengineering (BPR) and Business Process
Improvement (BPI) boils down to the depth and scope of change involved in improving a
business process. Here's a breakdown to help you distinguish between them:
Business Process Reengineering (BPR):
• Focus: Radical and fundamental change of a business process.
• Goal: Completely redesign the process to achieve dramatic improvements in efficiency,
cost reduction, or customer satisfaction.
• Approach: Starts from a clean slate, often questioning the very purpose and necessity of
existing steps.
• Impact: Significant disruption to the organization, potentially requiring changes in
technology, employee roles, and organizational structure.
• Example: A bank might completely overhaul its loan application process from paper-
based forms to a fully digital online system.
Business Process Improvement (BPI):
• Focus: Incremental improvements and optimizations to existing processes.
• Goal: Enhance efficiency, quality, or performance within the current framework.
• Approach: Analyzes existing processes, identifies bottlenecks and inefficiencies, and
implements targeted changes.
• Impact: Less disruptive, focuses on fine-tuning existing systems and workflows.
• Example: A company might streamline its order fulfillment process by implementing a new
inventory management system or automating repetitive tasks.

Top of the Document

Here's a table summarizing the key differences:
Feature Business Process Reengineering (BPR) Business Process Improvement (BPI)

Focus Radical Change Incremental Improvement

Goal Dramatic improvement Enhance efficiency or performance

Analyze and optimize existing

Approach Start from scratch
process

Less disruptive, focuses on existing

Impact Disruptive, requires major changes
framework

Completely redesigning loan Implementing new inventory

Example
application process management system

Choosing the Right Approach:

The choice between BPR and BPI depends on the specific situation and desired outcomes:
• BPR: Suitable for processes with significant inefficiencies or where a complete overhaul is
necessary to achieve a competitive advantage.
• BPI: More appropriate for ongoing improvement and fine-tuning of existing, generally
functional processes.
Here are some additional points to consider:
• Cost and Time: BPR is typically more expensive and time-consuming due to the extensive
changes involved.
• Management Support: Successful BPR initiatives require strong leadership commitment
and employee buy-in due to the potential disruptions.
• Organizational Culture: BPR might be better suited for companies with a culture that
embraces innovation and change.
By understanding the distinct characteristics and goals of BPR and BPI, you can make informed
decisions about how to improve your business processes and achieve optimal results.

Top of the Document

Ford case
What rule or design principle did Ford’s managers change
and what was the new rule or design principle? What BPR principle(s)
did this decision illustrate?

In Ford's case, the most likely rule or design principle that the managers changed is related to
production processes and standardization.
Here's a breakdown of the potential changes and BPR principles involved:
Change in Rule/Design Principle:
• Old: Traditional manufacturing relied on skilled workers performing a variety of tasks for
each car, making production less efficient and consistent.
• New: Ford implemented standardized production lines with interchangeable parts. This
involved:
o Division of labor: Breaking down car assembly into simpler, repetitive tasks that
could be efficiently performed by less-skilled workers.
o Standardized parts: Manufacturing interchangeable parts ensured consistent
quality and assembly across all cars.
o Moving assembly line: The car chassis would move along a conveyor belt,
allowing workers to focus on their specific tasks as the car progressed through the
line.
BPR Principles Illustrated:
This decision by Ford's managers exemplifies several principles of Business Process Reengineering
(BPR):
• Fundamental Rethinking: Ford challenged the traditional, craft-based approach to car
assembly and completely redesigned the process for maximum efficiency.
• Dramatic Improvement: The new production line aimed for significant improvements in
production speed and output, enabling Ford to produce cars at a much faster rate and
lower cost.
• Focus on Customers: Increased production volume translated to more affordable cars,
making them accessible to a wider range of customers.
Additionally:
• Process Simplification: Complex tasks were broken down into simpler, more manageable
steps.
• IT and Automation (not necessarily implemented by Ford at the time, but relevant to
BPR): While Ford might not have had advanced technology at the time, BPR principles
often consider the potential for automation and IT integration to further streamline
processes.
By implementing these BPR principles, Ford revolutionized car production and established the
assembly line as a dominant manufacturing method. It exemplifies how a fundamental change in
approach can lead to dramatic improvements in efficiency, cost reduction, and ultimately, increased
customer reach.

Top of the Document

XEROX case
Xerox's experience with BPR (Business Process Reengineering) is a complex case study with both
successes and challenges. Here's a breakdown of the key points:
Goals of BPR:
• In the early 1990s, Xerox faced increased competition and declining market share.
• They implemented BPR aiming to achieve:
o Reduced costs and improved efficiency in their business processes.
o Faster customer response times.
o Enhanced innovation and competitiveness.
Changes Implemented:
• Streamlined Processes: Xerox flattened its hierarchical structure, reducing management
layers and empowering employees.
• Cross-functional Teams: Teams with diverse skill sets were formed to take on broader
process ownership.
• Focus on Customers: Customer satisfaction became a central focus, with efforts to
improve responsiveness and service delivery.
Initial Successes:
• Xerox reported some initial positive results:
o Reduced cycle times for product development and service delivery.
o Improved cost efficiency.
o Increased employee engagement with the focus on cross-functional teams.
Challenges and Criticisms:
• However, the BPR initiative also faced significant challenges:
o Employee Resistance: The rapid changes and job reassignments caused anxiety
and resistance among some employees.
o Loss of Expertise: Streamlining and flattening the structure might have led to a
loss of specialized knowledge and experience in some areas.
o Focus on Short-Term Gains: Critics argue that Xerox may have prioritized short-
term cost reduction over long-term innovation and employee development.
Long-Term Impact:
• The overall impact of Xerox's BPR initiative is debated:
o Financial Performance: Xerox's financial performance did not experience a
sustained turnaround.
o Market Share: They continued to lose market share to competitors like Canon.
o Cultural Shift: However, the BPR initiative arguably helped to shift Xerox's culture
towards a more process-oriented and customer-centric approach.
Lessons Learned:
• Xerox's BPR experience highlights the importance of:
o Employee buy-in: Effective communication and change management are crucial
to overcome resistance and ensure employee engagement during BPR initiatives.
o Balance between efficiency and innovation: While streamlining processes is
necessary, it's important to maintain a culture that fosters creativity and long-term
innovation.
o Alignment with overall strategy: BPR initiatives should be aligned with the
organization's broader strategic goals to ensure sustainable success.
In conclusion, Xerox's BPR experience offers valuable insights into the potential benefits and
pitfalls of implementing such a large-scale change initiative. While they achieved some initial
improvements, the lack of long-term success highlights the importance of careful planning,
communication, and alignment with the organization's overall strategy.

