SlideShare a Scribd company logo

ERP in the Cloud_ck_v2

C
Chris Kenny

The document discusses Enterprise Resource Planning (ERP) systems in the cloud. It provides an overview of cloud ERP, including the risks and controls organizations should consider. It also presents a case study of a large retail company that implemented Oracle Cloud ERP. The internal audit team assessed the project and found issues like personal information being accessible outside required regions and key financial controls not being correctly implemented. The document emphasizes that while cloud ERP provides opportunities, organizations cannot outsource risk and internal audit should be involved at all stages of a cloud ERP implementation.

1 of 28
Downloaded 27 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
ERP in the Cloud Chris Kenny Manager, Technology Risk Services 11 October 2016
© 2016 Grant Thornton UK LLP. All rights reserved | Public Overview • Introduction • ERP and the cloud • Risks and Controls • Cloud ERP in practice – Case study • Final thoughts
© 2016 Grant Thornton UK LLP. All rights reserved | Public About Grant Thornton Grant Thornton UK LLP  UK member firm of Grant Thornton International Ltd  Turnover of £521 million  Led by over 180 partners, with 4,500 people  Operates from 26 offices
© 2016 Grant Thornton UK LLP. All rights reserved | Public About me • Eight years experience in internal audit • Manage the delivery of ERP, internal and external audit services across the Midlands region • CMIIA and CISA qualified
© 2016 Grant Thornton UK LLP. All rights reserved | Public What do we mean by ERP?
© 2016 Grant Thornton UK LLP. All rights reserved | Public Characteristics of an ERP system • single integrated database • modular • common user interface • follow good business practices • flexible and adaptable • workflow • automation
© 2016 Grant Thornton UK LLP. All rights reserved | Public Evolution of ERP • 1980's • mainframe • time sharing • finance orientated • green screen • 1990's • client-server • real-time • GUI • full business operations • 2010's • focus on UX • data analytics • the cloud • 2000's • web-enabled
© 2016 Grant Thornton UK LLP. All rights reserved | Public ERP in the cloud
© 2016 Grant Thornton UK LLP. All rights reserved | Public Cloud services Public Private Hybrid
© 2016 Grant Thornton UK LLP. All rights reserved | Public On-Premise Iaas Paas SaaS Application Database O/S Hardware ERP in the cloud example
© 2016 Grant Thornton UK LLP. All rights reserved | Public What does the marketplace look like?
© 2016 Grant Thornton UK LLP. All rights reserved | Public Business drivers Reduce costs Speed of deployment Scalability and adaptability Accessibility Modernity
© 2016 Grant Thornton UK LLP. All rights reserved | Public Risk & Controls
© 2016 Grant Thornton UK LLP. All rights reserved | Public Model of internal audit involvement Due diligence • Asses risk and control Project implementation • Asses risk and control Post implementation / BAU • Asses risk and control
© 2016 Grant Thornton UK LLP. All rights reserved | Public Customisation & integration Performance, cost and SLAs Information governance Information security Business & strategic fit Due Diligence
© 2016 Grant Thornton UK LLP. All rights reserved | Public Project implementation Risk management Internal controls Segregation of duties Gateway or milestone reviews
© 2016 Grant Thornton UK LLP. All rights reserved | Public Post-implementation / BAU Monitor security Change management Benefits realisation Contract management
© 2016 Grant Thornton UK LLP. All rights reserved | Public • obtain and review the SOC1/2 or equivalent • right to audit • change management • review the security model, including segregation of duties and starters / leavers • review change management procedures • involve other SME's: Legal, Data Protection, Project Management Key actions for internal audit
© 2016 Grant Thornton UK LLP. All rights reserved | Public Case study
© 2016 Grant Thornton UK LLP. All rights reserved | Public • Large subsidiary business unit of a FTSE100 retail business • Implementing Oracle Cloud ERP (HCM, Finance, CRM) • Newness of Fusion • Project management challenges Key issues and challenges
© 2016 Grant Thornton UK LLP. All rights reserved | Public • Required a wide-mix of skills within the audit team by reviewing areas including: ─ compliance with data protection legislation ─ disaster recovery ─ capacity and performance management ─ IT general controls and key financial controls ─ contractual arrangements between the client and Oracle. Our approach
© 2016 Grant Thornton UK LLP. All rights reserved | Public • Change of business case impacted project benefits and caused delays • PII accessible outside the EEA • Key financial controls not implemented correctly • Volume and completeness of UAT • RBAC and SoD issues • SOC 1 report out of date Audit Findings
© 2016 Grant Thornton UK LLP. All rights reserved | Public Conclusions
© 2016 Grant Thornton UK LLP. All rights reserved | Public The future • The inevitable cyber breach • death of on-premise – but not for a while! • the Internet of Things
© 2016 Grant Thornton UK LLP. All rights reserved | Public Conclusion • Cloud ERP presents a number of opportunities for organisations • Cannot outsource risk however! • Aim to be involved at all stages of the lifecycle
© 2016 Grant Thornton UK LLP. All rights reserved | Public Questions?
© 2016 Grant Thornton UK LLP. All rights reserved | Public Further Reading • ‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016 ─ https://cloudsecurityalliance.org/download/the-treacherous-twelve-cloud- computing-top-threats-in-2016/ • 'Service Organization Control (SOC) Reports' ─ http://www.aicpa.org/soc
‘Grant Thornton’ refers to the brand under which the Grant Thornton member firms provide assurance, tax and advisory services to their clients and/or refers to one or more member firms, as the context requires. Grant Thornton UK LLP is a member firm of Grant Thornton International Ltd (GTIL).GTIL and the member firms are not a worldwide partnership. GTIL and each member firm is a separate legal entity. Services are delivered by the member firms. GTIL does not provide services to clients. GTIL and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions. grantthornton.co.uk © 2016 Grant Thornton UK LLP. All rights reserved | Public

