ERP systems are designed to cover all the core business functions a manufacturer might need. While a manufacturer might not utilize all the modules available in an ERP system, a key point remains: ERP solutions hold the data that drives the business through a variety of processes. If the data is incorrect there can be far-ranging adverse affects.
For example, if solutions allow inappropriate access to sensitive data, a manufacturer could be at risk for security breaches. Manufacturers of sensitive materials must be audited for industry or government compliance. Others might be audited as part of the due-diligence phase of an acquisition or merger. There are also benefits to starting a self-audit.
The bottom line is that auditing manufacturing ERP systems can be an intimidating task, for any reason. Here are five core tips to guide your ERP audit plans from Ray Wang, a partner for enterprise strategy at Altimeter Group.
- Start with the KPIs.
Manufacturers should start their audit efforts by looking at their key performance indicators (KPIs). This ensures that the elements used to run the business and make decisions are correct. Once identified, the KPIs will provide the foundation for a closer look.
- Work backward through the business processes.
Wang recommends that organizations start at the desired end results of a business process and then step back looking to ensure that each step in a process was handled correctly. "Begin with the end in mind," Wang said, and "start with what you want to measure."
- Identify control points.
Business processes tend to go wrong in the places that require action or change. As a result, event areas are a natural spot to focus auditing attention. Manufacturers auditing their ERP systems should ask questions like, "What requires an approval?" and "What is a dependent step in a process?"
- Determine audit risk.
Based on an internal audit, a manufacturer should have a good idea of where they would fail in an official external audit -- and the risks associated with that failure. "Think about food safety as an example," said Wang. "Can you isolate a recall to the hour or minute of production and for the machine in question?" In a situation like this -- accurate or inaccurate -- lot traceability could have a major business impact in the event of a problem.
- Mitigate risk.
One of the most important reasons for auditing an ERP system in the first place is to identify risk. But what is the point of identifying risk if a manufacturer doesn't take action? The last core element of a good audit is the action that results from it. Manufacturers should adjust business processes, fix workflow issues, apply appropriate security and access settings, and correct any points of data error. Where to start? Begin with the areas that present the biggest risk to the manufacturer.
What other resources would you like to see on auditing manufacturing ERP systems? Email us at firstname.lastname@example.org.
About the author: Chris Maxcer is a freelance writer.