Top of the Document

IBM IT-enabled BPR
Case Study: IBM Credit's IT-Enabled BPR
IBM Credit, a division of IBM that provides financing solutions, undertook a successful Business
Process Reengineering (BPR) initiative in the 1990s. This case study highlights how they leveraged
information technology (IT) to achieve significant improvements in their credit approval process.
Challenges Faced by IBM Credit:
• Slow and Inflexible Process: The traditional credit approval process was paper-based,
manual, and time-consuming. This led to delays in loan approvals and hindered customer
satisfaction.
• Limited Data Visibility: Credit analysts relied on scattered data sources, making it difficult
to assess creditworthiness efficiently.
• Inconsistent Decision-Making: The lack of standardized criteria could lead to
inconsistencies in credit approval decisions across different analysts.
BPR Initiative and IT Integration:
• Automated Workflows: IBM Credit implemented a new credit approval system with
automated workflows. This involved:
o Electronic application forms
o Integration with credit bureaus and other data sources
o Automated decision-making rules based on pre-defined criteria
• Credit Scoring Models: They developed credit scoring models that used statistical
analysis to assess creditworthiness and determine loan eligibility.
• Improved User Interface: The credit analysts received a user-friendly interface to access
all relevant customer information and credit scoring results in one place.
Benefits Achieved:
• Faster Processing Times: The automated workflows and credit scoring significantly
reduced loan approval times, improving customer experience.
• Enhanced Decision-Making: The standardized credit scoring models ensured consistent
and objective creditworthiness assessments.
• Increased Efficiency: Streamlined workflows and reduced manual tasks freed up analyst
time for more complex cases.
• Lower Operating Costs: Automation led to reduced paperwork and administrative
overhead.
Key Takeaways from IBM Credit's BPR:
• IT as an Enabler: The case study demonstrates how effectively leveraging IT can be a
critical driver of BPR success.
• Data-Driven Decisions: Integrating data and using credit scoring models led to more
efficient and accurate credit assessments.
• Improved Customer Experience: Faster approval times and a streamlined process
enhanced customer satisfaction.
Additional Considerations:
• Human Expertise: While automation played a significant role, human expertise remained
crucial for complex cases or exceptions.
• Change Management: The BPR initiative likely required effective change management
strategies to address employee concerns and ensure smooth adoption of the new system.
Overall, IBM Credit's IT-enabled BPR initiative serves as a successful example of how
companies can leverage technology to improve business processes, enhance efficiency, and
achieve better customer outcomes.

Top of the Document

SU3
Internal controls
Functions – Preventive, detective Corrective à physical and IT controls

COSO internal control framework

The COSO Internal Control Framework, also known as the COSO Integrated Framework (ICIF), is
a widely recognized framework designed to help organizations improve their internal controls and
achieve their objectives. It provides a principles-based approach that can be applied to various
organizations and industries.
Here are the key elements of the COSO Internal Control Framework:
1. The Five Components:
The framework outlines five interrelated components that contribute to a strong system of internal
controls:
• Control Environment: Sets the tone for the organization regarding the importance of
internal controls. It includes factors like management philosophy, integrity, and
commitment to ethical values.
• Risk Assessment: Identifies the potential risks that could prevent the organization from
achieving its objectives.
• Control Activities: Policies and procedures implemented to mitigate identified risks. These
can be preventive, detective, or corrective controls.
• Information and Communication: Ensures relevant information is captured,
communicated, and used by employees to make informed decisions and manage risks
effectively.
• Monitoring: Ongoing process of assessing the effectiveness of internal controls and
making necessary adjustments.
2. The Seventeen Principles:

Top of the Document

Within each of the five components, there are specific principles that provide more detailed
guidance. These principles offer a comprehensive view of what effective internal controls should
look like.
Benefits of Using the COSO Framework:
• Improved Risk Management: Helps organizations identify and manage risks more
effectively.
• Enhanced Compliance: Provides a framework for complying with relevant regulations and
standards.
• Increased Efficiency: Streamlines processes and reduces the risk of errors and fraud.
• Stronger Governance: Promotes good corporate governance practices.
• Improved Decision-Making: Provides a foundation for making informed decisions based
on reliable information.
Who Uses the COSO Framework?
The COSO framework is a versatile tool used by various organizations, including:
• Publicly traded companies
• Private companies
• Non-profit organizations
• Government agencies
The framework can be adapted to the specific size, complexity, and industry of the organization.
Criticisms of the COSO Framework:
• Can be complex: The framework's comprehensiveness can be overwhelming for some
organizations, particularly smaller ones.
• Implementation costs: Implementing and maintaining a robust system of internal controls
can be resource-intensive.
• Focus on compliance: Critics argue that the framework might overemphasize compliance
with regulations at the expense of addressing broader risk management goals.
Overall, the COSO Internal Control Framework provides a valuable foundation for
organizations to establish and maintain effective internal controls. By understanding and
applying the framework's principles, organizations can improve their overall governance,
risk management, and ultimately, achieve their strategic objectives.

Enterprise Risk Management (ERM) is a comprehensive approach used by

organizations to identify, assess, prioritize, and mitigate potential risks that could hinder their ability
to achieve their objectives. It's a proactive strategy that goes beyond simply reacting to problems
as they arise. Here's a breakdown of key aspects of ERM:
Core Principles of ERM:
• Holistic View: ERM considers all types of risks an organization faces, including:
o Strategic Risks: Risks related to the organization's overall direction and long-term
goals (e.g., changes in technology, competition).
o Operational Risks: Risks associated with day-to-day operations (e.g., IT outages,
production disruptions).
o Financial Risks: Risks that can impact the organization's financial health (e.g.,
market fluctuations, currency exchange rates).
o Reputational Risks: Risks that can damage the organization's image and public
standing (e.g., data breaches, product safety issues).
• Proactive Management: The goal of ERM is not just to identify risks, but to actively
manage them by:
o Risk Assessment: Evaluating the likelihood and potential impact of each risk.
o Risk Prioritization: Focusing on the most critical risks that require immediate
attention.

Top of the Document

 o Risk Mitigation: Implementing strategies to reduce the likelihood or impact of
risks. This might involve avoiding, transferring, reducing, or accepting risks.
o Risk Monitoring: Continuously monitoring risks and adapting strategies as
needed.
Benefits of Implementing ERM:
• Improved Decision-Making: By understanding potential risks, organizations can make
more informed strategic and operational decisions.
• Enhanced Efficiency and Effectiveness: ERM helps to streamline processes, reduce
errors, and minimize disruptions caused by unforeseen events.
• Increased Profitability: Effective risk management can prevent losses and protect the
organization's financial health.
• Stronger Reputation: Proactive risk management helps to build trust with stakeholders
and maintain a positive brand image.
• Improved Regulatory Compliance: ERM can ensure the organization adheres to relevant
regulations and industry standards.
Key Components of an ERM Framework:
• Risk Governance: Defines the roles, responsibilities, and communication channels for
managing risk across the organization.
• Risk Appetite: Establishes the organization's tolerance for risk and guides risk-taking
decisions.
• Risk Culture: Promotes an organizational culture that values risk awareness, open
communication, and ethical decision-making.
• Risk Identification: The process of systematically identifying all potential risks the
organization faces.
• Risk Assessment: Analyzing the likelihood and potential impact of each identified risk.
• Risk Response: Developing and implementing strategies to mitigate identified risks.
• Risk Monitoring: Continuously monitoring and evaluating the effectiveness of risk
management strategies.
ERM in Action:
Imagine a company planning to launch a new product. Through ERM, they might identify risks like:
• Market Rejection: The new product might not resonate with the target audience.
• Production Delays: Unexpected issues might delay the product launch.
• Cybersecurity Threats: The product's online component might be vulnerable to
cyberattacks.
By identifying these risks beforehand, the company can develop mitigation strategies like market
research, establishing backup production plans, and implementing robust cybersecurity measures.
Conclusion:
ERM is a vital practice for organizations of all sizes and industries. By proactively managing risks,
organizations can navigate a complex and uncertain environment, make better decisions, and
achieve their strategic goals.