More Related Content

PPTX
Lufthansa Reference Architecture for the OpenGroup
Capgemini
 
PDF
ERP Cloud: Assessing Readiness and Building the Roadmap
Capgemini
 
PDF
Stopping the Lake from becoming a Swamp
Capgemini
 
PPTX
Louisiana Pacific's Seamless Migration of ERP
Capgemini
 
PDF
Business Case Calculator for DevOps Initiatives - Leading credit card service...
Capgemini
 
PPTX
Why Zenoss is Right for You
Zenoss
 
PDF
Ecosystems - Drive improvement from Holistic Insight
Cyrus Sorab
 
PDF
SAP Transformation: Cloud Advantage
Capgemini
 
Lufthansa Reference Architecture for the OpenGroup
Capgemini
 
ERP Cloud: Assessing Readiness and Building the Roadmap
Capgemini
 
Stopping the Lake from becoming a Swamp
Capgemini
 
Louisiana Pacific's Seamless Migration of ERP
Capgemini
 
Business Case Calculator for DevOps Initiatives - Leading credit card service...
Capgemini
 
Why Zenoss is Right for You
Zenoss
 
Ecosystems - Drive improvement from Holistic Insight
Cyrus Sorab
 
SAP Transformation: Cloud Advantage
Capgemini
 

What's hot (20)

PPTX
FCCS Oracle Close Up Q4-2017
Finext
 
PPTX
CapEx vs OpEx for IT & Cloud
Bhaskara Reddy Sannapureddy
 
PDF
From ITOM to DevOps v1
Malcolm Ryder
 
PDF
L’ Iperconvergenza di nuova generazione ridefinisce economics e operation del...
NetApp
 
PPTX
Altius, Inc_Overview
Altius
 
PDF
Implats Cloud Journey
Paul Cooper
 
PPTX
Datacomm Cloud Business Media Briefing
PT Datacomm Diangraha
 
PDF
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Capgemini
 
PPTX
Digital transformation and the role of cloud computing Capgemini Mark Skilt...
Mark Skilton
 
PDF
SOUG Day - autonomous what is next
Thomas Teske
 
PPTX
Rethinking People Costs in Enterprise IT
Rackspace
 
PDF
GF_Presentation
Biljana Everette
 
PPTX
Running GxP Compliant SAP Workloads on AWS
Capgemini
 
PDF
Breaking Down a SQL Monolith with Change Tracking, Kafka and KStreams/KSQL
confluent
 
PDF
Introducing elastic.io iPaaS: Best-of-Breed Integrations - New in 2017
elastic.io
 
PPTX
Episode 1: Transition to Iaas
BenoitFindeis
 
PPTX
Digital Transformational Trends in Insurance
Christopher King
 
PPTX
Nam Khong - SAP on Cloud for Your Intelligent Enterprise
PT Datacomm Diangraha
 
