 |
|
Best Practices for Oracle eBusiness Suite & Oracle Applications
Oracle Apps Tips by Burleson Consulting
October 24, 2007
|
Best Practices for Oracle eBusiness Suite
Implementation
Large corporations have two choices when
automating their business functions, writing a custom solution or purchasing a
pre-written software package. These off-the-shelf solutions are called
Enterprise Resource Planning (ERP) packages and include vendors such as SAP,
Peoplesoft and Oracle eBusiness Suite.
This document describes the best practices
required to successfully implement an ERP package for a publicly-held company,
and includes all areas of due diligence that are required by responsible
corporations when implementing Oracle business solutions:
Oracle Corporation reported that more than 75% of
unplanned system downtime was due to human error, and managers know that
minimizing the risk of human error is critical to the success of all ERP
solutions. Dangerous
dilettantes can destroy databases, and corporations go to great lengths to
ensure that they use Oracle-certified professionals for all technical tasks.
Management due diligence for any Oracle eBusiness
Suite implementation lies in the proper allocation of corporate resources and
outside experts. It can be considered misfeasance not to carefully vet all
outside consultants, and may corporations avoid risk by going directly to Oracle
Corporation for consulting services.
However, in the wake of
media reports of problems with Oracle Corporate consulting, some managers
choose third-party consultancies with a proven history of success in the
implementation of Oracle eBusiness Suite. I've noted that one of the main
causes of bumpy Oracle Applications implementations are the use of inexperienced
consultants.
Because ERP solutions effect every area of a
business functional management, careful planning and management are an absolute
necessity for a smooth transition from legacy solutions require significant
investment of resources from all areas of the company. Let's begin with an
overview of my qualifications.
My
Qualifications
My name is
Donald K. Burleson and I
have a Masters Degree in Business Administration with a concentration in
Information Systems from the University of New Mexico. I been a full-time
database administrator since 1983, serving as a database architect, database
administrator and management consultant for many Fortune 50 corporations.
I am a Oracle Certified Professional (OCP) and a Certified Systems Professional
(CSP), with a Certificate in Data Processing (CDP) issued by the Institute for
Certification of Computer Professionals (ICCP).
I am the author of more than 30 books on database
technology and I was chosen by Oracle Press to write five of their "officially
authorized" books on Oracle technology, including the Oracle 10g Application
Server Administration Handbook.
I have also served as adjunct professor of
Information Systems, teaching more than 50 courses in database and project
management in MBA programs for several major universities. I have also
published more than 100 articles for academic journals and mainstream technology
magazines including Computerworld, Software magazine the the Journal of
Information & Management.
During my 25 years in database management I have
gained extensive experience in the management of mission-critical ERP solutions.
The scope of Oracle eBusiness
Suite
The goal of ERP solutions is to provide an
off-the-shelf solution to manage all aspects of a business, everything from
manufacturing and inventory to complex financial reporting. As such, these
ERP packages are extremely sophisticated, consisting of millions of lines of
computer code and tens of thousands of online screens and reports. When an
organization makes a commitment to move their business processes into an ERP
package they make a conscious decision to change the way that they do business
to accommodate the software.
Accommodating the software package
Customizing an ERP solution is very tricky, and
corporations who choose to make extensive modifications to ERP solutions may
find themselves facing costs of over five million dollars when an upgrade is
required. Unless a unique business process is a competitive advantage, it
is a best practice to re-train all functional workers in the business flow of
the software, abandoning their old ways. Obviously, this requires a
commitment of significant time and effort.
The standard best practices for publicly-held
companies are greater, and management has a responsibility to ensure that the
solution is implemented without significant interruption to ongoing activities.
While the costs of Oracle eBusiness Suite can be
more than a million dollars, the original expense is only a miniscule part of
the costs. It is not uncommon for a large corporation to spend tens of
millions of dollars to install, configure and implement Oracle eBusiness suite.
As a general guideline, large corporations will commit at least 15% of their
gross revenue to their computer department, and it's easy to spot a potential
problem by examining the expenses of the company.
ERP solutions have a direct effect on the finances
of the corporation, and the greater the financial risk, the greater the
investment in auditing and safety controls. At an absolute minimum, these
investments will include:
-
Functional Impact Analysis - A complete
analysis of the business impact of the ERP solution, focusing on the
challenges to each functional area of the organization.
-
Scope of Work document - The SOW is
performed before the acquisition of Oracle eBusiness suite to ensure that
the corporation understands the costs and commitments that are required for
successful implementation.
-
Project plan - Implementing an ERP
solution consists of tens of thousands of individual tasks and presents a
formidable challenge to management, both in the computer department as well
as the functional areas. It's an absolute necessity to prepare a
project plan that spells-out all major milestones of the ERP rollout and
maps out all critical path tasks. Many shops will hire an experienced
project manager for this, a professional with demonstrable expertise in
project management techniques including PERT and CPM.