Top of the Document

ERM vs COSO
Enterprise Risk Management (ERM) and the COSO Internal Control Framework (ICIF) are
interrelated but distinct concepts that work together to achieve organizational goals. Here's how
they connect:
Enterprise Risk Management (ERM):
• Big Picture: ERM takes a holistic view of all potential risks that an organization faces,
including strategic, operational, financial, and reputational risks.
• Proactive Approach: It focuses on proactively identifying, assessing, prioritizing, and
mitigating these risks to achieve the organization's objectives.
• Broader Scope: ERM encompasses a wider range of activities beyond internal controls,
such as risk culture, risk appetite, and risk financing strategies.
COSO Internal Control Framework (ICIF):
• Internal Focus: The COSO framework specifically focuses on internal controls, which are
the policies and procedures implemented to manage risks and ensure the organization
achieves its objectives.
• Detailed Guidance: It provides a comprehensive set of principles to establish and
maintain a strong system of internal controls.
• Implementation Tool: The COSO framework acts as a practical tool for implementing ERM
strategies at the operational level.
Here's an analogy to understand the relationship:
Imagine a company building a house (represents achieving objectives). ERM is like the architect
who considers all potential threats (like weather, structural issues) to design a safe and secure
house. The COSO framework is like the blueprint (detailed plans) and construction techniques
(internal controls) used to build the house according to the architect's design (ERM strategy).
How They Work Together:
• ERM Informs Internal Controls: ERM identifies key risks, which then informs the design
and implementation of specific internal controls within the COSO framework to mitigate
those risks.
• Internal Controls Support ERM: A strong system of internal controls, established based
on the COSO framework, helps manage risks identified through ERM and ensures
adherence to ERM strategies.
In essence, ERM provides the overall risk management strategy, while the COSO framework
offers a practical approach to implement that strategy through effective internal controls.
Here are some additional points to consider:
• COSO Updated for ERM: The 2017 update to the COSO framework emphasizes its
alignment with ERM principles.
• COSO as a Component of ERM: Some consider the COSO framework a sub-component
of a broader ERM framework.
Overall, ERM and the COSO framework are complementary concepts that work together to create
a comprehensive risk management approach for organizations. By understanding both,
organizations can make informed decisions, manage risks effectively, and achieve their strategic
goals.

Top of the Document

COBIT vs COSO
There might be some confusion here. COBIT itself isn't exactly an internal control framework like
COSO. It's more of a governance and management framework for information technology (IT).
Here's a breakdown of the key differences:
• COSO Internal Control Framework (COSO):
o Focuses on internal controls in general, encompassing various aspects of the
organization, not just IT.
o Provides a principles-based approach to establish a strong system of internal
controls.
o Aims to ensure organizations achieve their objectives by managing various risks.
• COBIT (Control Objectives for Information and Related Technologies):
o Focuses on the governance and management of information technology (IT) and
related processes.
o Offers a set of best practices, processes, and control objectives for IT
governance.
o Aims to optimize the alignment between IT and the organization's business goals.
While COBIT isn't strictly an internal control framework, it can be used to support and
strengthen internal controls related to IT. Here's how:
• COBIT Aligns with COSO: The COBIT framework aligns with the COSO principles,
particularly the control environment and control activities components.
• IT-Specific Controls: COBIT provides specific guidance for implementing IT controls, such
as access controls, data security, and disaster recovery planning. This helps organizations
manage risks associated with IT infrastructure and processes.
• Governance and Management: COBIT emphasizes good IT governance practices, which
contribute to a strong internal control environment.
In essence, COBIT complements COSO by providing a specific lens for IT governance and
control within the broader framework of internal controls.
Here's an analogy: Imagine COSO as a comprehensive security system for your entire house
(organization). COBIT would be like the specific security measures you take for your valuables in
the safe (IT systems and data).

RECAP:
Risk Management Frameworks
- ERM
- COBIT
- COSO

Top of the Document

BCP vs BCM vs DRP
The terms business continuity management (BCM), business continuity planning (BCP), and
disaster recovery planning (DRP) are interrelated but distinct concepts within the realm of
organizational preparedness. Here's a breakdown to clarify the differences:
Business Continuity Management (BCM):
• Holistic Approach: BCM encompasses the entire spectrum of activities related to ensuring
an organization's ability to continue critical functions after a disruption. It's the overarching
strategy.
• Focus: BCM focuses on preparing for, responding to, and recovering from a wide range of
disruptive events, including:
o Natural disasters (floods, earthquakes)
o Technological outages (cyberattacks, power failures)
o Pandemics
o Supply chain disruptions
• Long-Term Perspective: BCM takes a long-term view, aiming to build organizational
resilience to adapt to various threats and ensure sustained operations.
Business Continuity Planning (BCP):
• Specific Plans: BCP is a core component of BCM that involves creating detailed plans for
how the organization will respond to and recover from specific disruptions.
• Actionable Steps: These plans outline clear steps for:
o Maintaining critical operations during a disruption (might involve alternate sites,
remote work procedures)
o Restoring essential functions after a disruption
o Communication protocols to keep stakeholders informed
Disaster Recovery Planning (DRP):
• Subcomponent of BCP: DRP is a more specific type of business continuity planning that
focuses on recovering from IT infrastructure and data disruptions.
• Technical Focus: DRP plans address issues like data backup, disaster recovery sites, and
procedures for restoring IT systems and data in case of an outage or cyberattack.
Here's an analogy to illustrate the differences:
Imagine your organization is a house.
• BCM: This is like having a comprehensive homeowner's insurance policy that protects your
house from various threats (fire, theft, etc.).
• BCP: These are the specific action plans you have in place for different emergencies (e.g.,
fire escape plan, plan for a broken pipe).
• DRP: This is like having a backup generator specifically to ensure your essential appliances
(fridge, security system) keep functioning during a power outage.
Key Points to Remember:
• BCM is the overarching strategy, while BCP and DRP are specific components that fall
under the BCM umbrella.
• BCP has a broader scope, encompassing all critical functions, while DRP focuses on IT
infrastructure and data recovery.
• Effective BCM requires a combination of BCP and DRP, along with other BCM activities like
risk assessment, training, and testing.
By understanding these distinctions, organizations can develop a comprehensive BCM strategy
that ensures their ability to withstand disruptions and maintain business continuity in the face of
unforeseen events.

Top of the Document

SU3 Activity 3.3 Appropriate Internal Control Activities for the
Scenarios
Scenario 1: Accounts receivables clerk records all incoming customer cash receipts for her
employer and posts the customer payments to their respective accounts.
Risk: The clerk could steal cash receipts or post them inaccurately to customer accounts.
Internal Control Activities:
• Segregation of Duties: Separate the cash receipt processing tasks from accounts
receivable record keeping. This could involve having one person handle cash receipts and
another person post payments to customer accounts.
• Supervisory Review: A supervisor should periodically review the clerk's work, including
reconciliations of cash receipts with bank deposits and customer account statements.
• Deposit Tickets: Pre-numbered deposit tickets should be used to record all cash receipts,
with a duplicate copy kept for internal records.
• Restricted Access: Limit access to cash receipts and customer account records only to
authorized personnel.