PDF
3 Keys to Success from MetLife’s HCM Cloud, Payroll & Analytics Go-Live with ...
IBM
 
PDF
IT-as-a-Service (ITaaS) - The New Business Model for IT
Scott Bils
 
FCCS Oracle Close Up Q4-2017
Finext
 
CapEx vs OpEx for IT & Cloud
Bhaskara Reddy Sannapureddy
 
From ITOM to DevOps v1
Malcolm Ryder
 
L’ Iperconvergenza di nuova generazione ridefinisce economics e operation del...
NetApp
 
Altius, Inc_Overview
Altius
 
Implats Cloud Journey
Paul Cooper
 
Datacomm Cloud Business Media Briefing
PT Datacomm Diangraha
 
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Capgemini
 
Digital transformation and the role of cloud computing Capgemini Mark Skilt...
Mark Skilton
 
SOUG Day - autonomous what is next
Thomas Teske
 
Rethinking People Costs in Enterprise IT
Rackspace
 
GF_Presentation
Biljana Everette
 
Running GxP Compliant SAP Workloads on AWS
Capgemini
 
Breaking Down a SQL Monolith with Change Tracking, Kafka and KStreams/KSQL
confluent
 
Introducing elastic.io iPaaS: Best-of-Breed Integrations - New in 2017
elastic.io
 
Episode 1: Transition to Iaas
BenoitFindeis
 
Digital Transformational Trends in Insurance
Christopher King
 
Nam Khong - SAP on Cloud for Your Intelligent Enterprise
PT Datacomm Diangraha
 
3 Keys to Success from MetLife’s HCM Cloud, Payroll & Analytics Go-Live with ...
IBM
 
IT-as-a-Service (ITaaS) - The New Business Model for IT
Scott Bils
 
Ad

Viewers also liked (13)

PDF
A Comparison of Cloud based ERP Systems
Nakul Patel
 
PDF
Cloud ERP vs. On-Premise ERP: Dissecting the Controversy
IES
 
PDF
Enterprise Resource Planning (ERP) in Cloud
Orchestrate Mortgage and Title Solutions, LLC
 
PPTX
Cloud vs on premise erp
Suyati Technologies
 
PPTX
Is ERP on Cloud the next step for your business? | Cloud ERP Benefits
VIENNA Advantage
 
PPTX
Aspire Global Enterprise Solutions - ERP on Cloud delievered
aspireglobaltech
 
PPTX
Top 6 Advantages Of Using Cloud erp software For Your Business
Expand ERP
 
PPTX
Comparision of ERP Vendors
Gaurav Rane
 
PDF
The Top 7 Considerations When Comparing Cloud vs. Premise-Based Contact Centers
TeleTech
 
PPTX
How a CPA Can Leverage Cloud ERP to Improve Client Relationships
TAG
 
PPTX
Cloud vs.data center
APEX Global
 
PPT
Cloud versus On Premise
Co-Operative Systems
 
PPT
Involving the user in your design with the Behavioural Lenses - MEDICA Trade ...
Sander Hermsen
 
A Comparison of Cloud based ERP Systems
Nakul Patel
 
Cloud ERP vs. On-Premise ERP: Dissecting the Controversy
IES
 
Enterprise Resource Planning (ERP) in Cloud
Orchestrate Mortgage and Title Solutions, LLC
 
Cloud vs on premise erp
Suyati Technologies
 
Is ERP on Cloud the next step for your business? | Cloud ERP Benefits
VIENNA Advantage
 
Aspire Global Enterprise Solutions - ERP on Cloud delievered
aspireglobaltech
 
Top 6 Advantages Of Using Cloud erp software For Your Business
Expand ERP
 
Comparision of ERP Vendors
Gaurav Rane
 
The Top 7 Considerations When Comparing Cloud vs. Premise-Based Contact Centers
TeleTech
 
How a CPA Can Leverage Cloud ERP to Improve Client Relationships
TAG
 
Cloud vs.data center
APEX Global
 
Cloud versus On Premise
Co-Operative Systems
 
Involving the user in your design with the Behavioural Lenses - MEDICA Trade ...
Sander Hermsen
 
Ad

Similar to ERP in the Cloud_ck_v2 (20)

