GB310

· List the core challenges associated with improving a group of processes

People are distracted from their most important process Processes change constantly People must know objectives of other processes

· Use the CBI case to describe the shortcomings of its fulfillment processes prior to ERP

Sales: No opportunity for real-time price discounting. Inaccurate data on products available for sale Warehouse: No communication to Sales on significant changes to future inventory Accounting: Wasted time spent on invoice and other errors. New customer delays.

What is Ransomware

a type of malicious software that gains access to files or systems and blocks user access to those files or systems. Then, all files, or even entire devices, are held hostage using encryption until the victim pays a ransom in exchange for a decryption key. The key allows the user to access the files or systems encrypted by the program.

· List the two characteristics of ERP systems

1. Consolidation of data for real-time sharing of data 2. Integrated processes

· Describe the core decision making steps in CBI's SAP implementation process

1. Reexamining strategy (Assessing industry structure, Picking Competitive Strategy) 2. Conducting Gap Analysis 3. Develop Processes (Objectives and KPIs, Picking an Inherent Process) 4. Configure the ERP Software 5. Installation (Write procedures, Train users, Test system, Go Live)

· List the top 3 ERP vendors in terms of market share

1. SAP 2. Oracle 3. Microsoft Dynamics

What is a brute force attack

A Brute Force Attack is the simplest method to gain access to a site or server (or anything that is password protected). It tries various combinations of usernames and passwords again and again until it gets in. This repetitive action is like an army attacking a fort.

· Manually identify bottlenecks in a process and explain the impact of a bottleneck on the overall process (e.g. explain why adding resources to a process will not result in an improvement if the bottleneck is not resolved first)

A bottleneck occurs if the number of entities processed in an activity is lower than the number of entities entering the activity. If the bottleneck is not resolved and one increases the capacity of a non-bottleneck activity there will be an increased potential to handle an increased number of entities, but this potential will not be realized as the bottleneck will continue to restrict the movement of entities throughout the process.

What is a DoS attack

A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.

· Explain the function of a purchase order (PO). Explain the difference between a purchase order and a purchase requisition.

A purchase order (PO) is a written document requesting delivery of a specified quantity of a product or service in return for payment. It is a formal/legal document that obligates the requester to pay for the product or service after the product is delivered. A purchase requisition is an internal document (typically emanating from the warehouse) that seeks authorization for the creation of a purchase order. This authorization is typically provided by the purchasing department of an organization.

· Explain the significance of Adwords and Google Analytics to the fulfillment process

AdWords is Google's pay-per-click advertising with its AdWords software. With AdWords, companies pay a predetermined price for particular search words. When a customer uses Google to search for those terms, Google will display a link to the company's website. Google charges the company if the user clicks on that link. Companies also receive data related to web traffic data such as where the customer came from, where the customer visited on the website and the conversion rate (ratio of the number of customers who eventually purchased something from the site divided by the number who visited). The tools consequently help advance online marketing of products and developing data-driven insights into customer behavior that can help improve the fulfillment process.

· List and describe three types of non-merchant e-commerce. Provide an example of each.

Auctions - eBay Clearinghouses - Amazon Exchanges - Priceline

· Describe the new IS that will impact supply chain processes by 2028.

Augmented Reality, Robots, 3-D printing, Internet Everywhere (see section 8.8)

· Describe the new IS that will impact fulfillment processes by 2028.

Blockchain, Social CRM, Dash Buttons, Darknet, Smartphone payment

Explain the difference between capacity as it is used in the ProcessModel software and capacity as it is calculated in the plates to order exercise

Capacity in ProcessModel refers to the amount of resources that a particular activity can handle. Capacity in plates to order exercise refers to the number of entities that the entire process can handle within a specified duration.

· Explain the difference between configuration and customization of an ERP system

Configuring - using existing features in the system to personalize or suit the system to the organizations business processes. No changes are made to underlying code. Customizing - Involves writing new code to make the system work with organizational data. Goes beyond configuring with the aim of creating the "perfect" fit between the ERP system and the organization's business processes.

· List at least five personal safeguards that you can deploy to help protect yourself from IS security threats.

Create strong and multiple passwords. Send no valuable data via email or messaging. Use https to buy from trusted Web sites. Clear browser history, temp files, and cookies. Regularly update antivirus software. Use caution when using public machines or hot spots. Log out after high-value activities. Do not use U S B drives. Use your smartphone securely

What is XSS

Cross Site Scripting are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user

· List the main documents involved in the fulfillment process

Customer inquiry, quotation, purchase order, sales order, picking document, packing list, invoice, payemnt

· Explain the implications of a configuration vs customization decision for an organization in terms of functionality, control, cost, upgrades and support.

Customization: increased functionality, more control, but higher costs, increased complexity of upgrades and limited support from ERP vendor Configuration: less functionality and control, but lower costs, seamless upgrades and more robust support available from ERP vendor.