Scenario 2: Mr. Lim prides himself on hiring quality workers who require little supervision. As
office manager, Mr. Lim gives his employees full discretion over their tasks and for years has
seen no reason to perform independent reviews of their work.
Risk: Employee errors or fraud could go undetected due to lack of supervision and review.
Internal Control Activities:
• Regular Performance Reviews: Implement regular performance reviews for all
employees, including evaluations of their work accuracy and adherence to procedures.
• Independent Reviews: Periodically conduct independent reviews of employee work, such
as reconciliations, data entry checks, or surprise audits.
• Established Procedures: Develop and document clear procedures for key tasks, ensuring
all employees understand their responsibilities and how to complete tasks accurately.
• Internal Audit Function: Consider establishing an internal audit function to conduct
independent and objective reviews of financial controls and overall operational
effectiveness.

Scenario 3: Your shoeshop was a typical Singapore SME dealing with sportswear. Its accounts
clerk, who was hired year ago, ran off after the company’s manager discovered that a large
sum of money had disappeared over the past six months. An audit disclosed that the
accounts clerk had written and signed several cheques made payable to her fiancé and then
recorded the cheques as salaries expense. The fiancé, who cashed the cheques but never
worked for the company, left town with the accounts clerk. As a result, the company incurred
a loss of $16,000
Lessons Learned:
• Background Checks: Implement thorough background checks for new hires, which might
include verifying employment history and references.
• Dual Signature for Cheques: Require two authorized signatures on all company cheques,
reducing the risk of unauthorized issuance.
• Reconciliations: Regularly reconcile bank statements with internal accounting records to
identify discrepancies and potential fraud.
• Vacation or Sick Leave Procedures: Establish clear procedures for handling employee
vacations or sick leave, ensuring continuity of tasks and preventing lapses in internal
controls during employee absences.

Top of the Document

 • Fidelity Bond: Consider obtaining a fidelity bond to protect the company from financial
losses caused by employee theft.

Internal controls
There are several ways to categorize controls, but three commonly used types are:
1. Preventive Controls: These controls aim to stop errors or unwanted actions from
happening in the first place. Examples include:
o Access controls (passwords, firewalls) to prevent unauthorized access to data or
systems.
o Approval processes for transactions to ensure they meet specific criteria before
being finalized.
o Automated data validation checks to catch errors in data entry.
2. Detective Controls: These controls help to identify errors or unwanted actions after they
have occurred. Examples include:
o Reconciliation of accounts to identify discrepancies or missing information.
o Performance monitoring to detect unusual activity or potential fraud.
o Variance analysis to compare actual results to planned budgets and identify
deviations.
3. Corrective Controls: These controls address the situation after an error or unwanted
action has been identified. Examples include:
o Taking corrective action to fix errors in data or transactions.
o Disciplinary action for employees who violate policies or procedures.
o Implementing new controls or revising existing ones to prevent similar occurrences
in the future.
Preferred Type of Control:
The preferred type of control is preventive control. Here's why:
• Proactive Approach: Preventive controls stop issues from happening in the first place,
leading to fewer errors, reduced costs, and improved efficiency.
• Focus on Prevention: Fixing errors after they occur can be time-consuming and expensive.
Preventive controls aim to avoid these problems altogether.
• Enhanced Security: Strong preventive controls can significantly improve data security and
reduce the risk of fraud or unauthorized activity.
However, a combination of all three control types is often necessary for a robust control
environment. Here's why:
• No Single Control is Perfect: No single preventive control can eliminate all risks. Detective
and corrective controls are essential for catching and addressing any issues that slip
through preventive measures.
• Layered Defense: A layered approach with different types of controls provides a more
comprehensive defense against potential threats.
• Continuous Improvement: By using detective controls to identify weaknesses,
organizations can continuously improve their preventive controls and overall risk
management strategy.
In conclusion, while preventive controls are the most desirable, a well-designed control
environment typically utilizes a combination of all three types to proactively prevent errors,
identify issues promptly, and take corrective actions when necessary.

Top of the Document

Factors for consideration for controls used
Here are some key considerations/factors to take into account when deciding whether to
implement a specific type of control (preventive, detective, or corrective):
1. Risk Assessment:
• Identify Risks: The first step is to identify the specific risks you are trying to mitigate.
• Likelihood and Impact: Evaluate the likelihood of each risk occurring and the potential
impact it could have on your organization. This helps prioritize which risks require the most
robust controls.
2. Cost vs. Benefit:
• Cost of Implementation: Consider the cost of implementing and maintaining the control.
This includes factors like software, training, personnel, and ongoing maintenance.
• Expected Benefit: Evaluate the expected benefit of the control. This could be reduced
errors, improved efficiency, enhanced security, or other benefits depending on the control
type.
3. Control Effectiveness:
• Suitability for the Risk: Is the control type (preventive, detective, or corrective) well-suited
to address the identified risk?
• Strength of the Control: How effective will the specific control be in preventing, detecting,
or correcting the issue? Consider potential weaknesses or loopholes in the control design.
4. User Impact:
• Complexity for Users: How complex will the control be for users to implement or comply
with? Consider potential disruptions to workflows or user adoption challenges.
• Impact on Morale: Will the control create a sense of distrust or hinder employee morale?
Aim for a balance between security and user experience.
5. Integration with Existing Controls:
• Complementary Approach: How will the new control integrate with existing controls in
place? Ideally, controls should work together to create a comprehensive and layered
defense.
• Redundancy or Overlap: Avoid implementing controls that are redundant or overlap
significantly with existing controls, as this can add unnecessary complexity and cost.
6. Scalability and Flexibility:
• Adaptability to Change: Can the control be easily adapted to changes in business
processes, technology, or regulatory requirements?
• Future-Proofing: Consider how the control will scale as your organization grows or faces
evolving risks.
7. Legal and Regulatory Requirements:
• Compliance Needs: Are there any legal or regulatory requirements that mandate specific
controls? Ensure your control measures align with relevant compliance obligations.
By carefully considering these factors, you can make informed decisions about which type of
control (preventive, detective, or corrective) is most appropriate for a specific risk.
Remember, the ideal approach often involves a combination of control types to create a
robust and adaptable control environment.