PDF
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...
Danny Miller
 
PPT
Technology And Enterprise Forum, May 2011
harding77
 
PPTX
Iia 2012 Spring Conference Philly V Final
Danny Miller
 
PDF
Technology Risk Services
sarah kabirat
 
DOCX
Cloud Computing - Emerging Opportunities in the CA Profession
Bharath Rao
 
PDF
#OOW16 - Risk Management Cloud / GRC General Session
Dane Roberts
 
PDF
Cybersecurity It Audit Services Gt April2012
Danny Miller
 
PPTX
HEUG presentation 23rd Oct 2019 - Dawn McKenzie (Inoapps).pptx
Jodee Barton
 
PPT
Presentation to Irish ISSA Conference 12-May-11
Michael Ofarrell
 
PPTX
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
Google
 
PDF
Cloud Organizational impact, Emerging trends
Stratogic HyperConvergence
 
PDF
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Tudor Damian
 
PDF
The benefits of cloud technology for remote working
Abaram Network Solutions
 
PDF
The benefits of cloud technology for remote working
Abaram Network Solutions
 
PPTX
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days
 
PPT
Cloud Computing and Records Management
gbroadbent67
 
PDF
Cloud Computing for CPAs: What Your Client Will Ask You
Wipfli LLP/Brittenford Systems Inc.
 
PPTX
Concerned About Vendor Management 10 30 12
wstippich
 
PDF
Top 10 Reasons to Choose Oracle ERP Cloud Financials
Liz Kensicki
 
PDF
Best Practices for ERP Cloud Migrations: A CFO Guidebook
Kim Pike
 
Nfp Seminar Series Danny November 18 Emerging Technology Challenges And...
Danny Miller
 
Technology And Enterprise Forum, May 2011
harding77
 
Iia 2012 Spring Conference Philly V Final
Danny Miller
 
Technology Risk Services
sarah kabirat
 
Cloud Computing - Emerging Opportunities in the CA Profession
Bharath Rao
 
#OOW16 - Risk Management Cloud / GRC General Session
Dane Roberts
 
Cybersecurity It Audit Services Gt April2012
Danny Miller
 
HEUG presentation 23rd Oct 2019 - Dawn McKenzie (Inoapps).pptx
Jodee Barton
 
Presentation to Irish ISSA Conference 12-May-11
Michael Ofarrell
 
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
Google
 
Cloud Organizational impact, Emerging trends
Stratogic HyperConvergence
 
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
Tudor Damian
 
The benefits of cloud technology for remote working
Abaram Network Solutions
 
The benefits of cloud technology for remote working
Abaram Network Solutions
 
Positive Hack Days. Christopher Gould. Head in the Clouds…Can we overcome sec...
Positive Hack Days
 
Cloud Computing and Records Management
gbroadbent67
 
Cloud Computing for CPAs: What Your Client Will Ask You
Wipfli LLP/Brittenford Systems Inc.
 