· List and explain the three ways that e-commerce improves market efficiency

Data Flow, Disintermediation, Software

· List and explain five data safeguards that can help organizations protect against security threats

Define data policies. Specify data rights and responsibilities. Access only when authenticated. Encrypt data. Practice backup and recovery procedures. Ensure physical security.

What are the different kinds of Software loss

DoS, Overflow, Usurpation

Explain how the functional approach to IT implementation improved the efficiency of business activities and show how the introduction of ERP systems enhanced theses efficiencies

Functional approach: Improved efficiency within silo (faster than paper based processes) ERP systems: Increased efficiency by facilitating communication across silo. Ability to see data flow across the entire organization.

· List and explain five technical safeguards that organizations can use to protect themselves from external threats

Identification and authentication Encryption Firewalls Malware protection Hardening, V P N, secure design

· List five Personal Security Safeguard practices that apply to smartphones.

Identification and authentication Encryption Firewalls Malware protection Hardening, V P N, secure design

What is an Overflow attack

In an overflow attack the hacker presents malicious code to a computer's operating system or application that deliberately overflows the capability of the software. The overflowing code contains damaging instructions that are later executed.

· Explain the significance of business process modelling to the development and evolution of ERP systems

In order to develop an IT system that would support business processes across a wide range of industries, SAP had to model several business process and determine commonalities. It would have been impossible SAP without an in-depth understanding of the business processes it was designed to support. The adoption of SAP and other similar ERP systems has in turn led to increased understanding of business processes (through sharing of data) that has produced more innovation and development in this area.

· Explain the two main factors that determine ERP use in organizations

Industry and Organizational size (you should be able to explain these)

· Describe the evolution of ERP systems

Initially started in back office (inventory planning, Material Requirement and Manufacturing), it then expanded to serve the entire enterprise (ERP) and now is extending beyond the enterprise (Extended ERP and ERPs on cloud).

· Use the CBI case to describe the shortcomings of its procurement processes prior to ERP

Issues prior to ERP: Warehouse mgr (Wally) didn't have data on sales price discounts Three-way match discrepancies took an inordinately long time to correct Purchasing agents were not centralized (inconsistent) Purchasing had weak internal controls (limited scrutiny of purchases)

· Explain why CBI opted to go with SAP instead of Salesforce in its implementation.

It selected SAP to better integrate with its suppliers and not simply focus on the customer side. SAP was better overall even though Salesforce was a superior CRM system.

· Explain the notion of lead time as it related to the procurement process

Lead time is the time required for a supplier to deliver an order. It's the time from the creation of the purchase order to goods receipt.

· Explain the difference between merchant and non-merchant companies

Merchant companies own the goods that they sell. Non-merchant companies arrange for the purchase and sale of goods without ever owning or taking title to those goods.

· List the three main activities of the procurement process

Order, Receive, Pay

· List the main documents involved in the procurement process

Purchase Requisition, Purchase Order, Good Receipt, Invoice, Payment

· Explain the difference between finished goods and raw materials

Raw materials are basic materials used in the manufacturing or production of goods. Finished goods are materials that have completed the manufacturing or production process and are ready for sale or delivery to customers.

· List the three main activities of the fulfillment/sales process

Sell, Ship, Payment

· List and explain the two main fulfillment strategies

Sell-from-stock Configure-to-order

What is Sniffing

Sniffing attack or a sniffer attack, in context of network security, corresponds to theft or interception of data by capturing the network traffic using a sniffer (an application aimed at capturing network packets).

What are the different kinds of Data Loss?

Social Engineering, Pretexting, Phising, Spoofing, Sniffing, Maleware, Ransomware, Brute Force, XSS, Hacking, SQL injection

· Explain the need for a separate sales order document even though it contains much of the same info as a purchase order

Standardization, Internal Tracking/Authorization.

· Provide definitions of supply chain and the procurement process

Supply chain: a network of people, organizations, resources, and processes that create and distribute a particular product from the delivery of raw materials at the supplier to final delivery to the consumer. Procurement: the process of obtaining goods and services such as raw materials, machine spare parts, and cafeteria services

Explain the value of ProcessModel vis-à-vis other process modelling or flowchart diagramming tools like Microsoft Visio

The main advantage of Process Model is its ability to provide a visual simulation of the process. Other tools tend to provide a static models of business processes.

· Describe the main problem that an ERP system is designed to solve (You should be able to describe this problem within the context of a particular industry e.g. healthcare)

The main problem that an ERP system is designed to resolve is that of information silos or IT systems that do not communicate seamlessly with each other. In healthcare this results in inefficiencies such as patients having to take written physician prescriptions to the pharmacy which would take time and often result in errors due to the ineligibility of physician handwriting. Similar inefficiencies occur in other industries

Capacity in ProcessModel refers to the amount of resources that a particular activity can handle. Capacity in plates to order exercise refers to the number of entities that the entire process can handle within a specified duration.