Top of the Document

SOX (impact on corporate governance and financial reporting)
The Sarbanes-Oxley Act of 2002 (SOX) is a United States federal law that established new
regulations and reforms for publicly traded companies and their accounting practices. It was
enacted in response to a series of high-profile accounting scandals, most notably the collapse of
Enron Corporation, which involved massive accounting fraud.
Here are some of the key provisions of SOX:
Increased Corporate Governance:
• Board of Directors Responsibilities: SOX requires boards of directors to be more
accountable for the financial reporting of their companies. This includes establishing an
audit committee composed of independent directors and overseeing the internal controls
for financial reporting.
• CEO and CFO Certification: The CEO and CFO of a publicly traded company must
personally certify the accuracy of their company's financial statements. This increases their
accountability for the financial information they present.
• Corporate Whistleblowers: SOX protects employees who report potential accounting
fraud within their companies. This encourages employees to speak up about wrongdoing
without fear of retaliation.
Enhanced Financial Reporting:
• Auditor Independence: SOX requires increased independence of external auditors who
review the financial statements of publicly traded companies. This helps to ensure that
auditors are objective and not influenced by the companies they audit.
• Real-Time Disclosures: SOX requires companies to disclose material changes in their
financial condition or operations in a timely manner. This promotes greater transparency
and reduces the risk of investors being misled.
• Increased Penalties: SOX established new and stricter penalties for corporate fraud and
accounting misconduct. This deters companies and individuals from engaging in such
activities.
Impact of SOX:
The Sarbanes-Oxley Act has had a significant impact on corporate governance and financial
reporting practices in the United States. It has helped to restore investor confidence in the markets
and reduce the risk of major accounting scandals.
However, SOX has also been criticized for:
• Increased Costs for Businesses: Complying with SOX can be expensive for companies,
particularly smaller ones.
• Excessive Regulation: Some argue that SOX created an overly complex regulatory
environment that stifles innovation.
Overall, SOX remains a landmark piece of legislation that has helped to improve the integrity
of financial reporting and protect investors.

Top of the Document

SU4
Class activity 4.2 (revenue cycle)
Control Weaknesses at Parktown Medical Center:
1. Weak Segregation of Duties:
• Weakness: The clerical staff performs multiple critical tasks related to cash handling,
billing, and accounts receivable. One clerk can handle tasks from receiving cash to
updating patient accounts.
• Threat: This lack of segregation of duties creates an opportunity for a clerk to steal cash
receipts, manipulate patient accounts, or issue fake invoices and credit themselves.
• Exposure: The potential financial loss could be significant, and the discrepancy might go
undetected for some time.
• Recommendation: Implement segregation of duties. Separate cash handling (receiving
payments, making deposits) from billing and accounts receivable tasks (updating patient
ledgers, sending statements). This requires assigning different staff or utilizing dual control
procedures for critical tasks.
2. Lack of Supervision over Lunch Break:
• Weakness: The office manager, who handles bank deposits and reconciles bank
statements, takes the deposit to the bank during lunch. During this time, another clerk with
access to cash receipts and patient accounts updates accounts based on the deposit list.
• Threat: There's no supervision of the clerk updating accounts during the lunch break. This
creates an opportunity for the clerk to manipulate the deposit list or patient accounts
before the bank reconciliation occurs.
• Exposure: Potential theft of cash receipts or manipulation of accounts could go unnoticed
until the next bank reconciliation.
• Recommendation: Separate the lunch break of the clerk updating accounts from the office
manager responsible for bank deposits. Alternatively, consider having two staff members
transport the deposit to the bank, ensuring proper oversight.
3. Approval of Credit by Physicians without Formal Credit Policy:
• Weakness: Physicians approve credit based on interviews without a formal credit policy
outlining criteria for creditworthiness. This subjective approach lacks consistency and
documentation.
• Threat: Approving credit without proper vetting increases the risk of bad debt and
uncollectible accounts.
• Exposure: The clinic could face financial losses due to unpaid balances from patients who
were not thoroughly assessed for creditworthiness.
• Recommendation: Develop a formal credit policy with clear criteria for patient credit
approval. This could involve income verification, credit score checks, or requiring co-
signers for high-risk cases. Implement a standardized credit application form for
documentation purposes.
These are just three of the potential control weaknesses at Parktown Medical Center. Implementing
the suggested recommendations can significantly improve internal controls and mitigate the
associated risks.

Top of the Document

Class activity 4.3 (expenditure cycle)
Threats and Controls for Purchasing and Payment Processes:
Scenario 1: Ordering - Overpriced Laptop Purchase
• Threat: Unauthorized or unnecessary purchase exceeding budget limitations.
• Control:
o Implement a purchase approval process with spending limits based on employee
level or department. For exceeding the limit, require additional approvals from
supervisors or management.
o Consider using pre-approved vendor lists with negotiated prices for specific items
like laptops.
Scenario 2: Ordering - Verbal Orders
• Threat: Errors in order accuracy, potential for fraud with fake suppliers or inflated prices.
• Control:
o Require formal purchase orders for all purchases, regardless of value.
o Implement a supplier approval process to ensure legitimacy before placing orders.
o Encourage the use of electronic ordering systems to reduce reliance on verbal
communication.
Scenario 3: Receiving - Quantity Discrepancy
• Threat: Inventory theft or manipulation of receiving records.
• Control:
o Implement a three-way match process for receiving: purchase order, packing slip,
and actual received goods. All quantities should match.
o Conduct periodic physical inventory counts to verify recorded inventory against
actual stock.
o Implement a system for reporting and investigating receiving discrepancies.
Scenario 4: Receiving - Incomplete Communication
• Threat: Delays in payment processing, potential for duplicate payments.
• Control:
o Require receiving reports to be promptly forwarded to the purchasing department
upon receiving goods.
o Implement electronic tracking systems to monitor the status of purchase orders
and deliveries.
Scenario 5: Approving Invoices - Fake Supplier Fraud
• Threat: Payment to fictitious vendors for non-existent goods or services.
• Control:
o Establish a formal process for approving new vendors, including verification of
legitimacy and references.
o Implement a dual-approval system for invoice payments above a certain threshold.
o Conduct regular reviews of supplier accounts and payment history.
Scenario 6: Approving Invoices - Missing Documentation
• Threat: Processing of unauthorized or duplicate invoices due to lack of verification.
• Control:
o Require all invoices to be matched against corresponding purchase orders and
receiving reports before approval.
o Standardize the documentation required for invoice approval (purchase order,
receiving report, etc.).
Scenario 7: Cash Disbursement - Lack of Cancellation Markings
• Threat: Accidental or intentional re-use of supporting documents for fraudulent payments.
• Control:

Top of the Document

 o Implement a system for marking supporting documents as "paid" or "cancelled"
after being used for a payment.
o Regularly reconcile paid invoices with supporting documentation.
Scenario 8: Cash Disbursement - Segregation of Duties Issue
• Threat: Risk of embezzlement or manipulation of bank records by the same person
handling cheque writing and reconciliation.
• Control:
o Implement segregation of duties. Separate the tasks of authorizing payments,
cheque writing/EFT processing, and bank reconciliation.
o Require regular bank statement reconciliations by someone independent of the
payment process.
By implementing these controls, organizations can significantly reduce the risks associated with
purchasing and payment processes. Remember, a combination of preventive, detective, and
corrective controls is essential for a robust internal control environment.

Vendor managed inventory

Companies such as Wal-Mart have moved beyond JIT (Just In Time) to VMI* (Vendor Managed
Inventory) systems.
a) Discuss the potential advantages and disadvantages of this arrangement.
b) What special controls, if any, should be developed to monitor VMI systems?