-
Data integrity - The polestar of any
Oracle eBusiness Suite implementation is managing the integrity and safety
of the data. While Federal regulations (GLB, SOX, HIPAA) may impose
strict data control requirements, all Oracle eBusiness Suite implementations
will include these activities:
-
Audits - The integrity of the
mission-critical corporate data is foremost, and corporations will have
auditing in-place to data security and internal integrity. All
changes to the database are archived, and sensitive data will have a
full audit trail indicating the "who, what, when, where and why" for all
updates. Additionally, financial data will be audited for
integrity and fully tested prior to implementation.
-
Disaster recovery - The costs of
unplanned downtimes can reach over $100,000 per minute for a large
corporation. Publicly held corporations are required to safeguard
their data and implement full backup and recovery procedures.
These will always include the retention of Oracles archived redo logs,
an electronic trail of all data changes. In addition to the
archived redo information, some corporations will also safeguard their
data through geographical replication using one of the Oracle provided
solutions (Real Application Clusters, Oracle Data Guard and Oracle
Streams), and implement a solution that ensures system availability at
all times.
-
Governmental regulatory compliance
- Sarbanes-Oxley imposes requirements for information systems and
controls, including proper security of sensitive information,
documentation of internal processes, and appropriate policies and
procedures for system operations.
Next, lets examine the steps in developing a sound
project plan for an Oracle Applications implementation. When faced with
implementing such massive software packages, a
corporation must implement extensive policies and procedures for version
control, change control and quality assurance, often employing third party
products.
But the most important areas of best practices for
Oracle Applications relates to the technical infrastructure, an area where
Oracle Corporation provides detailed guidelines for success.
Technical best practices
Thousands of corporations successfully implement
Oracle Applications each year, and the guidelines for success are well-known
among Oracle consultants. These best practices include:
-
Intimate involvement - It is an
absolute best practice that all technical and functional management be
intimately involved in the implementation project. Many companies try
to distance themselves from the implementation by hiring third parties to do
their data conversion, while others attempt to save money by using offshore
companies. Offshoring is a big mistake for many reasons, foremost the
potential loss of data from no copyright protection and the risk of
sub-standard programmers.
Computerworld magazine noted that in 2006, less than 5% of IT shops
attempted offshoring.
-
Proper pre-implementation end-user training
- Oracle Applications are an extremely robust and flexible business solution
and they change the way that the organization does business, often in a very
fundamental way. Implementing Oracle Applications requires a huge
effort from the functional community and all end-users must be properly
trained and tested before implementing the new solution.
-
Proper integration testing - Oracle
Applications implementations rarely exist in a vacuum and the new software
may have to interface with many external systems. For example, it's
very common for an Oracle Manufacturing and Inventory module to have a
custom interface with an Electronic Data Interchange (EDI) feed from the
retail stores.
-
Proper technician training - Even
through an organization may have competent Oracle database administrators on
staff, the implementation of Oracle Applications introduces specific
challenges to the Information Systems manager. There are new job roles
to be filled (The Oracle Applications Administrator), and extensive training
for existing programming and developer staff in the nuances of the Oracle
Applications software.
-
Proper testing environments - Even
though Oracle Applications are a prepackaged solution, every corporation is
unique and extensive customizations are part-and-parcel of any rollout
effort. Oracle Corporation strongly recommends that all customization
follow a rigid quality control process to guarantee a smooth transition.
These environments include separate Oracle databases for customization
testing and databases for system testing and quality assurance.
-
Proper data security controls - Oracle
Corporation is very clear about the requirements for data security control
and the need for monitoring. Oracle Metalink web site contains
standards such as the standards described in note
189367.1, Best Practices for Securing Oracle E-Business Suite. It
states:
"System security stands on three legs: good
security protocols, proper system configuration and system monitoring.
Auditing and reviewing audit records address this third requirement. Each
component within a system has some degree of monitoring capability. Follow
audit advice in this document and regularly monitor audit records.
As the author of the packages, Oracle Corporation
is the best source for implementation best practices.
Auditing an Oracle
Applications implementation
When things go wrong with an Oracle Applications
implementation it's not difficult to determine the root causes. Auditing
an ERP implementation covers several areas:
-
Data Integrity and security auditing -
Auditing for data integrity includes checks of disaster recovery procedures,
proper pre-implementation testing procedures and proper archiving of all
system changes. I have written a
whitepaper
describing the auditing requirements of 21st century information systems.
-
Implementation audits - A audit of a
substandard Oracle Applications implementation includes a review of failures
at the business layer, seeking evidence of lost data and complaints from
downstream users. For example, customer complains are a valid
indicator of a shoddy Oracle implementation. Oracle standards also
encourage a complete version control and change control subsystem to ensure
smooth rollouts.