The routing percentages found in ProcessModel were based on each activity. The routing percentages in the plates exercise were based the total number of entity arrivals.

· Explain the concept of a three-way match

The three-way match is an accounting control that ensures that before payment is sent the organization has received the goods that it ordered. It involves checking to see that the purchase order, the goods receipt and the invoice are matching or that any discrepancies are resolved.

Describe the core functionalities of an ERP system

Today, for a product to be considered a true ERP product, it must include applications that integrate processes in the following business functions: Supply Chain Management (SCM), Manufacturing, Customer Relationship Management (CRM), Human Resources (HR), Accounting

What is APT

advanced Persistent threat - a sophisticated, long-running computer hack that is perpetrated by large, well -funded organizations such as governments. Cyberwarfare and espionage.

What is Malware

any program or file that is harmful to a computer user. Types of malware can include computer viruses, worms, Trojan horses, and spyware.

What is Hacking

breaking into computers, servers or networks to steal data such as customer lists, product inventory data, employee data, and other proprietary and confidential data. Individuals and hacking groups (anonymous and LuluSec)

What is pretexting

defined as the practice of presenting oneself as someone else in order to obtain private information. It is more than just creating a lie, in some cases it can be creating a whole new identity and then using that identity to manipulate the receipt of information.

Be able to describe at least one other prominent ERP failure that has occurred in the past decade in terms of the following

o Client name o Vendor Name o Costs o Explain what the organization was attempting to achieve (i.e. describe the motivation and goals for the project) o Using the list of ERP related challenges that was presented in class, explain why the implementation failed or succeeded

· Explain some of the main benefits of using an ERP system

o Data sharing occurs in real time o Aids implementation of leading practices for business process integration o Facilitates management oversight o The information silo problem is resolved o Better integration with supply chain partners o Opportunity to create economies of scale after mergers

· Describe the U.S. Air Force ERP failure that is described at the end of chapter 7 in terms of the following:

o Explain the objectives of the ERP implementation o Describe the costs associated with the project o Describe the decision making and people challenges associated with this case o Identify which activity in the implementation was accomplished well o Provide realistic recommendations that would help resolve the issues manifested in the case.

· List five attributes of a successful disaster and incidence response plan.

o Have plan in place o Centralized Reporting o Practice o Specific Responses § Speed § Preparation pays § Don't make problem worse o Determine cause

Explain how CBI's adoption of SAP helped improve its procurement processes

o Integrated inherent processes show warehouse price discounts o Faster resolution of 3 way match (real time data sharing that limits errors) o Accounting reports are now real time (reduces roll-up time) o Integrated purchasing activity of ERP system (more consistent) o Tighter control of purchasing activities (real time data sharing increases use of financial reports)

· Describe the typical shortcomings of management that contribute to ERP implementation failures

o Moves on prematurely o Oversells o Fails to anticipate cultural resistance o Poor project management skills

· Identify the process scope for the various CRM processes

o Operational (Promotion, Sales, Service); Managerial (Promotional discounting, Service Trends); Strategic (New Product Launch, Promotion Evaluation)

· Indicate the limitations of the ProcessModel software

o Simplified representation of reality (doesn't capture important socio-political processes) o Ideal for standardized business processes (not suited for unstructured processes that have lots of variability) o It has not been widely adopted in industry (not many students will end up using this in their future careers)

· Explain the unique challenges of an ERP upgrade relative to the implementation of new ERP system.

o Surprise and resistance o Justification o Version lock from customization (Version lock refers to difficulty associated with an upgrade if an organization had tinkered with the underlying code when customizing the software to meet the organization's unique requirements. When the vendor comes with a new upgrade it typically doesn't factor the adjustments that were made during customization... making it difficult to upgrade) o No long-term upgrade strategy (hard to do because tech changes so rapidly and sometimes unpredictably)

· Explain the bullwhip effect

o The bullwhip effect occurs when companies order more supplies than are needed due to a sudden change in demand. It refers to how this misinformation travels across the supply chain. With real-time sharing of sales information this distortion of the supply chain can be minimized.

· Explain the difficulties that ERP implementation present to individuals (non-management)

o Users feel pain and get no gain o Difficult to use software

· List and explain five decision making challenges associated with ERP implementations

o Vendor Selection o Gap Analysis o Configuration o Data Issues o Cutover method

What is SQL injection

occurs when an attacker enters a SQL statement into a form on a Web page in which a client is supposed to enter a name or other data. An improperly designed page will accept this code and make it part of a database command that it issues to its database.

What is Spoofing

the act of disguising a communication from an unknown source as being from a known, trusted source.

What is Phishing

the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

What is social engineering

the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

What is a usurpation attack

unauthorized control of some part of the software... replacing legitimate user or software to gain control of some part of the IS.