VMI vs JIT: Advantages, Disadvantages, and Controls

Just-In-Time (JIT) and Vendor Managed Inventory (VMI) are two inventory management
strategies with distinct advantages and disadvantages. Here's a breakdown:

a) Advantages and Disadvantages:

VMI (Vendor Managed Inventory):
Advantages:
• Reduced Inventory Costs: Vendors manage stock levels, potentially minimizing storage
and carrying costs for the company.
• Improved Efficiency: Automated inventory replenishment reduces stockouts and ordering
time for the buyer.
• Enhanced Collaboration: Closer partnership with suppliers can lead to better demand
forecasting and planning.
• Expertise from Vendors: Leverages vendor knowledge in inventory management,
potentially leading to better optimization.
Disadvantages:
• Loss of Control: Companies cede some control over inventory decisions to the vendor.
• Increased Dependence on Vendors: Reliance on a single vendor can be risky if there are
supply chain disruptions or quality issues.
• Data Sharing Concerns: Sharing sales data with vendors might raise confidentiality
concerns.
• Potential Vendor Lock-in: Switching vendors can be difficult if the VMI system is highly
integrated with the supplier's system.

Top of the Document

JIT (Just-in-Time):
Advantages:
• Reduced Storage Costs: Minimizes the amount of inventory held, leading to lower storage
and carrying costs.
• Improved Cash Flow: Less money is tied up in inventory, potentially improving cash flow.
• Increased Efficiency: Reduces waste and non-value-added activities associated with
excess inventory.
• Greater Flexibility: Easier to adapt to changes in demand due to lower inventory levels.
Disadvantages:
• Higher Risk of Stockouts: Disruptions in the supply chain can lead to stockouts and
production stoppages.
• Requires Strong Supplier Relationships: Relies on reliable suppliers who can deliver on
time and in full.
• Higher Transportation Costs: More frequent, smaller deliveries might lead to higher
transportation costs per unit.
• Less Room for Error: Less buffer stock can magnify the impact of production line issues or
unexpected demand fluctuations.

b) Special Controls for VMI Systems:

VMI systems require a different control approach compared to traditional inventory management.
Here are some special controls to consider:
• Performance Metrics and SLAs (Service Level Agreements):
o Establish clear performance metrics (e.g., fill rates, on-time delivery) and Service
Level Agreements (SLAs) with vendors. These metrics should be monitored
regularly to ensure the vendor is meeting expectations.
• Vendor Selection and Evaluation:
o Implement a rigorous vendor selection process, considering factors like reliability,
track record, and performance capabilities in VMI systems. Regularly evaluate
vendor performance to ensure they meet agreed-upon standards.
• Inventory Visibility and Data Sharing Protocols:
o Establish clear data sharing protocols to ensure transparency and trust. Define what
data is shared with vendors, how often, and the security measures in place to
protect sensitive information.
• Independent Inventory Audits:
o Conduct periodic independent inventory audits to verify the accuracy of the
vendor-managed inventory levels. This helps identify any discrepancies and ensure
the vendor's data reflects reality.
• Dispute Resolution Procedures:
o Establish clear procedures for resolving any discrepancies or disputes arising from
the VMI system. This ensures a smooth process for addressing any issues that might
emerge.
In conclusion, VMI offers benefits like reduced costs and improved efficiency, but it requires
a shift in control and strong vendor relationships. Implementing the suggested controls can
help companies leverage the advantages of VMI while mitigating the potential risks
associated with reduced control over inventory management.

Top of the Document

SU5
REA model

Top of the Document

SU5 Class activity 5.3
REA Diagram for Fred's Train Shop's Expenditure Cycle
Entities:
• Resources:
o Inventory (Trains, Accessories)
o Cash
• Agents:
o Fred (Shop Owner)
o Supplier
Events:
• Order Placement: Fred places an order with a supplier for multiple items.
• Goods Receipt: Fred receives a shipment of goods from the supplier (full or partial order).
• Invoice Receipt: Fred receives an invoice from the supplier (either for a full order or for a
backordered item).
• Cash Payment: Fred pays a supplier invoice in full.
Attributes:
• Order Placement: Order ID, Date, Items Ordered, Quantity, Unit Price
• Goods Receipt: Receipt ID, Date, Order ID, Items Received, Quantity
• Invoice Receipt: Invoice ID, Date, Order ID (if applicable), Items Billed, Quantity, Unit Price,
Total Amount, Due Date (if applicable)
• Cash Payment: Payment ID, Date, Invoice ID (if applicable), Payment Amount, Discount
Taken (if applicable)
Relationships:
• One Fred: Many Order Placements (Fred places multiple orders)
• One Order Placement: Many Goods Receipts (An order can result in multiple shipments
due to partial fulfillment)
• One Order Placement: One or Many Invoice Receipts (An order can have one invoice
for a full order or multiple invoices for partial shipments and backorders)
• One Invoice Receipt: Zero or One Cash Payment (An invoice can be paid immediately or
on a statement)
• One Cash Payment: One Invoice Receipt (A payment is made for a specific invoice)
• One Supplier: Many Order Placements (Fred can order from multiple suppliers)
• One Goods Receipt: One Supplier (Each shipment comes from a specific supplier)
• One Invoice Receipt: One Supplier (Each invoice comes from a specific supplier)
Cardinalities:
• Min - Max
• Fred 1 - Many Order Placements
• Order Placement 1 - Many Goods Receipts
• Order Placement 1 - 1 or Many Invoice Receipts
• Invoice Receipt 0 - 1 Cash Payment
• Cash Payment 1 - 1 Invoice Receipt
• Supplier 1 - Many Order Placements
• Goods Receipt 1 - 1 Supplier
• Invoice Receipt 1 - 1 Supplier

Top of the Document

Top of the Document
RPA and BPR
RPA (Robotic Process Automation) and BPR (Business Process Re-engineering) are two approaches
to improving business efficiency, but they serve different purposes and work best when used
together. Here's how they align:
BPR (Business Process Re-engineering):
• Focus: Analyzes and redesigns existing business processes to eliminate waste, improve
efficiency, and reduce costs.
• Activities:
o Identifies bottlenecks and inefficiencies in current processes.
o Streamlines workflows and eliminates unnecessary steps.
o Standardizes processes across the organization.
o May involve implementing new technologies or software.
RPA (Robotic Process Automation):
• Focus: Automates repetitive, rule-based tasks within existing business processes.
• Activities:
o Identifies tasks that are well-defined, rule-based, and high-volume.
o Develops software robots (bots) to mimic human actions for those tasks.
o Deploys bots to automate tasks, freeing up human employees for higher-value
work.
Alignment between BPR and RPA:
• BPR lays the groundwork for RPA: BPR helps identify the most suitable processes for
automation by analyzing workflows and pinpointing repetitive, manual tasks. By
streamlining processes, BPR ensures a smoother implementation of RPA.
• RPA executes the automation: Once BPR identifies suitable tasks, RPA tools can be used
to develop and deploy bots to automate those tasks, significantly improving efficiency and
reducing errors.
• Combined Benefits: The combination of BPR and RPA can lead to:
o Increased productivity: Employees are freed from repetitive tasks for more strategic
work.
o Reduced costs: Automation can save labor costs associated with manual tasks.
o Improved accuracy: Bots can perform tasks consistently and accurately, minimizing
errors.
o Enhanced compliance: Automation can ensure adherence to defined processes
and regulations.
Here's an analogy:
• Imagine BPR as a business consultant: The consultant analyzes your company's
operations, identifies areas for improvement, and recommends changes to workflows.
• RPA is like a highly skilled assistant: The assistant takes over the routine tasks identified
by the consultant, allowing you to focus on more strategic initiatives.
Using BPR and RPA together creates a powerful approach to process improvement. By
redesigning processes and then automating repetitive tasks, organizations can achieve
significant efficiency gains and a competitive advantage.
Here are some additional points to consider:
• Not all processes are good candidates for RPA. BPR helps identify the most suitable tasks
for automation.
• RPA works best with well-defined, structured processes. BPR can help standardize
processes before implementing RPA.
• Change management is crucial for successful BPR and RPA implementation. Employees
need to be involved and understand the benefits of automation.

