As we push through into 2009, businesses will be forced to run lean and mean. During uncertain economic times like these, competitive advantage stems from the ability to anticipate and respond to change quickly and intelligently. This level of response requires organizations to have implemented metrics that allow for decision makers to have access to accurate and dependable data from their enterprise-wide operations.

However, some companies may be in a precarious situation if their business processes have become more complex over time and are misaligned with their enterprise resource planning (ERP) solution. Companies may find themselves in a situation that warrants the question, “Is it time to optimize our current ERP to align with our current processes?”

Alternatively, some companies may find their ERP system is the cause of some misalignment in operations or is not utilizing its full capabilities. In this case, remediation is necessary to get things back on track.

Ask anyone who has been through an extensive ERP implementation, and they will hands-down agree that it’s an exhausting, financially intensive and disrupting exercise to avoid repeating at all costs. This level of disruption and financial commitment leaves companies an easy choice to make when it comes to optimizing or remediating their current ERP system over implementing a new system.

Remediation: Determining Root Causes of Current Failures
For remediation to be successful, businesses need to look deeper into operations than just information technology. IT is still sometimes viewed as a stand-alone activity used to support business processes. In fact, IT is a service used as any other tool, process or program to enable business.

Businesses should not proceed with a go-forward plan to remediate their ERP until the reasons and root causes for the current failures and breakdowns are fully understood. Determining root cause will be crucial for the remediation plan. The root effects depicted by asset vulnerabilities will have a many-to-one relationship to root cause. If the effects have a one-to-one relationship to the alleged root cause, this indicates that you have not determined the true root cause.

Generally, finding a one-to-one relationship exists when silo-structured organizations only look at the vulnerabilities in their silo. This can also occur when IT attempts to remediate without the input or assistance of the other business units. All businesses today, in both the public and private sectors, are interdependent with the other areas of that business.

Common Pitfalls to Avoid

Businesses engaged in ERP remediation must be cognizant to avoid failures. Necessary steps to dodge possible pitfalls include:

• Behavioral change. The management team must hold everyone, including themselves, accountable and compliant to the necessary behavioral changes that stem from the assessments. For example, if the remediation effort determines that executives must change passwords every quarter, then the executive team must abide by this and change passwords every quarter.
• Assignment of a truly cross-functional, expert team from both the technology and business areas. All team members must be fully committed to the activity without pressures from other areas, as this resolution is highly complex. The team will have a different set of ERP subject matter experts (SME) members, and a few members will be required to participate from the beginning of the remediation to the end.

o It’s also a good idea to comprise the functional and technical team of experts from outside the company with experience remediating ERP systems. This allows for a true, unbiased assessment and reporting of the actual scope of vulnerabilities to senior management.
o Failure to assign a dedicated team to accurately address the amount of time necessary to develop, gain approval, train and roll out policy, standards, practices and procedures will ultimately lead to a great waste of time, energy and money.

Once a company has assessed both the business drivers and the technical drivers for a remediation, it can calculate the ROI surrounding a variety of benefits from the remediation. These benefits can include:

• Reduction in server outages
• Reduction in bandwidth use
• Reduction in database management table repairs
• Higher staff productivity working on production-type activities
• Ability to handle additional applications without increasing bandwidth or server capacity
• Compliancy -SOX, HIPAA and COSOare just a few of the standard-based compliancy drivers that businesses must address moving forward.

Finally, remember you cannot do it alone. A successful remediation requires the full support of all stakeholders and constituencies working together for a shared goal. The time needed to conduct a remediation project of the size and scope indicated by the initial assessment is usually estimated at 30 to 48 months. Compare this to the 18+ months it takes to implement a new ERP system.

The time, money and effort spent will result in more integrated business processes and cleaner data for more informed decision making. Ultimately, optimized business technology allows companies to win market share while competitors struggle to keep heads above water.