-
Management auditing - It's easy to
review the project plan and identify misfeasance. This might include
willful under funding of the project, a failure to engage consultants with a
proven record of success, and insufficient stockholder disclosure of
problems with their Oracle rollout.
-
Financial Analysis - A lack of proper
investment in the ERP project can be easily identified by a review of the
financial records.
Best Practices for Oracle Apps financial data
by John Hays, CPA
The Oracle E-Business Suite
is one of the most complete, integrated business intelligence systems. It
provides an end-to-end view across all lines of business and drive performance
with consistent financial and operational information. This suite of
applications provides every employee with relevant, complete information
tailored to their role. E-Business Suite is a highly adaptable global business
platform, that operates globally while complying locally.
This great depth and breadth
of capability also results in a system that is very large and complex. Each of
the over 70 module within the E-Business Suite can have hundreds of different
settings and thousands of different ways to configure. No part of the design,
implementation, or use of the system should be taken lightly.
Implementing Oracle
E-Business Suite is a complex process that must be well designed and organized.
Generally, the process involves the following steps.
- Definition –
establish the business objectives and related requirements. Define the
project work plan.
- Operations Analysis
– analyze the operations and determine fit between organizational
requirements and standard application functionality.
- Design – develop
detailed designs for the optimal solutions to meet the future business
requirements.
- Build – create
the physical software system configuration and testing.
- Transition –
deploy the finished solution into the organization.
- Production – go
live using the new system
The implementation process
should also involve documenting each step and noting any issues that could
negatively influence system performance.
In addition to the new system
implantation process, the training needs of the users must be accessed and
addressed before the process can be truly successful. Dana Sohr of RWD
TechnologiesTM sited the following example in the article
Introduction: Why Worry about Training?
A 1998 Benchmarking
Partners survey asked major companies to name the biggest obstacles they
faced in getting optimal results from their ERP systems. Of the six
obstacles mentioned by over 25% of the companies, four were directly related
to end-user performance and training. They were: managing internal change
(65%), inadequate employee skills (36%), training end users (36%), and
ongoing user support
(26%). Only
prioritizing resources (29%) and software functionality (28%) did not relate
directly to training and supporting employees before, during, and after
implementation.
Just what does it cost
to avoid the kinds of problems cited above? A recent study by the Gartner
Group showed that companies that met their goals for ERP projects spent at
least 17% of their budgets on training. Gartner reported that companies that
budget less than 13% of their implementation costs for training are three
times more likely than companies that spend 17% or more to see their ERP
projects run over schedule and over budget. On a $5,000,000 ERP
implementation, the difference between a 13%
training budget and a
17% training budget is $200,000. Should that same project run just 15% over
budget, the additional cost would be $750,000. Obviously, the cost savings
that can be recognized by proper
planning and execution of end-user training and performance support can be
significant.
It is important that industry
and module best practices are considered and appropriately utilized both during
and after the implementation process. Utilizing best practices leverages the
experience of others in implementing and using similar processes or systems.
Not utilizing appropriate best practices needless exposes organizations and
systems to problems.
Safe guarding an
organizations data is also a critically important consideration, and should be
evidenced by an enterprise wide backup retention policy. The backup retention
policy governs how long data backups are kept, or how many versions of backups
to keep at any time. This policy should be set in accordance with company
mandated and/or government regulated record retention periods.
The management letter to the
external auditor usually makes certain statements regarding the reliability
internal controls and statements of the Company. The problems and issues found
in the system do not appear reflected in the related statements and opinions.
What statements were made to the external auditor and when were they made?
Management typically makes
specific certifications about the internal controls and financial reports of the
organization. When they are satisfied with they adequate and correct, they
certify that:
The internal controls over
the financial reporting process were designed by, or under your supervision, and
provide reasonable assurance regarding the reliability of financial reporting
and the preparation of financial statements for external purposes in accordance
with generally accepted accounting principles and includes policies and
procedures that:
·
Provide that records are
maintained in reasonable detail and they accurately and fairly reflect the
transactions and dispositions of the company assets.
·
Provide reasonable
assurance that transactions are recorded as necessary to permit preparation
of financial statements in accordance with generally accepted accounting
principles, and that receipts and expenditures of the issuer are being made
only in accordance with authorizations of management and directors of the
issuer
·
Provide reasonable
assurance regarding prevention or timely detection of unauthorized
acquisition, use or disposition of the issuer's assets that could have a
material effect on the financial statements.
FAS 48 specifies how an
enterprise should account for sales of its product when the buyer has a right to
return the product. The revenue from these sales should be recognized at the
time of sale only if all of the conditions specified by the Statement are met.
If the conditions are not met, the revenue recognition is postponed. If they are
met, sales revenue and cost of sales reported in the income statement should be
reduced to reflect estimated returns and expected costs or losses shall be
accrued.