Top of the Document

Potential RPA Use Cases in Various Business Functions
1. Revenue Cycle (Sales, AR & Collection):
• Generating invoices: Automate invoice creation based on sales order data.
• Sending email reminders: Send automated email reminders to customers for overdue
payments.
• Processing customer payments: Automate data entry and processing of customer
payments received electronically.
• Credit memo processing: Automate the generation and processing of credit memos for
returns or discounts.
• Data validation and cleansing: Cleanse and validate customer and invoice data to ensure
accuracy.
2. Expenditure Cycle (Purchases, AP & Payment):
• Purchase order processing: Automate the creation of purchase orders based on pre-
defined rules and inventory levels.
• Vendor invoice processing: Automate data entry and processing of vendor invoices,
including three-way matching with purchase orders and receiving reports.
• Payment processing: Schedule and automate payments to vendors based on approved
invoices.
• Expense categorization: Automate the categorization of expenses based on pre-defined
rules.
3. Accounting:
• Bank reconciliation: Automate bank reconciliation by matching bank statements with
internal accounting records.
• General ledger posting: Automate repetitive journal entries for common transactions.
• Closing entries processing: Automate the generation and processing of year-end closing
entries.
4. Reporting:
• Generate routine reports: Automate the generation of standard financial and operational
reports (e.g., sales reports, inventory reports).
• Data extraction and formatting: Extract data from various sources and format it for
reports.
5. Human Resource:
• Payroll processing: Automate routine tasks associated with payroll processing, such as
calculating deductions and taxes.
• Onboarding new hires: Automate tasks like sending welcome emails, collecting new hire
information, and provisioning system access.
• Leave management: Automate leave request processing and approval workflows.
6. Audit:
• Data extraction and preparation: Extract and prepare large amounts of data for audit
procedures.
• Testing controls: Automate the execution of certain internal control tests.
7. Tax:
• Data gathering and preparation: Collect and format tax data from various sources.
• Tax calculation automation: Automate calculations for specific tax types based on pre-
defined rules.
It's important to note that these are just a few examples, and the suitability of RPA for each
function depends on the specific processes and tasks involved.

Top of the Document

SU6
Assuming that you are evaluating a new ERP/AIS system for your
company. In order to choose the most suitable software, what are the
various considerations that you need to make in terms of the following:
1. Software functionalities
2. Technical requirements
3. Vendor characteristics
4. Costs

Here are the various considerations you need to make when evaluating a new ERP/AIS system for
your company:
1. Software Functionalities:
• Match your needs: Analyze your current business processes and identify your specific
requirements. Ensure the ERP/AIS system can handle core functionalities like:
o Accounting (General Ledger, Accounts Payable/Receivable, Fixed Assets)
o Inventory Management (Purchasing, Stock Control)
o Sales & Order Management (Quoting, Order Processing)
o Human Resources (Payroll, Benefits Management)
o Reporting & Analytics (Financial reports, Sales dashboards)
o (Optional) Industry-specific features relevant to your business
• Scalability: Consider future growth and choose a system that can scale to meet your
expanding needs.
• Integration capabilities: Evaluate how well the system integrates with existing software
like CRM or e-commerce platforms.
• Customization: Assess the level of customization possible to adapt the system to your
specific workflows.
2. Technical Requirements:
• System compatibility: Ensure the system is compatible with your existing hardware and
operating systems.
• Deployment options: Consider cloud-based, on-premise, or hybrid deployment options
based on your IT infrastructure and security needs.
• Security features: Evaluate the system's security protocols for data protection, access
control, and disaster recovery.
• Implementation and training: Assess the level of support offered by the vendor for
system implementation, user training, and ongoing maintenance.
3. Vendor Characteristics:
• Financial stability: Research the vendor's financial health to ensure ongoing support and
system updates.
• Industry experience: Evaluate the vendor's experience in your specific industry and their
understanding of your business needs.
• Customer service: Assess the vendor's reputation for customer service, including technical
support and user training resources.
• Implementation track record: Consider the vendor's experience in successful ERP/AIS
implementations for companies similar to yours.
4. Costs:
• Licensing fees: Consider the upfront cost of software licenses for the required number of
users.
• Implementation costs: Factor in the costs associated with system implementation, data
migration, and customization.

Top of the Document

 • Ongoing maintenance: Evaluate the annual subscription fees or maintenance costs
associated with ongoing support and updates.
• Training costs: Consider the costs associated with user training on the new system.
• Return on Investment (ROI): Estimate the potential cost savings and productivity gains
from implementing the new ERP/AIS system.
By carefully considering these factors, you can make a well-informed decision when
choosing the most suitable ERP/AIS system for your company. It's also recommended to
involve various stakeholders from different departments during the evaluation process to
ensure the chosen system addresses the needs of the entire organization.

Dempster’s triangle
The Dempster's Triangle, also sometimes called the Project Triangle or Triple Constraint, is a
concept used in project management to represent the three key factors that influence the success
of a project:
• Scope: This refers to the features, functionalities, and deliverables that are included in the
project.
• Schedule (Time): This refers to the timeframe allocated for completing the project,
including deadlines and milestones.
• Cost: This refers to the financial resources required to complete the project, including
labor, materials, and other expenses.
These three factors are interrelated, and any changes made to one will likely impact the others.
Dempster's Triangle is depicted as a triangle with these three factors at the corners, visually
representing the interconnectedness:
Cost
/ \
Schedule --- Scope
Here's how the factors interact:
• Increasing the scope: Adding features or functionalities to the project will likely increase
the time and cost required to complete it.
• Tightening the schedule: Reducing the time allotted for the project may require reducing
the scope or increasing the cost (e.g., by adding more resources).
• Reducing the cost: Trying to complete the project with a lower budget might require
reducing the scope or extending the schedule.
Project managers use the Dempster's Triangle to understand the trade-offs involved in project
management. They need to balance these three constraints to achieve project goals successfully.
Effective project management involves setting realistic goals, managing expectations, and making
informed decisions when changes are necessary.
Here are some additional points to consider:
• The Dempster's Triangle is a simplified model, and other factors like resource availability,
risk management, and stakeholder expectations can also influence project success.
• Some project management methodologies prioritize specific constraints. For example,
Agile methodologies might prioritize flexibility in scope to adapt to changing
requirements, while Waterfall methodologies might prioritize a fixed scope with a defined
schedule and cost.
By understanding the Dempster's Triangle and its implications, project managers can make
informed decisions, communicate effectively with stakeholders, and increase the chances of project
success.