Concerned About Vendor Management 10 30 12
wstippich
 
Top 10 Reasons to Choose Oracle ERP Cloud Financials
Liz Kensicki
 
Best Practices for ERP Cloud Migrations: A CFO Guidebook
Kim Pike
 

ERP in the Cloud_ck_v2

  • 1. ERP in the Cloud Chris Kenny Manager, Technology Risk Services 11 October 2016
  • 2. © 2016 Grant Thornton UK LLP. All rights reserved | Public Overview • Introduction • ERP and the cloud • Risks and Controls • Cloud ERP in practice – Case study • Final thoughts
  • 3. © 2016 Grant Thornton UK LLP. All rights reserved | Public About Grant Thornton Grant Thornton UK LLP  UK member firm of Grant Thornton International Ltd  Turnover of £521 million  Led by over 180 partners, with 4,500 people  Operates from 26 offices
  • 4. © 2016 Grant Thornton UK LLP. All rights reserved | Public About me • Eight years experience in internal audit • Manage the delivery of ERP, internal and external audit services across the Midlands region • CMIIA and CISA qualified
  • 5. © 2016 Grant Thornton UK LLP. All rights reserved | Public What do we mean by ERP?
  • 6. © 2016 Grant Thornton UK LLP. All rights reserved | Public Characteristics of an ERP system • single integrated database • modular • common user interface • follow good business practices • flexible and adaptable • workflow • automation
  • 7. © 2016 Grant Thornton UK LLP. All rights reserved | Public Evolution of ERP • 1980's • mainframe • time sharing • finance orientated • green screen • 1990's • client-server • real-time • GUI • full business operations • 2010's • focus on UX • data analytics • the cloud • 2000's • web-enabled
  • 8. © 2016 Grant Thornton UK LLP. All rights reserved | Public ERP in the cloud
  • 9. © 2016 Grant Thornton UK LLP. All rights reserved | Public Cloud services Public Private Hybrid
  • 10. © 2016 Grant Thornton UK LLP. All rights reserved | Public On-Premise Iaas Paas SaaS Application Database O/S Hardware ERP in the cloud example
  • 11. © 2016 Grant Thornton UK LLP. All rights reserved | Public What does the marketplace look like?
  • 12. © 2016 Grant Thornton UK LLP. All rights reserved | Public Business drivers Reduce costs Speed of deployment Scalability and adaptability Accessibility Modernity
  • 13. © 2016 Grant Thornton UK LLP. All rights reserved | Public Risk & Controls
  • 14. © 2016 Grant Thornton UK LLP. All rights reserved | Public Model of internal audit involvement Due diligence • Asses risk and control Project implementation • Asses risk and control Post implementation / BAU • Asses risk and control
  • 15. © 2016 Grant Thornton UK LLP. All rights reserved | Public Customisation & integration Performance, cost and SLAs Information governance Information security Business & strategic fit Due Diligence
  • 16. © 2016 Grant Thornton UK LLP. All rights reserved | Public Project implementation Risk management Internal controls Segregation of duties Gateway or milestone reviews
  • 17. © 2016 Grant Thornton UK LLP. All rights reserved | Public Post-implementation / BAU Monitor security Change management Benefits realisation Contract management
  • 18. © 2016 Grant Thornton UK LLP. All rights reserved | Public • obtain and review the SOC1/2 or equivalent • right to audit • change management • review the security model, including segregation of duties and starters / leavers • review change management procedures • involve other SME's: Legal, Data Protection, Project Management Key actions for internal audit
  • 19. © 2016 Grant Thornton UK LLP. All rights reserved | Public Case study
  • 20. © 2016 Grant Thornton UK LLP. All rights reserved | Public • Large subsidiary business unit of a FTSE100 retail business • Implementing Oracle Cloud ERP (HCM, Finance, CRM) • Newness of Fusion • Project management challenges Key issues and challenges
  • 21. © 2016 Grant Thornton UK LLP. All rights reserved | Public • Required a wide-mix of skills within the audit team by reviewing areas including: ─ compliance with data protection legislation ─ disaster recovery ─ capacity and performance management ─ IT general controls and key financial controls ─ contractual arrangements between the client and Oracle. Our approach
  • 22. © 2016 Grant Thornton UK LLP. All rights reserved | Public • Change of business case impacted project benefits and caused delays • PII accessible outside the EEA • Key financial controls not implemented correctly • Volume and completeness of UAT • RBAC and SoD issues • SOC 1 report out of date Audit Findings
  • 23. © 2016 Grant Thornton UK LLP. All rights reserved | Public Conclusions
  • 24. © 2016 Grant Thornton UK LLP. All rights reserved | Public The future • The inevitable cyber breach • death of on-premise – but not for a while! • the Internet of Things
  • 25. © 2016 Grant Thornton UK LLP. All rights reserved | Public Conclusion • Cloud ERP presents a number of opportunities for organisations • Cannot outsource risk however! • Aim to be involved at all stages of the lifecycle
  • 26. © 2016 Grant Thornton UK LLP. All rights reserved | Public Questions?
  • 27. © 2016 Grant Thornton UK LLP. All rights reserved | Public Further Reading • ‘The Treacherous Twelve’ Cloud Computing Top Threats in 2016 ─ https://cloudsecurityalliance.org/download/the-treacherous-twelve-cloud- computing-top-threats-in-2016/ • 'Service Organization Control (SOC) Reports' ─ http://www.aicpa.org/soc
  • 28. ‘Grant Thornton’ refers to the brand under which the Grant Thornton member firms provide assurance, tax and advisory services to their clients and/or refers to one or more member firms, as the context requires. Grant Thornton UK LLP is a member firm of Grant Thornton International Ltd (GTIL).GTIL and the member firms are not a worldwide partnership. GTIL and each member firm is a separate legal entity. Services are delivered by the member firms. GTIL does not provide services to clients. GTIL and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions. grantthornton.co.uk © 2016 Grant Thornton UK LLP. All rights reserved | Public