Top of the Document

Typical AIS/ERP Implementation Process
Implementing a new AIS/ERP system is a complex undertaking, but a well-defined process can
increase the chances of success. Here's a breakdown of a typical implementation process,
incorporating the previously discussed challenges and mitigation strategies:
1. Planning and Preparation:
• Define Project Goals and Scope: Clearly define what your organization hopes to achieve
with the new system. This helps determine the functionalities needed and sets realistic
expectations. (Challenge: Scope creep. Strategy: Document initial requirements and
involve stakeholders in defining scope.)
• Conduct Feasibility Study: Evaluate your organization's readiness for a new system by
assessing IT infrastructure, user skills, and budget. (Challenge: Lack of resources or
infrastructure. Strategy: Identify resource gaps and plan for upskilling or infrastructure
upgrades.)
• Select a Vendor and Software: Research potential vendors and their ERP/AIS offerings.
Conduct demos, compare features, and consider factors like vendor experience, industry
expertise, and cost. (Challenge: Choosing the wrong system. Strategy: Clearly define
requirements, involve key users in vendor selection, and request references from similar
companies.)
• Assemble a Project Team: Put together a team with representatives from different
departments (IT, Finance, Operations, etc.) to oversee the implementation process.
(Challenge: Poor communication or resistance to change. Strategy: Communicate project
goals clearly, encourage user participation, and provide training to address change
concerns.)
2. System Configuration and Development:
• Gap Analysis: Identify any gaps between your existing business processes and the
functionalities offered by the chosen system. (Challenge: System customization exceeding
expectations. Strategy: Clearly communicate limitations of customization and prioritize
core functionalities during configuration.)
• Data Migration and Conversion: Plan how to migrate your existing data (e.g., customer
records, inventory data) to the new system. This might involve data cleansing and
conversion to a compatible format. (Challenge: Data quality issues. Strategy: Assess data
quality early, invest in data cleansing if needed, and develop a robust data migration plan.)
• System Testing: Conduct thorough testing of the ERP/AIS system to ensure it functions as
expected and integrates seamlessly with existing systems. (Challenge: System bugs or
integration issues. Strategy: Develop a comprehensive test plan, involve users in testing,
and address any issues before deployment.)
• User Training and Documentation: Provide comprehensive training to users on how to
navigate and utilize the new system. Develop user manuals and knowledge bases for
ongoing reference. (Challenge: User resistance or lack of training. Strategy: Develop
training programs tailored to user roles, encourage hands-on practice, and provide
ongoing support resources.)
3. Go-Live and Post-Implementation:
• System Launch and Cutover: Deploy the new system and transition users to the new
platform. This might involve a phased rollout or a complete system cutover.
(Challenge: System downtime or disruptions. Strategy: Develop a detailed cutover plan,
have a rollback strategy in place, and communicate downtime expectations to users.)
• Post-Implementation Support: Provide ongoing support to users as they navigate the
new system. Address any issues that arise and monitor system performance.
(Challenge: Ongoing system maintenance and user support costs. Strategy: Factor in

Top of the Document

 ongoing support costs during budget planning, and develop a knowledge base to
empower users to solve common issues.)
• Performance Monitoring and Evaluation: Regularly monitor system performance and
user satisfaction. Evaluate whether the system is meeting project goals and identify areas
for improvement. (Challenge: Lack of system adoption or underutilization. Strategy: Track
key performance indicators (KPIs), encourage user feedback, and continuously refine the
system based on usage data.)
By following a well-defined process, addressing potential challenges proactively, and
involving stakeholders throughout the implementation, organizations can increase their
chances of a successful AIS/ERP implementation and achieve the desired benefits of a new
system.

Review key ERP project challenges and risks

• Scope Creep: The tendency for project scope to expand beyond initial plans, leading to
increased costs and delays.
• Data Quality Issues: Inaccurate or incomplete data in existing systems can cause
problems during data migration and impact system effectiveness.
• System Customization: Excessive customization can be time-consuming, expensive, and
difficult to maintain in the long run.
• Lack of Resources or Infrastructure: Insufficient IT resources, user skills, or outdated
infrastructure can hinder a smooth implementation.
• Poor Communication or Resistance to Change: Inadequate communication or user
resistance to the new system can lead to low adoption rates and hinder project success.
• Choosing the Wrong System: Selecting a system that doesn't meet your specific needs or
doesn't integrate well with existing systems can be detrimental.
• System Bugs or Integration Issues: Bugs in the new system or integration problems with
existing systems can disrupt operations and cause delays.
• System Downtime or Disruptions: System downtime during cutover or ongoing
maintenance can negatively impact business operations.
• Ongoing System Maintenance and User Support Costs: The ongoing costs associated
with system maintenance, upgrades, and user support need to be factored into the overall
budget.
• Lack of System Adoption or Underutilization: If users don't fully adopt the new system or
don't utilize its functionalities to their full potential, the project's overall benefits might not
be realized.

Discuss typical strategies to meet specific project challenges and

risks
Challenge: Scope Creep
• Strategy: Clearly define project scope in writing at the outset. This includes functionalities,
deliverables, and timelines. Manage stakeholder expectations and involve them in scope
definition. Use a formal change control process to document and approve any scope
changes.

Top of the Document

Challenge: Data Quality Issues
• Strategy: Assess data quality early in the project. Invest in data cleansing activities to
identify and correct inaccurate or incomplete data before migration. Develop a data
migration plan that ensures data integrity and consistency in the new system.
Challenge: System Customization
• Strategy: Clearly communicate the limitations of customization with stakeholders. Prioritize
core functionalities offered by the system "out-of-the-box" before considering
customizations. Evaluate the cost-benefit trade-off for any customizations and document
them thoroughly.
Challenge: Lack of Resources or Infrastructure
• Strategy: Conduct a feasibility study to assess resource needs and infrastructure readiness.
Identify resource gaps and develop a plan to address them. This might involve hiring
additional staff, upskilling existing employees, or upgrading hardware and software.
Challenge: Poor Communication or Resistance to Change
• Strategy: Develop a comprehensive communication plan to keep stakeholders informed
throughout the project. Encourage user participation in the selection and configuration
process. Address change concerns proactively through training and user support.
Challenge: Choosing the Wrong System
• Strategy: Clearly define your business needs and functionalities required in the new
system. Conduct thorough research and compare vendor offerings. Utilize demos, request
references from similar companies, and involve key users in the evaluation process.
Challenge: System Bugs or Integration Issues
• Strategy: Develop a comprehensive system testing plan that includes unit testing,
integration testing, and user acceptance testing. Address any bugs or integration issues
before system deployment.
Challenge: System Downtime or Disruptions
• Strategy: Develop a detailed cutover plan that minimizes downtime. Consider a phased
rollout or parallel testing approach. Have a rollback strategy in place in case of unforeseen
issues. Communicate downtime expectations to users in advance.
Challenge: Ongoing System Maintenance and User Support Costs
• Strategy: Factor in ongoing support costs for system maintenance, upgrades, and user
training during budget planning. Develop a knowledge base and self-service resources to
empower users to solve common problems.
Challenge: Lack of System Adoption or Underutilization
• Strategy: Develop user training programs tailored to user roles and responsibilities.
Encourage hands-on practice with the system. Promote the benefits of the new system and
success stories to encourage user adoption. Track key performance indicators (KPIs) to
measure system usage and identify areas for improvement.
By implementing these strategies, organizations can significantly mitigate the risks associated with
ERP/AIS implementations and increase their chances of achieving a successful project outcome.
Remember, a successful implementation requires careful planning, proactive risk management, and
ongoing communication and user support.

Top of the Document